From 38e4cc4b54fec6d983cc2c33f32368299452dc12 Mon Sep 17 00:00:00 2001 From: ruowan Date: Fri, 28 Jan 2022 03:39:47 +0000 Subject: [PATCH 01/16] update default tag --- package-lock.json | 47 +++++++++++++++++-------------- package.json | 2 ++ src/index.ts | 34 +++++++++++++--------- src/test/avocado-function-test.ts | 23 +++++++++++++++ 4 files changed, 71 insertions(+), 35 deletions(-) diff --git a/package-lock.json b/package-lock.json index cbde8917..a5e99b4c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -765,6 +765,16 @@ "resolved": "https://registry.npmjs.org/@types/commonmark/-/commonmark-0.27.5.tgz", "integrity": "sha512-vIqgmHyLsc8Or3EWLz6QkhI8/v61FNeH0yxRupA7VqSbA2eFMoHHJAhZSHudplAV89wqg1CKSmShE016ziRXuw==" }, + "@types/glob": { + "version": "7.2.0", + "resolved": "https://devdiv.pkgs.visualstudio.com/_packaging/openapi-platform/npm/registry/@types/glob/-/glob-7.2.0.tgz", + "integrity": "sha1-vBtb86qS8lvV3TnzXFc2G9zlsus=", + "dev": true, + "requires": { + "@types/minimatch": "*", + "@types/node": "*" + } + }, "@types/istanbul-lib-coverage": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.3.tgz", @@ -805,6 +815,12 @@ "integrity": "sha512-fYMgzN+9e28R81weVN49inn/u798ruU91En1ZnGvSZzCRc5jXx9B2EDhlRaWmcO1RIxFHL8AajRXzxDuJu93+A==", "dev": true }, + "@types/minimatch": { + "version": "3.0.5", + "resolved": "https://devdiv.pkgs.visualstudio.com/_packaging/openapi-platform/npm/registry/@types/minimatch/-/minimatch-3.0.5.tgz", + "integrity": "sha1-EAHMXmo3BLg8I2An538vWOoBD0A=", + "dev": true + }, "@types/node": { "version": "10.17.26", "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.26.tgz", @@ -1110,8 +1126,7 @@ "balanced-match": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz", - "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=", - "dev": true + "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=" }, "base": { "version": "0.11.2", @@ -1191,7 +1206,6 @@ "version": "1.1.11", "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", - "dev": true, "requires": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" @@ -1452,8 +1466,7 @@ "concat-map": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", - "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=", - "dev": true + "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=" }, "convert-source-map": { "version": "1.7.0", @@ -2105,8 +2118,7 @@ "fs.realpath": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", - "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=", - "dev": true + "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=" }, "fsevents": { "version": "1.2.13", @@ -2161,10 +2173,9 @@ } }, "glob": { - "version": "7.1.6", - "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz", - "integrity": "sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==", - "dev": true, + "version": "7.2.0", + "resolved": "https://devdiv.pkgs.visualstudio.com/_packaging/openapi-platform/npm/registry/glob/-/glob-7.2.0.tgz", + "integrity": "sha1-0VU1r3cy4C6Uj0xBYovZECk/YCM=", "requires": { "fs.realpath": "^1.0.0", "inflight": "^1.0.4", @@ -2321,7 +2332,6 @@ "version": "1.0.6", "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=", - "dev": true, "requires": { "once": "^1.3.0", "wrappy": "1" @@ -2329,9 +2339,8 @@ }, "inherits": { "version": "2.0.4", - "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", - "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", - "dev": true + "resolved": "https://devdiv.pkgs.visualstudio.com/_packaging/openapi-platform/npm/registry/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha1-D6LGT5MpF8NDOg3tVTY6rjdBa3w=" }, "invariant": { "version": "2.2.4", @@ -3697,7 +3706,6 @@ "version": "3.0.4", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==", - "dev": true, "requires": { "brace-expansion": "^1.1.7" } @@ -3968,7 +3976,6 @@ "version": "1.4.0", "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=", - "dev": true, "requires": { "wrappy": "1" } @@ -4059,8 +4066,7 @@ "path-is-absolute": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", - "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=", - "dev": true + "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=" }, "path-key": { "version": "2.0.1", @@ -5353,8 +5359,7 @@ "wrappy": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", - "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", - "dev": true + "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=" }, "write-file-atomic": { "version": "2.4.1", diff --git a/package.json b/package.json index 39fe3cba..76306ba7 100644 --- a/package.json +++ b/package.json @@ -87,6 +87,7 @@ "@ts-common/json-parser": "^0.9.0", "@ts-common/string-map": "^0.3.0", "commonmark": "^0.29.0", + "glob": "^7.2.0", "js-yaml": "^3.13.1", "node-fetch": ">=2.6.1", "node-notifier": ">=8.0.1", @@ -94,6 +95,7 @@ "yargs": "^15.3.1" }, "devDependencies": { + "@types/glob": "^7.2.0", "@types/jest": "^24.0.15", "@types/js-yaml": "^3.12.1", "@types/node": "^10.14.6", diff --git a/src/index.ts b/src/index.ts index 85a1c2b4..5c0e8501 100644 --- a/src/index.ts +++ b/src/index.ts @@ -78,7 +78,7 @@ const errorCorrelationId = (error: err.Error) => { } const markDownIterate = (node: commonmark.Node | null) => - it.iterable(function*() { + it.iterable(function* () { // tslint:disable-next-line:no-let let i = node while (i !== null) { @@ -155,12 +155,17 @@ export const getVersionFromInputFile = (filePath: string): string | undefined => return undefined } -export const isContainsMultiVersion = (m: md.MarkDownEx): boolean => { +export const getSwaggerFileUnderDefaultTag = (m: md.MarkDownEx): string[] => { const defaultTag = getDefaultTag(m.markDown) if (!defaultTag) { - return false + return [] } const inputFiles = openApiMd.getInputFilesForTag(m.markDown, defaultTag) + return inputFiles as any +} + +export const isContainsMultiVersion = (m: md.MarkDownEx): boolean => { + const inputFiles = getSwaggerFileUnderDefaultTag(m) if (inputFiles) { const versions = new Set() for (const file of inputFiles) { @@ -176,6 +181,7 @@ export const isContainsMultiVersion = (m: md.MarkDownEx): boolean => { return false } + const jsonParse = (fileName: string, file: string) => { // tslint:disable-next-line:readonly-array const errors: err.Error[] = [] @@ -261,7 +267,7 @@ const containsReadme = async (folder: string): Promise => { } const validateSpecificationAPIVersion = (current: Specification, document: json.JsonObject): it.IterableEx => - it.iterable(function*() { + it.iterable(function* () { const info = document.info as json.JsonObject | undefined if (info !== undefined) { if (!current.path.includes(info.version as string)) { @@ -278,7 +284,7 @@ const validateSpecificationAPIVersion = (current: Specification, document: json. }) const validateFileLocation = (current: Specification, document: json.JsonObject): it.IterableEx => - it.iterable(function*() { + it.iterable(function* () { const host = document.host as string | undefined if (host !== undefined && host === 'management.azure.com' && !current.path.includes('resource-manager')) { yield { @@ -315,7 +321,7 @@ const findTheNearestReadme = async (rootDir: string, swaggerPath: string): Promi * @param dir directory path */ const validateRPFolderMustContainReadme = (dir: string): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function*() { + asyncIt.iterable(async function* () { const validDirs: ReadonlyArray = ['data-plane', 'resource-manager'] const ignoredDirs: ReadonlyArray = ['common'] const allJsonDir = tscommonFs @@ -369,7 +375,7 @@ const DFSTraversalValidate = ( graySet: Set, blackSet: Set, ): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function*() { + asyncIt.iterable(async function* () { if (!blackSet.has(current.path)) { graySet.add(current.path) } @@ -428,7 +434,7 @@ const DFSTraversalValidate = ( * validate given `readme.md` format */ const validateReadMeFile = (readMePath: string): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function*() { + asyncIt.iterable(async function* () { const file = await tscommonFs.readFile(readMePath) const m = md.parse(file.toString()) if (!isAutoRestMd(m)) { @@ -469,7 +475,7 @@ const validateInputFiles = ( allInputFileSet: Set, ): asyncIt.AsyncIterableEx => // tslint:disable-next-line: no-async-without-await - asyncIt.iterable(async function*() { + asyncIt.iterable(async function* () { // report errors if the `dir` folder has JSON files where exist circular reference const graySet = new Set() const blackSet = new Set() @@ -495,7 +501,7 @@ const validateInputFiles = ( }) const getInputFilesFromReadme = (readMePath: string): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function*() { + asyncIt.iterable(async function* () { const file = await tscommonFs.readFile(readMePath) const m = md.parse(file.toString()) const dir = path.dirname(readMePath) @@ -510,7 +516,7 @@ const getInputFilesFromReadme = (readMePath: string): asyncIt.AsyncIterableEx => // tslint:disable-next-line: no-async-without-await - asyncIt.iterable(async function*() { + asyncIt.iterable(async function* () { const dir = path.dirname(readMePath) yield* tscommonFs .recursiveReaddir(dir) @@ -526,7 +532,7 @@ const getAllInputFilesUnderReadme = (readMePath: string): asyncIt.AsyncIterableE * Validate global specification folder and prepare arguments for `validateInputFiles`. */ const validateFolder = (dir: string) => - asyncIt.iterable(async function*() { + asyncIt.iterable(async function* () { const allReadMeFiles = tscommonFs.recursiveReaddir(dir).filter(f => path.basename(f).toLowerCase() === 'readme.md') yield* validateRPFolderMustContainReadme(dir) @@ -575,7 +581,7 @@ const avocadoForDir = async (dir: string, exclude: string[]) => { * @param exclude path indicate which kind of error should be ignored. */ const avocadoForDevOps = (pr: devOps.PullRequestProperties, exclude: string[]): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function*() { + asyncIt.iterable(async function* () { // collect all errors from the 'targetBranch' const diffFiles = await pr.diff() const changedSwaggerFilePath = diffFiles.map(item => item.path) @@ -628,7 +634,7 @@ const avocadoForDevOps = (pr: devOps.PullRequestProperties, exclude: string[]): * The function validates files in the given `cwd` folder and returns errors. */ export const avocado = (config: cli.Config): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function*() { + asyncIt.iterable(async function* () { const pr = await devOps.createPullRequestProperties(config) // detect Azure DevOps Pull Request validation. // tslint:disable-next-line: no-let diff --git a/src/test/avocado-function-test.ts b/src/test/avocado-function-test.ts index fffa75fc..71d1b393 100644 --- a/src/test/avocado-function-test.ts +++ b/src/test/avocado-function-test.ts @@ -1,9 +1,13 @@ +import { getSwaggerFileUnderDefaultTag } from './../index'; // Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT License. See LICENSE in the project root for license information. import * as avocado from '../index' import * as assert from 'assert' import { readFileSync } from 'fs' +import { readdirSync } from 'fs' +import * as path from 'path' +import {glob} from 'glob' import * as md from '@ts-common/commonmark-to-markdown' describe('avocado', () => { @@ -26,4 +30,23 @@ describe('avocado', () => { const r1 = avocado.getVersionFromInputFile('/test/json/2020-05-01-preview/b.json') assert.deepStrictEqual(r1, '2020-05-01-preview') }) + + it('get input file under default tag', () => { + const root = "/home/ruowan/work/azure-rest-api-specs/specification" + const serviceDirs = readdirSync(root); + for (const service of serviceDirs) { + const readmePattern = path.join(root, service, "resource-manager/**/readme.md"); + const readmes = glob.sync(readmePattern); + for (const readme of readmes) { + console.log(readme) + const readmeContent = readFileSync(readme).toString() + const m = md.parse(readmeContent) + const inputFiles = getSwaggerFileUnderDefaultTag(m); + if(inputFiles&&inputFiles.length<=1){ + continue; + } + console.log(inputFiles) + } + } + }) }) From 7f83f3a8e77eb36e429109be73ef83dc76f32cf8 Mon Sep 17 00:00:00 2001 From: ruowan Date: Mon, 21 Feb 2022 05:52:58 +0000 Subject: [PATCH 02/16] avocado support check default tag should contains latest apiVersion swagger --- package-lock.json | 5 + package.json | 5 +- src/errors.ts | 32 +- src/index.ts | 207 +- src/test/avocado-function-test.ts | 51 +- src/test/avocado-test.ts | 14 + .../2019-01-01-preview/Aggregations.json | 97 + .../2019-01-01-preview/AutomationRules.json | 918 ++ .../preview/2019-01-01-preview/Bookmarks.json | 699 ++ .../preview/2019-01-01-preview/Cases.json | 1187 +++ .../DataConnectorsCheckRequirements.json | 503 + .../2019-01-01-preview/Enrichment.json | 375 + .../preview/2019-01-01-preview/Entities.json | 1381 +++ .../2019-01-01-preview/OfficeConsents.json | 243 + .../2019-01-01-preview/SecurityInsights.json | 8446 +++++++++++++++++ .../ThreatIntelligence.json | 1129 +++ .../actions/CreateActionOfAlertRule.json | 44 + .../actions/DeleteActionOfAlertRule.json | 15 + .../actions/GetActionOfAlertRuleById.json | 25 + .../actions/GetAllActionsByAlertRule.json | 28 + .../aggregations/GetCasesAggregations.json | 37 + .../GetAlertRuleTemplateById.json | 49 + .../GetAlertRuleTemplates.json | 85 + .../alertRules/CreateFusionAlertRule.json | 66 + ...softSecurityIncidentCreationAlertRule.json | 59 + .../alertRules/CreateScheduledAlertRule.json | 134 + .../examples/alertRules/DeleteAlertRule.json | 14 + .../examples/alertRules/GetAllAlertRules.json | 97 + .../alertRules/GetFusionAlertRule.json | 35 + ...softSecurityIncidentCreationAlertRule.json | 31 + .../alertRules/GetScheduledAlertRule.json | 56 + .../automationRules/CreateAutomationRule.json | 176 + .../automationRules/DeleteAutomationRule.json | 14 + .../GetAllAutomationRules.json | 69 + .../automationRules/GetAutomationRule.json | 76 + .../examples/bookmarks/CreateBookmark.json | 93 + .../examples/bookmarks/DeleteBookmark.json | 14 + .../examples/bookmarks/GetBookmarkById.json | 48 + .../examples/bookmarks/GetBookmarks.json | 51 + .../bookmarks/expand/PostExpandBookmark.json | 44 + .../relations/CreateBookmarkRelation.json | 44 + .../relations/DeleteBookmarkRelation.json | 15 + .../relations/GetAllBookmarkRelations.json | 29 + .../relations/GetBookmarkRelationByName.json | 26 + .../examples/cases/CreateCase.json | 97 + .../examples/cases/DeleteCase.json | 14 + .../examples/cases/GetCaseById.json | 57 + .../examples/cases/GetCases.json | 62 + .../cases/comments/CreateCaseComment.json | 34 + .../cases/comments/GetAllCaseComments.json | 32 + .../cases/comments/GetCaseCommentById.json | 29 + .../cases/relations/CreateCaseRelation.json | 53 + .../cases/relations/DeleteCaseRelation.json | 15 + .../cases/relations/GetAllCaseRelations.json | 31 + .../relations/GetCaseRelationByName.json | 28 + ...CheckRequirementsAzureActiveDirectory.json | 23 + ...tsAzureActiveDirectoryNoAuthorization.json | 23 + ...irementsAzureActiveDirectoryNoLicense.json | 23 + .../CheckRequirementsAzureSecurityCenter.json | 23 + .../CheckRequirementsDynamics365.json | 23 + .../CheckRequirementsMdatp.json | 23 + ...RequirementsMicrosoftCloudAppSecurity.json | 23 + ...quirementsMicrosoftThreatIntelligence.json | 23 + ...RequirementsMicrosoftThreatProtection.json | 23 + .../CheckRequirementsOfficeATP.json | 23 + .../CheckRequirementsThreatIntelligence.json | 23 + ...ckRequirementsThreatIntelligenceTaxii.json | 23 + .../CreateDynamics365DataConnetor.json | 58 + .../CreateOfficeDataConnetor.json | 76 + ...CreateThreatIntelligenceDataConnector.json | 60 + ...eThreatIntelligenceTaxiiDataConnector.json | 82 + .../DeleteOfficeDataConnetor.json | 14 + .../GetAmazonWebServicesCloudTrailById.json | 29 + .../GetAzureActiveDirectoryById.json | 29 + .../GetAzureAdvancedThreatProtectionById.json | 29 + .../GetAzureSecurityCenterById.json | 29 + .../dataConnectors/GetDataConnectors.json | 198 + .../GetDynamics365DataConnectorById.json | 29 + .../GetMicrosoftCloudAppSecurityById.json | 32 + ...tDefenderAdvancedThreatProtectionById.json | 29 + .../GetMicrosoftThreatIntelligenceById.json | 34 + .../GetMicrosoftThreatProtectionById.json | 29 + ...Office365AdvancedThreatProtectionById.json | 29 + .../GetOfficeDataConnetorById.json | 35 + .../GetThreatIntelligenceById.json | 30 + .../GetThreatIntelligenceTaxiiById.json | 37 + .../examples/enrichment/GetGeodataByIp.json | 31 + .../enrichment/GetWhoisByDomainName.json | 87 + .../entities/GetAccountEntityById.json | 33 + .../entities/GetAzureResourceEntityById.json | 25 + .../GetCloudApplicationEntityById.json | 26 + .../examples/entities/GetDnsEntityById.json | 27 + .../examples/entities/GetEntities.json | 64 + .../examples/entities/GetFileEntityById.json | 25 + .../entities/GetFileHashEntityById.json | 25 + .../examples/entities/GetHostEntityById.json | 32 + .../entities/GetIoTDeviceEntityById.json | 25 + .../examples/entities/GetIpEntityById.json | 24 + .../entities/GetMailClusterEntityById.json | 45 + .../entities/GetMailMessageEntityById.json | 49 + .../entities/GetMailboxEntityById.json | 27 + .../entities/GetMalwareEntityById.json | 25 + .../entities/GetProcessEntityById.json | 26 + .../examples/entities/GetQueries.json | 457 + .../entities/GetRegistryKeyEntityById.json | 25 + .../entities/GetRegistryValueEntityById.json | 27 + .../entities/GetSecurityAlertEntityById.json | 52 + .../entities/GetSecurityGroupEntityById.json | 26 + .../entities/GetSubmissionMailEntityById.json | 30 + .../examples/entities/GetUrlEntityById.json | 24 + .../entities/expand/PostExpandEntity.json | 53 + .../entities/insights/PostGetInsights.json | 101 + .../relations/GetAllEntityRelations.json | 29 + .../relations/GetEntityRelationByName.json | 26 + .../entities/timeline/PostTimelineEntity.json | 69 + .../entityQueries/GetEntityQueries.json | 59 + .../GetExpansionEntityQueryById.json | 35 + .../examples/incidents/CreateIncident.json | 109 + .../examples/incidents/DeleteIncident.json | 14 + .../incidents/GetAllIncidentAlerts.json | 51 + .../incidents/GetAllIncidentBookmarks.json | 78 + .../examples/incidents/GetIncidentById.json | 57 + .../examples/incidents/GetIncidents.json | 62 + .../comments/CreateIncidentComment.json | 56 + .../comments/DeleteIncidentComment.json | 15 + .../comments/GetAllIncidentComments.json | 35 + .../comments/GetIncidentCommentById.json | 32 + .../entities/GetAllIncidentEntities.json | 35 + .../relations/CreateIncidentRelation.json | 44 + .../relations/DeleteIncidentRelation.json | 15 + .../relations/GetAllIncidentRelations.json | 41 + .../relations/GetIncidentRelationByName.json | 26 + .../officeConsents/DeleteOfficeConsents.json | 14 + .../officeConsents/GetOfficeConsents.json | 26 + .../officeConsents/GetOfficeConsentsById.json | 23 + .../settings/DeleteEyesOnSetting.json | 14 + .../examples/settings/GetAllSettings.json | 26 + .../examples/settings/GetEyesOnSetting.json | 23 + .../settings/UpdateEyesOnSetting.json | 29 + .../AppendTagsThreatIntelligence.json | 19 + .../CollectThreatIntelligenceMetrics.json | 44 + .../CreateThreatIntelligence.json | 101 + .../DeleteThreatIntelligence.json | 14 + .../GetThreatIntelligence.json | 77 + .../GetThreatIntelligenceById.json | 44 + .../QueryThreatIntelligence.json | 108 + .../ReplaceTagsThreatIntelligence.json | 53 + .../UpdateThreatIntelligence.json | 102 + .../examples/watchlists/CreateWatchlist.json | 86 + .../watchlists/CreateWatchlistItem.json | 92 + .../examples/watchlists/DeleteWatchlist.json | 14 + .../watchlists/DeleteWatchlistItem.json | 15 + .../watchlists/GetWatchlistByAlias.json | 48 + .../watchlists/GetWatchlistItemById.json | 47 + .../watchlists/GetWatchlistItems.json | 50 + .../examples/watchlists/GetWatchlists.json | 51 + .../2021-03-01-preview/AlertRules.json | 1887 ++++ .../2021-03-01-preview/EntityDefinitions.json | 181 + .../2021-03-01-preview/EntityQueries.json | 518 + .../preview/2021-03-01-preview/Incidents.json | 4206 ++++++++ .../preview/2021-03-01-preview/Metadata.json | 742 ++ .../2021-03-01-preview/OnboardingStates.json | 333 + .../preview/2021-03-01-preview/Settings.json | 481 + .../2021-03-01-preview/SourceControls.json | 514 + .../2021-03-01-preview/Watchlists.json | 752 ++ .../2021-03-01-preview/dataConnectors.json | 1575 +++ .../actions/CreateActionOfAlertRule.json | 44 + .../actions/DeleteActionOfAlertRule.json | 15 + .../actions/GetActionOfAlertRuleById.json | 25 + .../actions/GetAllActionsByAlertRule.json | 28 + .../GetAlertRuleTemplateById.json | 49 + .../GetAlertRuleTemplates.json | 85 + .../alertRules/CreateFusionAlertRule.json | 66 + ...softSecurityIncidentCreationAlertRule.json | 59 + .../alertRules/CreateScheduledAlertRule.json | 240 + .../examples/alertRules/DeleteAlertRule.json | 14 + .../examples/alertRules/GetAllAlertRules.json | 133 + .../alertRules/GetFusionAlertRule.json | 35 + ...softSecurityIncidentCreationAlertRule.json | 31 + .../alertRules/GetScheduledAlertRule.json | 92 + .../CreateDynamics365DataConnetor.json | 58 + .../dataConnectors/CreateGenericUI.json | 438 + .../CreateOfficeDataConnetor.json | 76 + ...CreateThreatIntelligenceDataConnector.json | 60 + ...eThreatIntelligenceTaxiiDataConnector.json | 82 + .../dataConnectors/DeleteGenericUI.json | 14 + .../DeleteOfficeDataConnetor.json | 14 + .../GetAmazonWebServicesCloudTrailById.json | 29 + .../GetAzureActiveDirectoryById.json | 29 + .../GetAzureAdvancedThreatProtectionById.json | 29 + .../GetAzureSecurityCenterById.json | 29 + .../dataConnectors/GetDataConnectors.json | 341 + .../GetDynamics365DataConnectorById.json | 29 + .../examples/dataConnectors/GetGenericUI.json | 157 + .../GetMicrosoftCloudAppSecurityById.json | 32 + ...tDefenderAdvancedThreatProtectionById.json | 29 + .../GetMicrosoftThreatIntelligenceById.json | 34 + .../GetMicrosoftThreatProtectionById.json | 29 + ...Office365AdvancedThreatProtectionById.json | 29 + .../GetOfficeDataConnetorById.json | 35 + .../GetThreatIntelligenceById.json | 30 + .../GetThreatIntelligenceTaxiiById.json | 37 + .../CreateEntityQueryActivity.json | 134 + .../entityQueries/DeleteEntityQuery.json | 14 + .../GetActivityEntityQueryById.json | 55 + .../entityQueries/GetEntityQueries.json | 60 + .../GetExpansionEntityQueryById.json | 35 + .../examples/incidents/CreateIncident.json | 110 + .../examples/incidents/CreateTeam.json | 25 + .../examples/incidents/DeleteIncident.json | 14 + .../incidents/GetAllIncidentAlerts.json | 51 + .../incidents/GetAllIncidentBookmarks.json | 78 + .../examples/incidents/GetIncidentById.json | 58 + .../examples/incidents/GetIncidents.json | 63 + .../comments/CreateIncidentComment.json | 56 + .../comments/DeleteIncidentComment.json | 15 + .../comments/GetAllIncidentComments.json | 35 + .../comments/GetIncidentCommentById.json | 32 + .../entities/GetAllIncidentEntities.json | 35 + .../relations/CreateIncidentRelation.json | 44 + .../relations/DeleteIncidentRelation.json | 15 + .../relations/GetAllIncidentRelations.json | 41 + .../relations/GetIncidentRelationByName.json | 26 + .../examples/metadata/DeleteMetadata.json | 14 + .../examples/metadata/GetAllMetadata.json | 65 + .../metadata/GetAllMetadataOData.json | 53 + .../examples/metadata/GetMetadata.json | 72 + .../examples/metadata/PatchMetadata.json | 36 + .../examples/metadata/PutMetadata.json | 188 + .../examples/metadata/PutMetadataMinimal.json | 41 + .../CreateSentinelOnboardingState.json | 37 + .../DeleteSentinelOnboardingState.json | 14 + .../GetAllSentinelOnboardingStates.json | 25 + .../GetSentinelOnboardingState.json | 22 + .../repositories/GetRepositories.json | 26 + .../settings/DeleteEyesOnSetting.json | 14 + .../examples/settings/GetAllSettings.json | 26 + .../examples/settings/GetEyesOnSetting.json | 23 + .../settings/UpdateEyesOnSetting.json | 29 + .../sourcecontrols/CreateSourceControl.json | 118 + .../sourcecontrols/DeleteSourceControl.json | 14 + .../sourcecontrols/GetSourceControlById.json | 52 + .../sourcecontrols/GetSourceControls.json | 55 + .../examples/watchlists/CreateWatchlist.json | 86 + .../CreateWatchlistAndWatchlistItems.json | 89 + .../watchlists/CreateWatchlistItem.json | 92 + .../examples/watchlists/DeleteWatchlist.json | 14 + .../watchlists/DeleteWatchlistItem.json | 15 + .../watchlists/GetWatchlistByAlias.json | 49 + .../watchlists/GetWatchlistItemById.json | 47 + .../watchlists/GetWatchlistItems.json | 50 + .../examples/watchlists/GetWatchlists.json | 52 + .../2021-03-01-preview/operations.json | 129 + .../stable/2020-01-01/AlertRules.json | 1431 +++ .../stable/2020-01-01/Bookmarks.json | 439 + .../stable/2020-01-01/DataConnectors.json | 739 ++ .../stable/2020-01-01/SecurityInsights.json | 1430 +++ .../actions/CreateActionOfAlertRule.json | 44 + .../actions/DeleteActionOfAlertRule.json | 15 + .../actions/GetActionOfAlertRuleById.json | 25 + .../actions/GetAllActionsByAlertRule.json | 28 + .../GetAlertRuleTemplateById.json | 45 + .../GetAlertRuleTemplates.json | 82 + .../alertRules/CreateFusionAlertRule.json | 66 + ...softSecurityIncidentCreationAlertRule.json | 59 + .../alertRules/CreateScheduledAlertRule.json | 89 + .../examples/alertRules/DeleteAlertRule.json | 14 + .../examples/alertRules/GetAllAlertRules.json | 81 + .../alertRules/GetFusionAlertRule.json | 35 + ...softSecurityIncidentCreationAlertRule.json | 31 + .../alertRules/GetScheduledAlertRule.json | 40 + .../examples/bookmarks/CreateBookmark.json | 93 + .../examples/bookmarks/DeleteBookmark.json | 14 + .../examples/bookmarks/GetBookmarkById.json | 48 + .../examples/bookmarks/GetBookmarks.json | 51 + .../CreateOfficeDataConnetor.json | 76 + ...CreateThreatIntelligenceDataConnector.json | 60 + .../DeleteOfficeDataConnetor.json | 14 + .../GetAmazonWebServicesCloudTrailById.json | 29 + .../GetAzureActiveDirectoryById.json | 29 + .../GetAzureAdvancedThreatProtectionById.json | 29 + .../GetAzureSecurityCenterById.json | 29 + .../dataConnectors/GetDataConnectors.json | 143 + .../GetMicrosoftCloudAppSecurityById.json | 32 + ...tDefenderAdvancedThreatProtectionById.json | 29 + .../GetOfficeDataConnetorById.json | 35 + .../GetThreatIntelligenceById.json | 30 + .../examples/incidents/CreateIncident.json | 104 + .../examples/incidents/DeleteIncident.json | 13 + .../examples/incidents/GetIncidentById.json | 54 + .../examples/incidents/GetIncidents.json | 59 + .../comments/CreateIncidentComment.json | 34 + .../comments/GetAllIncidentComments.json | 32 + .../comments/GetIncidentCommentById.json | 29 + .../2020-01-01/test-scenarios/alertRules.yaml | 27 + .../2020-01-01/test-scenarios/bookmarks.yaml | 8 + .../test-scenarios/dataConnectors.yaml | 18 + .../2020-01-01/test-scenarios/incidents.yaml | 8 + .../stable/2021-04-01/Incidents.json | 3820 ++++++++ .../stable/2021-04-01/ThreatIntelligence.json | 1183 +++ .../stable/2021-04-01/Watchlists.json | 774 ++ .../examples/incidents/CreateIncident.json | 104 + .../examples/incidents/DeleteIncident.json | 13 + .../incidents/GetAllIncidentAlerts.json | 50 + .../incidents/GetAllIncidentBookmarks.json | 77 + .../incidents/GetAllIncidentEntities.json | 34 + .../examples/incidents/GetIncidentById.json | 54 + .../examples/incidents/GetIncidents.json | 59 + .../comments/CreateIncidentComment.json | 55 + .../comments/DeleteIncidentComment.json | 14 + .../comments/GetAllIncidentComments.json | 34 + .../comments/GetIncidentCommentById.json | 31 + .../relations/CreateIncidentRelation.json | 43 + .../relations/DeleteIncidentRelation.json | 14 + .../relations/GetAllIncidentRelations.json | 40 + .../relations/GetIncidentRelationByName.json | 25 + .../AppendTagsThreatIntelligence.json | 19 + .../CollectThreatIntelligenceMetrics.json | 44 + .../CreateThreatIntelligence.json | 101 + .../DeleteThreatIntelligence.json | 14 + .../GetThreatIntelligence.json | 77 + .../GetThreatIntelligenceById.json | 44 + .../QueryThreatIntelligence.json | 108 + .../ReplaceTagsThreatIntelligence.json | 53 + .../UpdateThreatIntelligence.json | 102 + .../examples/watchlists/CreateWatchlist.json | 86 + .../CreateWatchlistAndWatchlistItems.json | 89 + .../watchlists/CreateWatchlistItem.json | 92 + .../examples/watchlists/DeleteWatchlist.json | 14 + .../watchlists/DeleteWatchlistItem.json | 15 + .../watchlists/GetWatchlistByAlias.json | 49 + .../watchlists/GetWatchlistItemById.json | 47 + .../watchlists/GetWatchlistItems.json | 50 + .../examples/watchlists/GetWatchlists.json | 52 + .../stable/2021-04-01/operations.json | 140 + .../resource-manager/common/1.0/types.json | 182 + .../resource-manager/readme.az.md | 24 + .../resource-manager/readme.cli.md | 9 + .../resource-manager/readme.go.md | 36 + .../resource-manager/readme.md | 231 + .../resource-manager/readme.nodejs.md | 14 + .../resource-manager/readme.python.md | 24 + .../resource-manager/readme.test.md | 12 + .../resource-manager/readme.typescript.md | 13 + src/test/errors-test.ts | 56 + tslint.json | 8 +- 346 files changed, 52076 insertions(+), 42 deletions(-) create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Aggregations.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/AutomationRules.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Bookmarks.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Cases.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/DataConnectorsCheckRequirements.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Enrichment.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Entities.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/OfficeConsents.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/ThreatIntelligence.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/CreateActionOfAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/DeleteActionOfAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/GetActionOfAlertRuleById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/GetAllActionsByAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/aggregations/GetCasesAggregations.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateFusionAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateScheduledAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/DeleteAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetAllAlertRules.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetFusionAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetScheduledAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/CreateAutomationRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/DeleteAutomationRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/GetAllAutomationRules.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/GetAutomationRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/CreateBookmark.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/DeleteBookmark.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/GetBookmarkById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/GetBookmarks.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/expand/PostExpandBookmark.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/CreateCase.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/DeleteCase.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCaseById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCases.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/CreateCaseComment.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetAllCaseComments.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetCaseCommentById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/CreateCaseRelation.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/DeleteCaseRelation.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/GetAllCaseRelations.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/GetCaseRelationByName.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDataConnectors.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAccountEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAzureResourceEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetCloudApplicationEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetDnsEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetEntities.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetFileEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetFileHashEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetHostEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIoTDeviceEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIpEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailClusterEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailMessageEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailboxEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMalwareEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetProcessEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetQueries.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetRegistryKeyEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetRegistryValueEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityAlertEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityGroupEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSubmissionMailEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetUrlEntityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/expand/PostExpandEntity.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/insights/PostGetInsights.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/relations/GetAllEntityRelations.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/relations/GetEntityRelationByName.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/timeline/PostTimelineEntity.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entityQueries/GetEntityQueries.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/DeleteIncident.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetAllIncidentAlerts.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetAllIncidentBookmarks.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidentById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidents.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/CreateIncidentComment.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/DeleteIncidentComment.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/GetAllIncidentComments.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/GetIncidentCommentById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/entities/GetAllIncidentEntities.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/CreateIncidentRelation.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/DeleteIncidentRelation.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/GetAllIncidentRelations.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/GetIncidentRelationByName.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/DeleteOfficeConsents.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/GetOfficeConsents.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/GetOfficeConsentsById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/DeleteEyesOnSetting.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/GetAllSettings.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/GetEyesOnSetting.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/UpdateEyesOnSetting.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CreateThreatIntelligence.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/GetThreatIntelligence.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/QueryThreatIntelligence.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlist.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlistItem.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlist.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlistItem.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistByAlias.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistItemById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistItems.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlists.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/AlertRules.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/EntityDefinitions.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/EntityQueries.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/Incidents.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/Metadata.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/OnboardingStates.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/Settings.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/SourceControls.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/Watchlists.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/dataConnectors.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/CreateActionOfAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/DeleteActionOfAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/GetActionOfAlertRuleById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/GetAllActionsByAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateFusionAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateScheduledAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/DeleteAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetAllAlertRules.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetFusionAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetScheduledAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateGenericUI.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/DeleteGenericUI.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetDataConnectors.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetGenericUI.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/CreateEntityQueryActivity.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/DeleteEntityQuery.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetActivityEntityQueryById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetEntityQueries.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/CreateIncident.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/CreateTeam.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/DeleteIncident.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetAllIncidentAlerts.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetAllIncidentBookmarks.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetIncidentById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetIncidents.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/CreateIncidentComment.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/DeleteIncidentComment.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/GetAllIncidentComments.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/GetIncidentCommentById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/entities/GetAllIncidentEntities.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/CreateIncidentRelation.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/DeleteIncidentRelation.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/GetAllIncidentRelations.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/GetIncidentRelationByName.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/DeleteMetadata.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetAllMetadata.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetAllMetadataOData.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetMetadata.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PatchMetadata.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PutMetadata.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PutMetadataMinimal.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/repositories/GetRepositories.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/DeleteEyesOnSetting.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/GetAllSettings.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/GetEyesOnSetting.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/UpdateEyesOnSetting.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/CreateSourceControl.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/DeleteSourceControl.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/GetSourceControlById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/GetSourceControls.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlist.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlistItem.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/DeleteWatchlist.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/DeleteWatchlistItem.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistByAlias.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistItemById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistItems.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlists.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/operations.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/CreateActionOfAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/DeleteActionOfAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/GetActionOfAlertRuleById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/GetAllActionsByAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRuleTemplates/GetAlertRuleTemplateById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRuleTemplates/GetAlertRuleTemplates.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateFusionAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateScheduledAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/DeleteAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetAllAlertRules.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetFusionAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetScheduledAlertRule.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/CreateBookmark.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/DeleteBookmark.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/GetBookmarkById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/GetBookmarks.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/CreateOfficeDataConnetor.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/DeleteOfficeDataConnetor.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureActiveDirectoryById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureSecurityCenterById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetDataConnectors.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetOfficeDataConnetorById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetThreatIntelligenceById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/CreateIncident.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/DeleteIncident.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/GetIncidentById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/GetIncidents.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/CreateIncidentComment.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/GetAllIncidentComments.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/GetIncidentCommentById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/alertRules.yaml create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/bookmarks.yaml create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/dataConnectors.yaml create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/incidents.yaml create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/Incidents.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/ThreatIntelligence.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/Watchlists.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/CreateIncident.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/DeleteIncident.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentAlerts.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentBookmarks.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentEntities.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetIncidentById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetIncidents.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/CreateIncidentComment.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/DeleteIncidentComment.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/GetAllIncidentComments.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/GetIncidentCommentById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/CreateIncidentRelation.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/DeleteIncidentRelation.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/GetAllIncidentRelations.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/GetIncidentRelationByName.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/AppendTagsThreatIntelligence.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/CollectThreatIntelligenceMetrics.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/CreateThreatIntelligence.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/DeleteThreatIntelligence.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/GetThreatIntelligence.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/GetThreatIntelligenceById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/QueryThreatIntelligence.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/ReplaceTagsThreatIntelligence.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/UpdateThreatIntelligence.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlist.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlistAndWatchlistItems.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlistItem.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/DeleteWatchlist.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/DeleteWatchlistItem.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistByAlias.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistItemById.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistItems.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlists.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/operations.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/common/1.0/types.json create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.az.md create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.cli.md create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.go.md create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.md create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.nodejs.md create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.python.md create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.test.md create mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.typescript.md diff --git a/package-lock.json b/package-lock.json index a5e99b4c..3c7f0ce4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3514,6 +3514,11 @@ "minimist": "^1.2.5" } }, + "jsonpath-plus": { + "version": "6.0.1", + "resolved": "https://devdiv.pkgs.visualstudio.com/_packaging/openapi-platform/npm/registry/jsonpath-plus/-/jsonpath-plus-6.0.1.tgz", + "integrity": "sha1-mj4Wztrfqwej2NxOjNXfTtj0nE0=" + }, "jsprim": { "version": "1.4.1", "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz", diff --git a/package.json b/package.json index 76306ba7..6248e926 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,7 @@ "collectCoverage": true, "coverageThreshold": { "global": { - "branches": 94, + "branches": 93, "functions": 95, "lines": 98, "statements": 98 @@ -89,6 +89,7 @@ "commonmark": "^0.29.0", "glob": "^7.2.0", "js-yaml": "^3.13.1", + "jsonpath-plus": "^6.0.1", "node-fetch": ">=2.6.1", "node-notifier": ">=8.0.1", "node-object-hash": "^1.4.2", @@ -110,4 +111,4 @@ "tslint-plugin-prettier": "^2.0.1", "typescript": "3.5.2" } -} +} \ No newline at end of file diff --git a/src/errors.ts b/src/errors.ts index f61d7986..1ca92c0e 100644 --- a/src/errors.ts +++ b/src/errors.ts @@ -17,6 +17,10 @@ type ErrorMessage = | 'The default tag contains multiple API versions swaggers.' // tslint:disable-next-line: max-line-length | 'The management plane swagger JSON file does not match its folder path. Make sure management plane swagger located in resource-manager folder' + // tslint:disable-next-line: max-line-length + | 'The default tag does not contain all APIs in this RP. Please make sure the missing API swaggers are in the default tag.' + // tslint:disable-next-line: max-line-length + | 'The default tag does not contains the latest API version. Please make sure the latest api version swaggers are in the default tag.' export interface IErrorBase { readonly level: 'Warning' | 'Error' | 'Info' @@ -43,6 +47,14 @@ export type MultipleApiVersion = { readonly tag: string | undefined } & IErrorBase +export type MissingLatestApiInDefaultTag = { + readonly code: 'MISSING_APIS_IN_DEFAULT_TAG' | 'NOT_LATEST_API_VERSION_IN_DEFAULT_TAG' + readonly message: ErrorMessage + readonly readMeUrl: string + readonly tag: string + readonly jsonUrl: string +} & IErrorBase + export type FileError = { readonly code: | 'NO_JSON_FILE_FOUND' @@ -88,9 +100,27 @@ export const getPathInfoFromError = (error: Error): format.JsonPath[] => { ] case 'MISSING_README': return [{ tag: 'folder', path: format.blobHref(format.getRelativeSwaggerPathToRepo(error.folderUrl)) }] + + case 'MISSING_APIS_IN_DEFAULT_TAG': + console.log(error.message) + return [ + { tag: 'readme', path: format.blobHref(format.getRelativeSwaggerPathToRepo(error.readMeUrl)) }, + { tag: 'json', path: format.blobHref(format.getRelativeSwaggerPathToRepo(error.jsonUrl)) }, + ] + case 'NOT_LATEST_API_VERSION_IN_DEFAULT_TAG': + return [ + { tag: 'readme', path: format.blobHref(format.getRelativeSwaggerPathToRepo(error.readMeUrl)) }, + { tag: 'json', path: format.blobHref(format.getRelativeSwaggerPathToRepo(error.jsonUrl)) }, + ] default: return [] } } -export type Error = JsonParseError | FileError | NotAutoRestMarkDown | MissingReadmeError | MultipleApiVersion +export type Error = + | JsonParseError + | FileError + | NotAutoRestMarkDown + | MissingReadmeError + | MultipleApiVersion + | MissingLatestApiInDefaultTag diff --git a/src/index.ts b/src/index.ts index 5c0e8501..d2778d71 100644 --- a/src/index.ts +++ b/src/index.ts @@ -12,6 +12,7 @@ import * as it from '@ts-common/iterator' import * as json from '@ts-common/json' import * as stringMap from '@ts-common/string-map' import * as commonmark from 'commonmark' +import { JSONPath } from 'jsonpath-plus' import * as cli from './cli' import * as git from './git' import * as childProcess from './child-process' @@ -22,6 +23,8 @@ import * as YAML from 'js-yaml' // tslint:disable-next-line: no-require-imports import nodeObjectHash = require('node-object-hash') +// tslint:disable-next-line: no-require-imports +import glob = require('glob') export { devOps, cli, git, childProcess } @@ -71,6 +74,20 @@ const errorCorrelationId = (error: err.Error) => { url: error.jsonUrl, } } + case 'MISSING_APIS_IN_DEFAULT_TAG': { + return { + code: error.code, + url: error.jsonUrl, + readMeUrl: error.readMeUrl, + } + } + case 'NOT_LATEST_API_VERSION_IN_DEFAULT_TAG': { + return { + code: error.code, + url: error.jsonUrl, + readMeUrl: error.readMeUrl, + } + } } } @@ -78,7 +95,7 @@ const errorCorrelationId = (error: err.Error) => { } const markDownIterate = (node: commonmark.Node | null) => - it.iterable(function* () { + it.iterable(function*() { // tslint:disable-next-line:no-let let i = node while (i !== null) { @@ -117,7 +134,6 @@ const safeLoad = (content: string) => { export const getDefaultTag = (markDown: commonmark.Node): string | undefined => { const startNode = markDown const codeBlockMap = openApiMd.getCodeBlocksAndHeadings(startNode) - const latestHeader = 'Basic Information' const headerBlock = codeBlockMap[latestHeader] if (headerBlock && headerBlock.literal) { @@ -161,7 +177,7 @@ export const getSwaggerFileUnderDefaultTag = (m: md.MarkDownEx): string[] => { return [] } const inputFiles = openApiMd.getInputFilesForTag(m.markDown, defaultTag) - return inputFiles as any + return (inputFiles as any) || [] } export const isContainsMultiVersion = (m: md.MarkDownEx): boolean => { @@ -181,7 +197,6 @@ export const isContainsMultiVersion = (m: md.MarkDownEx): boolean => { return false } - const jsonParse = (fileName: string, file: string) => { // tslint:disable-next-line:readonly-array const errors: err.Error[] = [] @@ -267,7 +282,7 @@ const containsReadme = async (folder: string): Promise => { } const validateSpecificationAPIVersion = (current: Specification, document: json.JsonObject): it.IterableEx => - it.iterable(function* () { + it.iterable(function*() { const info = document.info as json.JsonObject | undefined if (info !== undefined) { if (!current.path.includes(info.version as string)) { @@ -284,7 +299,7 @@ const validateSpecificationAPIVersion = (current: Specification, document: json. }) const validateFileLocation = (current: Specification, document: json.JsonObject): it.IterableEx => - it.iterable(function* () { + it.iterable(function*() { const host = document.host as string | undefined if (host !== undefined && host === 'management.azure.com' && !current.path.includes('resource-manager')) { yield { @@ -315,13 +330,174 @@ const findTheNearestReadme = async (rootDir: string, swaggerPath: string): Promi return undefined } +export type PathTable = Map + +export const validateRPMustContainAllLatestApiVersionSwagger = (dir: string): it.IterableEx => + it.iterable(function*() { + const readmePattern = path.join(dir, '**/readme.md') + const readmes = glob.sync(readmePattern, { nodir: true }) + + for (const readme of readmes) { + console.log(readme) + const readmeDir = path.dirname(readme) + const readmeContent = fs.readFileSync(readme).toString() + const m = md.parse(readmeContent) + const inputFiles = getSwaggerFileUnderDefaultTag(m) + let defaultTagPathTable = new Map() + let stableCheck = false + let previewCheck = false + for (const inputFile of inputFiles) { + stableCheck = stableCheck || inputFile.includes('stable') + previewCheck = previewCheck || inputFile.includes('preview') + const inputFilePath = path.resolve(readmeDir, inputFile) + const pathTable = getPathTableFromSwaggerFile(inputFilePath) + defaultTagPathTable = mergePathTable(defaultTagPathTable, pathTable) + } + const previewPattern = path.join(readmeDir, '**/preview/**/*.json') + const previewFiles = glob + .sync(previewPattern, { nodir: true }) + .filter(swaggerFile => !swaggerFile.includes('examples')) + const stablePattern = path.join(readmeDir, '**/stable/**/*.json') + const stableFiles = glob + .sync(stablePattern, { nodir: true }) + .filter(swaggerFile => !swaggerFile.includes('examples')) + + let stablePathTable = new Map() + let previewPathTable = new Map() + + for (const inputFile of previewFiles) { + previewPathTable = mergePathTable(previewPathTable, getPathTableFromSwaggerFile(inputFile)) + } + + for (const inputFile of stableFiles) { + stablePathTable = mergePathTable(stablePathTable, getPathTableFromSwaggerFile(inputFile)) + } + + let latestAPIPathTable = new Map() + + if (stableCheck) { + latestAPIPathTable = mergePathTable(latestAPIPathTable, stablePathTable) + } + if (previewCheck) { + latestAPIPathTable = mergePathTable(latestAPIPathTable, previewPathTable) + } + const difference = diffPathTable(defaultTagPathTable, latestAPIPathTable) + for (const item of difference) { + yield { + level: 'Error', + code: item.code, + message: item.message, + tag: 'default', + readMeUrl: readme, + jsonUrl: item.swaggerFile, + path: item.path, + } + } + } + }) + +export const mergePathTable = (pathTable: PathTable, newPathTable: PathTable): PathTable => { + for (const [key, value] of newPathTable) { + if (pathTable.has(key)) { + if (pathTable.get(key)!.apiVersion < value.apiVersion) { + pathTable.set(key, value) + } + } else { + pathTable.set(key, value) + } + } + return pathTable +} + +export const diffPathTable = (defaultPathTable: PathTable, latestPathTable: PathTable): any[] => { + const result: any[] = [] + for (const [key, value] of latestPathTable) { + if (defaultPathTable.has(key)) { + if (defaultPathTable.get(key)!.apiVersion !== value.apiVersion) { + result.push({ + path: key, + swaggerFile: value.swaggerFile, + code: 'NOT_LATEST_API_VERSION_IN_DEFAULT_TAG', + message: + // tslint:disable-next-line: max-line-length + 'The default tag does not contains the latest API version. Please make sure the latest api version swaggers are in the default tag.', + }) + } + } else { + result.push({ + path: key, + swaggerFile: value.swaggerFile, + code: 'MISSING_APIS_IN_DEFAULT_TAG', + message: + // tslint:disable-next-line: max-line-length + 'The default tag does not contain all APIs in this RP. Please make sure the missing API swaggers are in the default tag.', + }) + } + } + return result +} + +export const getPathTableFromSwaggerFile = (swaggerFile: string): PathTable => { + if (!fs.existsSync(swaggerFile)) { + return new Map() + } + let swagger + try { + swagger = JSON.parse(fs.readFileSync(swaggerFile).toString()) + } catch (e) { + return new Map() + } + const apiVersion = getApiVersionFromSwagger(swagger) + // apiVersion is undefined when the swagger is just for reference + if (apiVersion === undefined) { + return new Map() + } + const allPaths = getAllPathFromSwagger(swagger).map(normalizeApiPath) + + const pathTable = new Map() + // tslint:disable-next-line: no-shadowed-variable + for (const it of allPaths) { + pathTable.set(it, { apiVersion, swaggerFile }) + } + return pathTable +} + +export const getAllPathFromSwagger = (swagger: any) => { + const apiPath = '$.paths.*~' + const paths = JSONPath({ + path: apiPath, + json: swagger, + resultType: 'all', + }) + // tslint:disable-next-line: no-shadowed-variable + return paths.map((it: { readonly value: any }) => it.value) +} + +export const getApiVersionFromSwagger = (swagger: any) => { + const apiVersionPath = '$.info.version' + const version = JSONPath({ + path: apiVersionPath, + json: swagger, + resultType: 'all', + }) + if (version.length === 0) { + return undefined + } + return version[0].value +} + +export const normalizeApiPath = (apiPath: string) => { + const regex = /\{\w+\}/g + return apiPath.replace(regex, '{}') +} + /** * Validate each RP folder must have its readme file. * * @param dir directory path */ const validateRPFolderMustContainReadme = (dir: string): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function* () { + asyncIt.iterable(async function*() { const validDirs: ReadonlyArray = ['data-plane', 'resource-manager'] const ignoredDirs: ReadonlyArray = ['common'] const allJsonDir = tscommonFs @@ -375,7 +551,7 @@ const DFSTraversalValidate = ( graySet: Set, blackSet: Set, ): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function* () { + asyncIt.iterable(async function*() { if (!blackSet.has(current.path)) { graySet.add(current.path) } @@ -434,7 +610,7 @@ const DFSTraversalValidate = ( * validate given `readme.md` format */ const validateReadMeFile = (readMePath: string): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function* () { + asyncIt.iterable(async function*() { const file = await tscommonFs.readFile(readMePath) const m = md.parse(file.toString()) if (!isAutoRestMd(m)) { @@ -475,7 +651,7 @@ const validateInputFiles = ( allInputFileSet: Set, ): asyncIt.AsyncIterableEx => // tslint:disable-next-line: no-async-without-await - asyncIt.iterable(async function* () { + asyncIt.iterable(async function*() { // report errors if the `dir` folder has JSON files where exist circular reference const graySet = new Set() const blackSet = new Set() @@ -501,7 +677,7 @@ const validateInputFiles = ( }) const getInputFilesFromReadme = (readMePath: string): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function* () { + asyncIt.iterable(async function*() { const file = await tscommonFs.readFile(readMePath) const m = md.parse(file.toString()) const dir = path.dirname(readMePath) @@ -516,7 +692,7 @@ const getInputFilesFromReadme = (readMePath: string): asyncIt.AsyncIterableEx => // tslint:disable-next-line: no-async-without-await - asyncIt.iterable(async function* () { + asyncIt.iterable(async function*() { const dir = path.dirname(readMePath) yield* tscommonFs .recursiveReaddir(dir) @@ -532,7 +708,7 @@ const getAllInputFilesUnderReadme = (readMePath: string): asyncIt.AsyncIterableE * Validate global specification folder and prepare arguments for `validateInputFiles`. */ const validateFolder = (dir: string) => - asyncIt.iterable(async function* () { + asyncIt.iterable(async function*() { const allReadMeFiles = tscommonFs.recursiveReaddir(dir).filter(f => path.basename(f).toLowerCase() === 'readme.md') yield* validateRPFolderMustContainReadme(dir) @@ -553,6 +729,7 @@ const validateFolder = (dir: string) => return fileSet }, new Set()) yield* validateInputFiles(referencedFiles, allFiles) + yield* validateRPMustContainAllLatestApiVersionSwagger(dir) }) /** @@ -581,7 +758,7 @@ const avocadoForDir = async (dir: string, exclude: string[]) => { * @param exclude path indicate which kind of error should be ignored. */ const avocadoForDevOps = (pr: devOps.PullRequestProperties, exclude: string[]): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function* () { + asyncIt.iterable(async function*() { // collect all errors from the 'targetBranch' const diffFiles = await pr.diff() const changedSwaggerFilePath = diffFiles.map(item => item.path) @@ -634,7 +811,7 @@ const avocadoForDevOps = (pr: devOps.PullRequestProperties, exclude: string[]): * The function validates files in the given `cwd` folder and returns errors. */ export const avocado = (config: cli.Config): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function* () { + asyncIt.iterable(async function*() { const pr = await devOps.createPullRequestProperties(config) // detect Azure DevOps Pull Request validation. // tslint:disable-next-line: no-let diff --git a/src/test/avocado-function-test.ts b/src/test/avocado-function-test.ts index 71d1b393..84f9328f 100644 --- a/src/test/avocado-function-test.ts +++ b/src/test/avocado-function-test.ts @@ -1,13 +1,10 @@ -import { getSwaggerFileUnderDefaultTag } from './../index'; // Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT License. See LICENSE in the project root for license information. import * as avocado from '../index' import * as assert from 'assert' import { readFileSync } from 'fs' -import { readdirSync } from 'fs' import * as path from 'path' -import {glob} from 'glob' import * as md from '@ts-common/commonmark-to-markdown' describe('avocado', () => { @@ -30,23 +27,37 @@ describe('avocado', () => { const r1 = avocado.getVersionFromInputFile('/test/json/2020-05-01-preview/b.json') assert.deepStrictEqual(r1, '2020-05-01-preview') }) +}) + +describe('check default tag should contains all apiVersion', () => { + const root = 'src/test/default_tag_latest_swaggers/specification/' + it('check RP level folder securityinsights', () => { + const rpFolder = path.join(root, 'securityinsights') + const res = avocado.validateRPMustContainAllLatestApiVersionSwagger(rpFolder).toArray() + assert.deepStrictEqual(res.length, 21) + assert.deepStrictEqual( + res.some(it => it.code === 'MISSING_APIS_IN_DEFAULT_TAG'), + true, + ) + assert.deepStrictEqual( + res.some(it => it.code === 'NOT_LATEST_API_VERSION_IN_DEFAULT_TAG'), + true, + ) + }) + + it('normalizeApiPath', () => { + // tslint:disable-next-line: no-let + let apiPath = '/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/configurations/{configurationName}' + // tslint:disable-next-line: no-let + let ret = avocado.normalizeApiPath(apiPath) + assert.deepStrictEqual(ret, '/subscriptions/{}/providers/Microsoft.Advisor/configurations/{}') + + apiPath = '/providers/Microsoft.Advisor/operations' + ret = avocado.normalizeApiPath(apiPath) + assert.deepStrictEqual(ret, '/providers/Microsoft.Advisor/operations') - it('get input file under default tag', () => { - const root = "/home/ruowan/work/azure-rest-api-specs/specification" - const serviceDirs = readdirSync(root); - for (const service of serviceDirs) { - const readmePattern = path.join(root, service, "resource-manager/**/readme.md"); - const readmes = glob.sync(readmePattern); - for (const readme of readmes) { - console.log(readme) - const readmeContent = readFileSync(readme).toString() - const m = md.parse(readmeContent) - const inputFiles = getSwaggerFileUnderDefaultTag(m); - if(inputFiles&&inputFiles.length<=1){ - continue; - } - console.log(inputFiles) - } - } + apiPath = '/{resourceUri}/providers/Microsoft.Advisor/recommendations/{recommendationId}/suppressions/{name}' + ret = avocado.normalizeApiPath(apiPath) + assert.deepStrictEqual(ret, '/{}/providers/Microsoft.Advisor/recommendations/{}/suppressions/{}') }) }) diff --git a/src/test/avocado-test.ts b/src/test/avocado-test.ts index d46931b8..da559290 100644 --- a/src/test/avocado-test.ts +++ b/src/test/avocado-test.ts @@ -329,4 +329,18 @@ describe('avocado', () => { .toArray() assert.deepStrictEqual(r, []) }) + + it('avocado check default tag should contains latest api version', async () => { + const r = await avocado.avocado({ cwd: 'src/test/default_tag_latest_swaggers', env: {} }).toArray() + assert.strictEqual(r.length, 8) + assert.deepStrictEqual( + r.some(it => it.code === 'MISSING_APIS_IN_DEFAULT_TAG'), + true, + ) + assert.deepStrictEqual( + r.some(it => it.code === 'NOT_LATEST_API_VERSION_IN_DEFAULT_TAG'), + true, + ) + console.log(r) + }) }) diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Aggregations.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Aggregations.json new file mode 100644 index 00000000..8a9169fe --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Aggregations.json @@ -0,0 +1,97 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2019-01-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/aggregations/{aggregationsName}": { + "get": { + "x-ms-examples": { + "Get aggregative data for all cases under the defined workspace, between the time range if specified.": { + "$ref": "./examples/aggregations/GetCasesAggregations.json" + } + }, + "tags": [ + "Aggregations" + ], + "description": "Get aggregative result for the given resources under the defined workspace", + "operationId": "CasesAggregations_Get", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AggregationsName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "SecurityInsights.json#/definitions/Aggregations" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "AggregationsName": { + "description": "The aggregation name. Supports - Cases", + "in": "path", + "name": "aggregationsName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": {} +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/AutomationRules.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/AutomationRules.json new file mode 100644 index 00000000..d791361d --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/AutomationRules.json @@ -0,0 +1,918 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2019-01-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules": { + "get": { + "x-ms-examples": { + "Get all automation rules.": { + "$ref": "./examples/automationRules/GetAllAutomationRules.json" + } + }, + "tags": [ + "Automation Rules" + ], + "description": "Gets all automation rules.", + "operationId": "AutomationRules_List", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AutomationRulesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}": { + "get": { + "x-ms-examples": { + "Get an automation rule.": { + "$ref": "./examples/automationRules/GetAutomationRule.json" + } + }, + "tags": [ + "Automation Rules" + ], + "description": "Gets the automation rule.", + "operationId": "AutomationRules_Get", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AutomationRuleId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an automation rule.": { + "$ref": "./examples/automationRules/CreateAutomationRule.json" + } + }, + "tags": [ + "Automation Rules" + ], + "description": "Creates or updates the automation rule.", + "operationId": "AutomationRules_CreateOrUpdate", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AutomationRuleId" + }, + { + "$ref": "#/parameters/AutomationRule" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an automation rule.": { + "$ref": "./examples/automationRules/DeleteAutomationRule.json" + } + }, + "tags": [ + "Automation Rule" + ], + "description": "Delete the automation rule.", + "operationId": "AutomationRules_Delete", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AutomationRuleId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "AutomationRule": { + "description": "The automation rule", + "in": "body", + "name": "automationRule", + "required": true, + "schema": { + "$ref": "#/definitions/AutomationRule" + }, + "x-ms-parameter-location": "method" + }, + "AutomationRuleId": { + "description": "Automation rule ID", + "in": "path", + "name": "automationRuleId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "AutomationRule": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents an automation rule.", + "properties": { + "properties": { + "$ref": "#/definitions/AutomationRuleProperties", + "description": "Automation rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "AutomationRuleAction": { + "description": "Describes an automation rule action", + "discriminator": "actionType", + "properties": { + "order": { + "description": "The order of execution of the automation rule action", + "type": "integer", + "format": "int32" + }, + "actionType": { + "description": "The type of the automation rule action", + "enum": [ + "ModifyProperties", + "RunPlaybook" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AutomationRuleActionType", + "values": [ + { + "description": "Modify an object's properties", + "value": "ModifyProperties" + }, + { + "description": "Run a playbook on an object", + "value": "RunPlaybook" + } + ] + } + } + }, + "required": [ + "order", + "actionType" + ], + "type": "object" + }, + "AutomationRuleCondition": { + "description": "Describes an automation rule condition", + "discriminator": "conditionType", + "properties": { + "conditionType": { + "description": "The type of the automation rule condition", + "enum": [ + "Property" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AutomationRuleConditionType", + "values": [ + { + "description": "Evaluate an object property value", + "value": "Property" + } + ] + } + } + }, + "required": [ + "conditionType" + ], + "type": "object" + }, + "AutomationRuleProperties": { + "description": "Describes automation rule properties", + "properties": { + "displayName": { + "description": "The display name of the automation rule", + "type": "string" + }, + "order": { + "description": "The order of execution of the automation rule", + "type": "integer", + "format": "int32" + }, + "triggeringLogic": { + "$ref": "#/definitions/AutomationRuleTriggeringLogic", + "description": "The triggering logic of the automation rule", + "type": "object" + }, + "actions": { + "description": "The actions to execute when the automation rule is triggered", + "items": { + "$ref": "#/definitions/AutomationRuleAction" + }, + "type": "array" + }, + "createdTimeUtc": { + "description": "The time the automation rule was created", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "lastModifiedTimeUtc": { + "description": "The last time the automation rule was updated", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "createdBy": { + "$ref": "SecurityInsights.json#/definitions/ClientInfo", + "description": "Describes the client that created the automation rule", + "readOnly": true, + "type": "object" + }, + "lastModifiedBy": { + "$ref": "SecurityInsights.json#/definitions/ClientInfo", + "description": "Describes the client that last updated the automation rule", + "readOnly": true, + "type": "object" + } + }, + "required": [ + "displayName", + "order", + "triggeringLogic", + "actions" + ], + "type": "object" + }, + "AutomationRulesList": { + "description": "List all the automation rules.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of automation rules.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of automation rules.", + "items": { + "$ref": "#/definitions/AutomationRule" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "AutomationRuleRunPlaybookAction": { + "description": "Describes an automation rule action to run a playbook", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleAction" + } + ], + "properties": { + "actionConfiguration": { + "description": "The configuration of the run playbook automation rule action", + "properties": { + "logicAppResourceId": { + "description": "The resource id of the playbook resource", + "type": "string" + }, + "tenantId": { + "description": "The tenant id of the playbook resource", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "actionConfiguration" + ], + "x-ms-client-flatten": true, + "type": "object", + "x-ms-discriminator-value": "RunPlaybook" + }, + "AutomationRuleModifyPropertiesAction": { + "description": "Describes an automation rule action to modify an object's properties", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleAction" + } + ], + "properties": { + "actionConfiguration": { + "description": "The configuration of the modify properties automation rule action", + "properties": { + "classification": { + "$ref": "SecurityInsights.json#/definitions/IncidentClassification", + "description": "The reason the incident was closed" + }, + "classificationComment": { + "description": "Describes the reason the incident was closed", + "type": "string" + }, + "classificationReason": { + "$ref": "SecurityInsights.json#/definitions/IncidentClassificationReason", + "description": "The classification reason to close the incident with" + }, + "labels": { + "description": "List of labels to add to the incident", + "items": { + "$ref": "SecurityInsights.json#/definitions/IncidentLabel" + }, + "type": "array" + }, + "owner": { + "$ref": "SecurityInsights.json#/definitions/IncidentOwnerInfo", + "description": "Describes a user that the incident is assigned to", + "type": "object" + }, + "severity": { + "$ref": "SecurityInsights.json#/definitions/IncidentSeverity", + "description": "The severity of the incident" + }, + "status": { + "$ref": "SecurityInsights.json#/definitions/IncidentStatus", + "description": "The status of the incident" + } + }, + "type": "object" + } + }, + "required": [ + "actionConfiguration" + ], + "x-ms-client-flatten": true, + "type": "object", + "x-ms-discriminator-value": "ModifyProperties" + }, + "AutomationRulePropertyConditionSupportedProperty": { + "description": "The property to evaluate in an automation rule property condition", + "enum": [ + "IncidentTitle", + "IncidentDescription", + "IncidentSeverity", + "IncidentStatus", + "IncidentTactics", + "IncidentRelatedAnalyticRuleIds", + "IncidentProviderName", + "AccountAadTenantId", + "AccountAadUserId", + "AccountName", + "AccountNTDomain", + "AccountPUID", + "AccountSid", + "AccountObjectGuid", + "AccountUPNSuffix", + "AzureResourceResourceId", + "AzureResourceSubscriptionId", + "CloudApplicationAppId", + "CloudApplicationAppName", + "DNSDomainName", + "FileDirectory", + "FileName", + "FileHashValue", + "HostAzureID", + "HostName", + "HostNetBiosName", + "HostNTDomain", + "HostOSVersion", + "IoTDeviceId", + "IoTDeviceName", + "IoTDeviceType", + "IoTDeviceVendor", + "IoTDeviceModel", + "IoTDeviceOperatingSystem", + "IPAddress", + "MailboxDisplayName", + "MailboxPrimaryAddress", + "MailboxUPN", + "MailMessageDeliveryAction", + "MailMessageDeliveryLocation", + "MailMessageRecipient", + "MailMessageSenderIP", + "MailMessageSubject", + "MailMessageP1Sender", + "MailMessageP2Sender", + "MalwareCategory", + "MalwareName", + "ProcessCommandLine", + "ProcessId", + "RegistryKey", + "RegistryValueData", + "Url" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AutomationRulePropertyConditionSupportedProperty", + "values": [ + { + "description": "The title of the incident", + "value": "IncidentTitle" + }, + { + "description": "The description of the incident", + "value": "IncidentDescription" + }, + { + "description": "The severity of the incident", + "value": "IncidentSeverity" + }, + { + "description": "The status of the incident", + "value": "IncidentStatus" + }, + { + "description": "The tactics of the incident", + "value": "IncidentTactics" + }, + { + "description": "The related Analytic rule ids of the incident", + "value": "IncidentRelatedAnalyticRuleIds" + }, + { + "description": "The provider name of the incident", + "value": "IncidentProviderName" + }, + { + "description": "The account Azure Active Directory tenant id", + "value": "AccountAadTenantId" + }, + { + "description": "The account Azure Active Directory user id.", + "value": "AccountAadUserId" + }, + { + "description": "The account name", + "value": "AccountName" + }, + { + "description": "The account NetBIOS domain name", + "value": "AccountNTDomain" + }, + { + "description": "The account Azure Active Directory Passport User ID", + "value": "AccountPUID" + }, + { + "description": "The account security identifier", + "value": "AccountSid" + }, + { + "description": "The account unique identifier", + "value": "AccountObjectGuid" + }, + { + "description": "The account user principal name suffix", + "value": "AccountUPNSuffix" + }, + { + "description": "The Azure resource id", + "value": "AzureResourceResourceId" + }, + { + "description": "The Azure resource subscription id", + "value": "AzureResourceSubscriptionId" + }, + { + "description": "The cloud application identifier", + "value": "CloudApplicationAppId" + }, + { + "description": "The cloud application name", + "value": "CloudApplicationAppName" + }, + { + "description": "The dns record domain name", + "value": "DNSDomainName" + }, + { + "description": "The file directory full path", + "value": "FileDirectory" + }, + { + "description": "The file name without path", + "value": "FileName" + }, + { + "description": "The file hash value", + "value": "FileHashValue" + }, + { + "description": "The host Azure resource id", + "value": "HostAzureID" + }, + { + "description": "The host name without domain", + "value": "HostName" + }, + { + "description": "The host NetBIOS name", + "value": "HostNetBiosName" + }, + { + "description": "The host NT domain", + "value": "HostNTDomain" + }, + { + "description": "The host operating system", + "value": "HostOSVersion" + }, + { + "description": "The IoT device id", + "value": "IoTDeviceId" + }, + { + "description": "The IoT device name", + "value": "IoTDeviceName" + }, + { + "description": "The IoT device type", + "value": "IoTDeviceType" + }, + { + "description": "The IoT device vendor", + "value": "IoTDeviceVendor" + }, + { + "description": "The IoT device model", + "value": "IoTDeviceModel" + }, + { + "description": "The IoT device operating system", + "value": "IoTDeviceOperatingSystem" + }, + { + "description": "The IP address", + "value": "IPAddress" + }, + { + "description": "The mailbox display name", + "value": "MailboxDisplayName" + }, + { + "description": "The mailbox primary address", + "value": "MailboxPrimaryAddress" + }, + { + "description": "The mailbox user principal name", + "value": "MailboxUPN" + }, + { + "description": "The mail message delivery action", + "value": "MailMessageDeliveryAction" + }, + { + "description": "The mail message delivery location", + "value": "MailMessageDeliveryLocation" + }, + { + "description": "The mail message recipient", + "value": "MailMessageRecipient" + }, + { + "description": "The mail message sender IP address", + "value": "MailMessageSenderIP" + }, + { + "description": "The mail message subject", + "value": "MailMessageSubject" + }, + { + "description": "The mail message P1 sender", + "value": "MailMessageP1Sender" + }, + { + "description": "The mail message P2 sender", + "value": "MailMessageP2Sender" + }, + { + "description": "The malware category", + "value": "MalwareCategory" + }, + { + "description": "The malware name", + "value": "MalwareName" + }, + { + "description": "The process execution command line", + "value": "ProcessCommandLine" + }, + { + "description": "The process id", + "value": "ProcessId" + }, + { + "description": "The registry key path", + "value": "RegistryKey" + }, + { + "description": "The registry key value in string formatted representation", + "value": "RegistryValueData" + }, + { + "description": "The url", + "value": "Url" + } + ] + } + }, + "AutomationRulePropertyValuesCondition": { + "description": "Describes an automation rule condition that evaluates a property's value", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "properties": { + "conditionProperties": { + "description": "The configuration of the automation rule condition", + "properties": { + "propertyName": { + "$ref": "#/definitions/AutomationRulePropertyConditionSupportedProperty", + "description": "The property to evaluate" + }, + "operator": { + "description": "The operator to use for evaluation the condition", + "enum": [ + "Equals", + "NotEquals", + "Contains", + "NotContains", + "StartsWith", + "NotStartsWith", + "EndsWith", + "NotEndsWith" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AutomationRulePropertyConditionSupportedOperator", + "values": [ + { + "description": "Evaluates if the property equals at least one of the condition values", + "value": "Equals" + }, + { + "description": "Evaluates if the property does not equal any of the condition values", + "value": "NotEquals" + }, + { + "description": "Evaluates if the property contains at least one of the condition values", + "value": "Contains" + }, + { + "description": "Evaluates if the property does not contain any of the condition values", + "value": "NotContains" + }, + { + "description": "Evaluates if the property starts with any of the condition values", + "value": "StartsWith" + }, + { + "description": "Evaluates if the property does not start with any of the condition values", + "value": "NotStartsWith" + }, + { + "description": "Evaluates if the property ends with any of the condition values", + "value": "EndsWith" + }, + { + "description": "Evaluates if the property does not end with any of the condition values", + "value": "NotEndsWith" + } + ] + } + }, + "propertyValues": { + "description": "The values to use for evaluating the condition", + "items": { + "description": "A value to use for evaluating the condition", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "conditionProperties" + ], + "x-ms-client-flatten": true, + "type": "object", + "x-ms-discriminator-value": "Property" + }, + "AutomationRuleTriggeringLogic": { + "description": "Describes automation rule triggering logic", + "properties": { + "isEnabled": { + "description": "Determines whether the automation rule is enabled or disabled.", + "type": "boolean" + }, + "expirationTimeUtc": { + "description": "Determines when the automation rule should automatically expire and be disabled.", + "format": "date-time", + "type": "string" + }, + "triggersOn": { + "description": "The type of object the automation rule triggers on", + "enum": [ + "Incidents" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "TriggersOn", + "values": [ + { + "description": "Trigger on Incidents", + "value": "Incidents" + } + ] + } + }, + "triggersWhen": { + "description": "The type of event the automation rule triggers on", + "enum": [ + "Created" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "TriggersWhen", + "values": [ + { + "description": "Trigger on created objects", + "value": "Created" + } + ] + } + }, + "conditions": { + "description": "The conditions to evaluate to determine if the automation rule should be triggered on a given object", + "items": { + "$ref": "#/definitions/AutomationRuleCondition" + }, + "type": "array" + } + }, + "required": [ + "isEnabled", + "triggersOn", + "triggersWhen" + ], + "type": "object" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Bookmarks.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Bookmarks.json new file mode 100644 index 00000000..dbb332f1 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Bookmarks.json @@ -0,0 +1,699 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2019-01-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks": { + "get": { + "x-ms-examples": { + "Get all bookmarks.": { + "$ref": "./examples/bookmarks/GetBookmarks.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Gets all bookmarks.", + "operationId": "Bookmarks_List", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/BookmarkList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}": { + "get": { + "x-ms-examples": { + "Get a bookmark.": { + "$ref": "./examples/bookmarks/GetBookmarkById.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Gets a bookmark.", + "operationId": "Bookmarks_Get", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a bookmark.": { + "$ref": "./examples/bookmarks/CreateBookmark.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Creates or updates the bookmark.", + "operationId": "Bookmarks_CreateOrUpdate", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "#/parameters/Bookmark" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a bookmark.": { + "$ref": "./examples/bookmarks/DeleteBookmark.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Delete the bookmark.", + "operationId": "Bookmarks_Delete", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations": { + "get": { + "x-ms-examples": { + "Get all bookmark relations.": { + "$ref": "./examples/bookmarks/relations/GetAllBookmarkRelations.json" + } + }, + "tags": [ + "BookmarkRelations" + ], + "description": "Gets all bookmark relations.", + "operationId": "BookmarkRelations_List", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataFilter" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataOrderBy" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataTop" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "SecurityInsights.json#/definitions/RelationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + }, + "x-ms-odata": "SecurityInsights.json#/definitions/Relation", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/expand": { + "post": { + "x-ms-examples": { + "Expand an bookmark": { + "$ref": "./examples/bookmarks/expand/PostExpandBookmark.json" + } + }, + "description": "Expand an bookmark", + "operationId": "Bookmark_Expand", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "#/parameters/BookmarkExpandRequestBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/BookmarkExpandResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + }, + "tags": [ + "Bookmark" + ] + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}": { + "get": { + "x-ms-examples": { + "Get a bookmark relation.": { + "$ref": "./examples/bookmarks/relations/GetBookmarkRelationByName.json" + } + }, + "tags": [ + "BookmarkRelations" + ], + "description": "Gets a bookmark relation.", + "operationId": "BookmarkRelations_GetRelation", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "SecurityInsights.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "SecurityInsights.json#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a bookmark relation.": { + "$ref": "./examples/bookmarks/relations/CreateBookmarkRelation.json" + } + }, + "tags": [ + "BookmarkRelations" + ], + "description": "Creates the bookmark relation.", + "operationId": "BookmarkRelations_CreateOrUpdateRelation", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "SecurityInsights.json#/parameters/RelationName" + }, + { + "$ref": "SecurityInsights.json#/parameters/Relation" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "SecurityInsights.json#/definitions/Relation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "SecurityInsights.json#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete the bookmark relation.": { + "$ref": "./examples/bookmarks/relations/DeleteBookmarkRelation.json" + } + }, + "tags": [ + "BookmarkRelations" + ], + "description": "Delete the bookmark relation.", + "operationId": "BookmarkRelations_DeleteRelation", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "SecurityInsights.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "Bookmark": { + "description": "The bookmark", + "in": "body", + "name": "bookmark", + "required": true, + "schema": { + "$ref": "#/definitions/Bookmark" + }, + "x-ms-parameter-location": "method" + }, + "BookmarkExpandRequestBody": { + "description": "The parameters required to execute an expand operation on the given bookmark.", + "in": "body", + "name": "parameters", + "required": true, + "schema": { + "$ref": "#/definitions/BookmarkExpandParameters" + }, + "x-ms-parameter-location": "method" + }, + "BookmarkId": { + "description": "Bookmark ID", + "in": "path", + "name": "bookmarkId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "Bookmark": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a bookmark in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/BookmarkProperties", + "description": "Bookmark properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "BookmarkExpandResponse": { + "description": "The entity expansion result operation response.", + "properties": { + "metaData": { + "$ref": "SecurityInsights.json#/definitions/ExpansionResultsMetadata", + "description": "The metadata from the expansion operation results." + }, + "value": { + "description": "The expansion result values.", + "properties": { + "entities": { + "description": "Array of the expansion result entities.", + "items": { + "$ref": "SecurityInsights.json#/definitions/Entity" + }, + "type": "array" + }, + "edges": { + "description": "Array of expansion result connected entities", + "items": { + "$ref": "SecurityInsights.json#/definitions/ConnectedEntity" + }, + "type": "array" + } + }, + "type": "object" + } + } + }, + "BookmarkExpandParameters": { + "description": "The parameters required to execute an expand operation on the given bookmark.", + "properties": { + "endTime": { + "description": "The end date filter, so the only expansion results returned are before this date.", + "format": "date-time", + "type": "string" + }, + "expansionId": { + "description": "The Id of the expansion to perform.", + "format": "uuid", + "type": "string" + }, + "startTime": { + "description": "The start date filter, so the only expansion results returned are after this date.", + "format": "date-time", + "type": "string" + } + } + }, + "BookmarkList": { + "description": "List all the bookmarks.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of cases.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of bookmarks.", + "items": { + "$ref": "#/definitions/Bookmark" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "BookmarkProperties": { + "description": "Describes bookmark properties", + "properties": { + "created": { + "description": "The time the bookmark was created", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "SecurityInsights.json#/definitions/UserInfo", + "description": "Describes a user that created the bookmark", + "type": "object" + }, + "displayName": { + "description": "The display name of the bookmark", + "type": "string" + }, + "labels": { + "description": "List of labels relevant to this bookmark", + "items": { + "$ref": "SecurityInsights.json#/definitions/Label" + }, + "type": "array" + }, + "notes": { + "description": "The notes of the bookmark", + "type": "string" + }, + "query": { + "description": "The query of the bookmark.", + "type": "string" + }, + "queryResult": { + "description": "The query result of the bookmark.", + "type": "string" + }, + "updated": { + "description": "The last time the bookmark was updated", + "format": "date-time", + "type": "string" + }, + "updatedBy": { + "$ref": "SecurityInsights.json#/definitions/UserInfo", + "description": "Describes a user that updated the bookmark", + "type": "object" + }, + "eventTime": { + "description": "The bookmark event time", + "format": "date-time", + "type": "string" + }, + "queryStartTime": { + "description": "The start time for the query", + "format": "date-time", + "type": "string" + }, + "queryEndTime": { + "description": "The end time for the query", + "format": "date-time", + "type": "string" + }, + "incidentInfo": { + "$ref": "SecurityInsights.json#/definitions/IncidentInfo", + "description": "Describes an incident that relates to bookmark", + "type": "object" + } + }, + "required": [ + "displayName", + "query" + ], + "type": "object" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Cases.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Cases.json new file mode 100644 index 00000000..d95a503d --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Cases.json @@ -0,0 +1,1187 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2019-01-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases": { + "get": { + "x-ms-examples": { + "Get all cases.": { + "$ref": "./examples/cases/GetCases.json" + } + }, + "tags": [ + "Cases" + ], + "description": "Gets all cases.", + "deprecated": true, + "operationId": "Cases_List", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataFilter" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataOrderBy" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataTop" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/CaseList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}": { + "get": { + "x-ms-examples": { + "Get a case.": { + "$ref": "./examples/cases/GetCaseById.json" + } + }, + "tags": [ + "Cases" + ], + "description": "Gets a case.", + "deprecated": true, + "operationId": "Cases_Get", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/CaseId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Case" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a case.": { + "$ref": "./examples/cases/CreateCase.json" + } + }, + "tags": [ + "Cases" + ], + "description": "Creates or updates the case.", + "deprecated": true, + "operationId": "Cases_CreateOrUpdate", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/CaseId" + }, + { + "$ref": "#/parameters/Case" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Case" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Case" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a case.": { + "$ref": "./examples/cases/DeleteCase.json" + } + }, + "tags": [ + "Cases" + ], + "description": "Delete the case.", + "deprecated": true, + "operationId": "Cases_Delete", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/CaseId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments": { + "get": { + "x-ms-examples": { + "Get all case comments.": { + "$ref": "./examples/cases/comments/GetAllCaseComments.json" + } + }, + "tags": [ + "CaseComments" + ], + "description": "Gets all case comments.", + "deprecated": true, + "operationId": "Comments_ListByCase", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/CaseId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataFilter" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataOrderBy" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataTop" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/CaseCommentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + }, + "x-ms-odata": "#/definitions/CaseComment", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments/{caseCommentId}": { + "get": { + "x-ms-examples": { + "Get a case comment.": { + "$ref": "./examples/cases/comments/GetCaseCommentById.json" + } + }, + "tags": [ + "CaseComments" + ], + "description": "Gets a case comment.", + "deprecated": true, + "operationId": "Cases_GetComment", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/CaseId" + }, + { + "$ref": "#/parameters/CaseCommentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/CaseComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a case comment.": { + "$ref": "./examples/cases/comments/CreateCaseComment.json" + } + }, + "tags": [ + "CaseComments" + ], + "description": "Creates the case comment.", + "deprecated": true, + "operationId": "CaseComments_CreateComment", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/CaseId" + }, + { + "$ref": "#/parameters/CaseCommentId" + }, + { + "$ref": "#/parameters/CaseComment" + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/CaseComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/relations": { + "get": { + "x-ms-examples": { + "Get all case relations.": { + "$ref": "./examples/cases/relations/GetAllCaseRelations.json" + } + }, + "tags": [ + "CaseRelations" + ], + "description": "Gets all case relations.", + "deprecated": true, + "operationId": "CaseRelations_List", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/CaseId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataFilter" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataOrderBy" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataTop" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/CaseRelationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + }, + "x-ms-odata": "#/definitions/CaseRelation", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/relations/{relationName}": { + "get": { + "x-ms-examples": { + "Get a case relation.": { + "$ref": "./examples/cases/relations/GetCaseRelationByName.json" + } + }, + "tags": [ + "CaseRelations" + ], + "description": "Gets a case relation.", + "deprecated": true, + "operationId": "CaseRelations_GetRelation", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/CaseId" + }, + { + "$ref": "SecurityInsights.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/CaseRelation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a case relation.": { + "$ref": "./examples/cases/relations/CreateCaseRelation.json" + } + }, + "tags": [ + "CaseRelations" + ], + "description": "Creates or updates the case relation.", + "deprecated": true, + "operationId": "CaseRelations_CreateOrUpdateRelation", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/CaseId" + }, + { + "$ref": "SecurityInsights.json#/parameters/RelationName" + }, + { + "$ref": "#/parameters/RelationInputModel" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/CaseRelation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/CaseRelation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete the case relation.": { + "$ref": "./examples/cases/relations/DeleteCaseRelation.json" + } + }, + "tags": [ + "CaseRelations" + ], + "description": "Delete the case relation.", + "deprecated": true, + "operationId": "CaseRelations_DeleteRelation", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/CaseId" + }, + { + "$ref": "SecurityInsights.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "Case": { + "description": "The case", + "in": "body", + "name": "case", + "required": true, + "schema": { + "$ref": "#/definitions/Case" + }, + "x-ms-parameter-location": "method" + }, + "CaseComment": { + "description": "The case comment", + "in": "body", + "name": "caseComment", + "required": true, + "schema": { + "$ref": "#/definitions/CaseComment" + }, + "x-ms-parameter-location": "method" + }, + "CaseCommentId": { + "description": "Case comment ID", + "in": "path", + "name": "caseCommentId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "CaseId": { + "description": "Case ID", + "in": "path", + "name": "caseId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "RelationInputModel": { + "name": "relationInputModel", + "in": "body", + "description": "The relation input model", + "required": true, + "schema": { + "$ref": "#/definitions/RelationsModelInput" + }, + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "Case": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a case in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/CaseProperties", + "description": "Case properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "CaseComment": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/Resource" + } + ], + "description": "Represents a case comment", + "properties": { + "properties": { + "$ref": "#/definitions/CaseCommentProperties", + "description": "Case comment properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "CaseCommentList": { + "description": "List of case comments.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of comments.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of comments.", + "items": { + "$ref": "#/definitions/CaseComment" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "CaseCommentProperties": { + "description": "Case comment property bag.", + "properties": { + "createdTimeUtc": { + "description": "The time the comment was created", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "message": { + "description": "The comment message", + "type": "string" + }, + "userInfo": { + "$ref": "SecurityInsights.json#/definitions/UserInfo", + "description": "Describes the user that created the comment", + "readOnly": true, + "type": "object" + } + }, + "required": [ + "message" + ], + "type": "object" + }, + "CaseList": { + "description": "List all the cases.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of cases.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of cases.", + "items": { + "$ref": "#/definitions/Case" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "CaseProperties": { + "description": "Describes case properties", + "properties": { + "caseNumber": { + "description": "a sequential number", + "readOnly": true, + "type": "integer" + }, + "closeReason": { + "description": "The reason the case was closed", + "enum": [ + "Resolved", + "Dismissed", + "TruePositive", + "FalsePositive", + "Other" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "CloseReason", + "values": [ + { + "description": "Case was resolved", + "value": "Resolved" + }, + { + "description": "Case was dismissed", + "value": "Dismissed" + }, + { + "description": "Case was true positive", + "value": "TruePositive" + }, + { + "description": "Case was false positive", + "value": "FalsePositive" + }, + { + "description": "Case was closed for another reason", + "value": "Other" + } + ] + } + }, + "closedReasonText": { + "description": "the case close reason details", + "type": "string" + }, + "createdTimeUtc": { + "description": "The time the case was created", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the case", + "type": "string" + }, + "endTimeUtc": { + "description": "The end time of the case", + "format": "date-time", + "type": "string" + }, + "labels": { + "description": "List of labels relevant to this case", + "items": { + "$ref": "SecurityInsights.json#/definitions/Label" + }, + "type": "array" + }, + "lastComment": { + "description": "the last comment in the case", + "readOnly": true, + "type": "string" + }, + "lastUpdatedTimeUtc": { + "description": "The last time the case was updated", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "metrics": { + "description": "Dictionary of metrics, for example the number of alerts in the case", + "type": "object", + "additionalProperties": { + "type": "integer", + "format": "int32" + }, + "readOnly": true + }, + "owner": { + "$ref": "SecurityInsights.json#/definitions/UserInfo", + "description": "Describes a user that the case is assigned to", + "type": "object" + }, + "relatedAlertIds": { + "description": "List of related alert identifiers", + "items": { + "description": "related alert id", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "relatedAlertProductNames": { + "description": "List of related alert product names", + "items": { + "description": "related alert product name", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "tactics": { + "description": "The tactics associated with case", + "items": { + "$ref": "SecurityInsights.json#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + }, + "severity": { + "description": "The severity of the case", + "enum": [ + "Critical", + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "CaseSeverity", + "values": [ + { + "description": "Critical severity", + "value": "Critical" + }, + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "startTimeUtc": { + "description": "The start time of the case", + "format": "date-time", + "type": "string" + }, + "status": { + "description": "The status of the case", + "enum": [ + "Draft", + "New", + "InProgress", + "Closed" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "CaseStatus", + "values": [ + { + "description": "Case that wasn't promoted yet to active", + "value": "Draft" + }, + { + "description": "An active case which isn't handled currently", + "value": "New" + }, + { + "description": "An active case which is handled", + "value": "InProgress" + }, + { + "description": "A non active case", + "value": "Closed" + } + ] + } + }, + "title": { + "description": "The title of the case", + "type": "string" + }, + "totalComments": { + "description": "the number of total comments in the case", + "readOnly": true, + "type": "integer" + } + }, + "required": [ + "title", + "severity", + "status" + ], + "type": "object" + }, + "CaseRelationList": { + "description": "List of case relations.", + "properties": { + "nextLink": { + "readOnly": true, + "description": "URL to fetch the next set of relations.", + "type": "string" + }, + "value": { + "description": "Array of relations.", + "type": "array", + "items": { + "$ref": "#/definitions/CaseRelation" + } + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "CaseRelation": { + "type": "object", + "description": "Represents a case relation", + "allOf": [ + { + "$ref": "#/definitions/RelationBase" + } + ], + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Case relation properties", + "$ref": "#/definitions/CaseRelationProperties" + } + } + }, + "CaseRelationProperties": { + "type": "object", + "description": "Case relation properties", + "properties": { + "relationName": { + "type": "string", + "description": "Name of relation" + }, + "bookmarkId": { + "type": "string", + "description": "The case related bookmark id" + }, + "caseIdentifier": { + "type": "string", + "description": "The case identifier" + }, + "bookmarkName": { + "type": "string", + "description": "The case related bookmark name" + } + }, + "required": [ + "relationName", + "caseIdentifier", + "bookmarkId" + ] + }, + "RelationsModelInput": { + "type": "object", + "description": "Relation input model", + "allOf": [ + { + "$ref": "#/definitions/RelationBase" + } + ], + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Relation input properties", + "$ref": "#/definitions/RelationsModelInputProperties" + } + } + }, + "RelationsModelInputProperties": { + "type": "object", + "description": "Relation input properties", + "properties": { + "relationName": { + "type": "string", + "description": "Name of relation" + }, + "sourceRelationNode": { + "type": "object", + "description": "Relation source node", + "$ref": "#/definitions/RelationNode" + }, + "targetRelationNode": { + "type": "object", + "description": "Relation target node", + "$ref": "#/definitions/RelationNode" + } + } + }, + "RelationBase": { + "type": "object", + "description": "Represents a relation", + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/Resource" + }, + { + "type": "object", + "properties": { + "kind": { + "type": "string", + "description": "The type of relation node", + "readOnly": true, + "enum": [ + "CasesToBookmarks" + ], + "x-ms-enum": { + "name": "RelationTypes", + "modelAsString": true, + "values": [ + { + "value": "CasesToBookmarks", + "description": "Relations between cases and bookmarks" + } + ] + } + }, + "etag": { + "type": "string", + "description": "ETag for relation" + } + } + } + ] + }, + "RelationNode": { + "type": "object", + "description": "Relation node", + "properties": { + "relationNodeId": { + "type": "string", + "description": "Relation Node Id" + }, + "relationNodeKind": { + "type": "string", + "description": "The type of relation node", + "readOnly": true, + "enum": [ + "Case", + "Bookmark" + ], + "x-ms-enum": { + "name": "RelationNodeKind", + "modelAsString": true, + "values": [ + { + "value": "Case", + "description": "Case node part of the relation" + }, + { + "value": "Bookmark", + "description": "Bookmark node part of the relation" + } + ] + } + }, + "etag": { + "type": "string", + "description": "Etag for relation node" + }, + "relationAdditionalProperties": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Additional set of properties" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/DataConnectorsCheckRequirements.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/DataConnectorsCheckRequirements.json new file mode 100644 index 00000000..1dbff9e1 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/DataConnectorsCheckRequirements.json @@ -0,0 +1,503 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2019-01-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorsCheckRequirements": { + "post": { + "x-ms-examples": { + "Check requirements for TI.": { + "$ref": "./examples/dataConnectors/CheckRequirementsThreatIntelligence.json" + }, + "Check requirements for TI Taxii.": { + "$ref": "./examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json" + }, + "Check requirements for AAD.": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json" + }, + "Check requirements for AAD - no license.": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json" + }, + "Check requirements for AAD - no authorization.": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json" + }, + "Check requirements for ASC.": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json" + }, + "Check requirements for Mcas.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json" + }, + "Check requirements for Mdatp.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMdatp.json" + }, + "Check requirements for OfficeATP.": { + "$ref": "./examples/dataConnectors/CheckRequirementsOfficeATP.json" + }, + "Check requirements for Dynamics365.": { + "$ref": "./examples/dataConnectors/CheckRequirementsDynamics365.json" + }, + "Check requirements for MicrosoftThreatProtection.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json" + }, + "Check requirements for MicrosoftThreatIntelligence.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json" + } + }, + "tags": [ + "Check Data Connector Requirements" + ], + "description": "Get requirements state for a data connector type.", + "operationId": "DataConnectorsCheckRequirements_Post", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/DataConnectorsCheckRequirementsBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/DataConnectorRequirementsState" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "DataConnectorsCheckRequirementsBody": { + "description": "The parameters for requirements check message", + "in": "body", + "name": "DataConnectorsCheckRequirements", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + }, + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "AADCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents AAD (Azure Active Directory) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/AADCheckRequirementsProperties", + "description": "AAD (Azure Active Directory) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureActiveDirectory" + }, + "AADCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/DataConnectorTenantId" + } + ], + "description": "AAD (Azure Active Directory) requirements check properties.", + "type": "object" + }, + "AATPCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents AATP (Azure Advanced Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/AATPCheckRequirementsProperties", + "description": "AATP (Azure Advanced Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureAdvancedThreatProtection" + }, + "AATPCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/DataConnectorTenantId" + } + ], + "description": "AATP (Azure Advanced Threat Protection) requirements check properties.", + "type": "object" + }, + "ASCCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents ASC (Azure Security Center) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/ASCCheckRequirementsProperties", + "description": "ASC (Azure Security Center) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureSecurityCenter" + }, + "ASCCheckRequirementsProperties": { + "description": "ASC (Azure Security Center) requirements check properties.", + "properties": { + "subscriptionId": { + "description": "The subscription id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object" + }, + "AwsCloudTrailCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Amazon Web Services CloudTrail requirements check request.", + "type": "object", + "x-ms-discriminator-value": "AmazonWebServicesCloudTrail" + }, + "DataConnectorsCheckRequirements": { + "description": "Data connector requirements properties.", + "properties": { + "kind": { + "$ref": "SecurityInsights.json#/definitions/DataConnectorKind", + "description": "Describes the kind of connector to be checked." + } + }, + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "DataConnectorAuthorizationState": { + "description": "Describes the state of user's authorization for a connector kind.", + "enum": [ + "Valid", + "Invalid" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataConnectorAuthorizationState", + "values": [ + { + "value": "Valid" + }, + { + "value": "Invalid" + } + ] + } + }, + "DataConnectorLicenseState": { + "description": "Describes the state of user's license for a connector kind.", + "enum": [ + "Valid", + "Invalid", + "Unknown" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataConnectorLicenseState", + "values": [ + { + "value": "Valid" + }, + { + "value": "Invalid" + }, + { + "value": "Unknown" + } + ] + } + }, + "DataConnectorRequirementsState": { + "description": "Data connector requirements status.", + "properties": { + "authorizationState": { + "description": "Authorization state for this connector", + "$ref": "#/definitions/DataConnectorAuthorizationState" + }, + "licenseState": { + "description": "License state for this connector", + "$ref": "#/definitions/DataConnectorLicenseState" + } + }, + "type": "object" + }, + "Dynamics365CheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents Dynamics365 requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/Dynamics365CheckRequirementsProperties", + "description": "Dynamics365 requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Dynamics365" + }, + "Dynamics365CheckRequirementsProperties": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/DataConnectorTenantId" + } + ], + "description": "Dynamics365 requirements check properties.", + "type": "object" + }, + "MCASCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents MCAS (Microsoft Cloud App Security) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MCASCheckRequirementsProperties", + "description": "MCAS (Microsoft Cloud App Security) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftCloudAppSecurity" + }, + "MCASCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/DataConnectorTenantId" + } + ], + "description": "MCAS (Microsoft Cloud App Security) requirements check properties.", + "type": "object" + }, + "MDATPCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MDATPCheckRequirementsProperties", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection" + }, + "MDATPCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/DataConnectorTenantId" + } + ], + "description": "MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.", + "type": "object" + }, + "MSTICheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents Microsoft Threat Intelligence requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MSTICheckRequirementsProperties", + "description": "Microsoft Threat Intelligence requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftThreatIntelligence" + }, + "MSTICheckRequirementsProperties": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/DataConnectorTenantId" + } + ], + "description": "Microsoft Threat Intelligence requirements check properties.", + "type": "object" + }, + "MtpCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents MTP (Microsoft Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MTPCheckRequirementsProperties", + "description": "MTP (Microsoft Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftThreatProtection" + }, + "MTPCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/DataConnectorTenantId" + } + ], + "description": "MTP (Microsoft Threat Protection) requirements check properties.", + "type": "object" + }, + "OfficeATPCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeATPCheckRequirementsProperties", + "description": "OfficeATP (Office 365 Advanced Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficeATP" + }, + "OfficeATPCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/DataConnectorTenantId" + } + ], + "description": "OfficeATP (Office 365 Advanced Threat Protection) requirements check properties.", + "type": "object" + }, + "TICheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Threat Intelligence Platforms data connector check requirements", + "properties": { + "properties": { + "$ref": "#/definitions/TICheckRequirementsProperties", + "description": "Threat Intelligence Platforms data connector check required properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "TICheckRequirementsProperties": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/DataConnectorTenantId" + } + ], + "description": "Threat Intelligence Platforms data connector required properties.", + "properties": {}, + "type": "object" + }, + "TiTaxiiCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Threat Intelligence TAXII data connector check requirements", + "properties": { + "properties": { + "$ref": "#/definitions/TiTaxiiCheckRequirementsProperties", + "description": "Threat Intelligence TAXII check required properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligenceTaxii" + }, + "TiTaxiiCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/DataConnectorTenantId" + } + ], + "description": "Threat Intelligence TAXII data connector required properties.", + "type": "object" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Enrichment.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Enrichment.json new file mode 100644 index 00000000..356658a0 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Enrichment.json @@ -0,0 +1,375 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2019-01-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/ip/geodata/": { + "get": { + "x-ms-examples": { + "Get geodata for a single IP address": { + "$ref": "./examples/enrichment/GetGeodataByIp.json" + } + }, + "tags": [ + "Enrichment" + ], + "description": "Get geodata for a single IP address", + "operationId": "IPGeodata_Get", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/EnrichmentIpAddress" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EnrichmentIpGeodata" + } + }, + "default": { + "description": "Error response describing why the operation failed to enrich this ip.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/domain/whois/": { + "get": { + "x-ms-examples": { + "Get whois information for a single domain name": { + "$ref": "./examples/enrichment/GetWhoisByDomainName.json" + } + }, + "tags": [ + "Enrichment" + ], + "description": "Get whois information for a single domain name", + "operationId": "DomainWhois_Get", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/EnrichmentDomain" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EnrichmentDomainWhois" + } + }, + "default": { + "description": "Error response describing why the operation failed to enrich this domain.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "EnrichmentIpAddress": { + "description": "IP address (v4 or v6) to be enriched", + "in": "query", + "name": "ipAddress", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "EnrichmentDomain": { + "description": "Domain name to be enriched", + "in": "query", + "name": "domain", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "EnrichmentDomainWhois": { + "description": "Whois information for a given domain and associated metadata", + "properties": { + "domain": { + "description": "The domain for this whois record", + "type": "string" + }, + "server": { + "description": "The hostname of this registrar's whois server", + "type": "string" + }, + "created": { + "description": "The timestamp at which this record was created", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The timestamp at which this record was last updated", + "format": "date-time", + "type": "string" + }, + "expires": { + "description": "The timestamp at which this record will expire", + "format": "date-time", + "type": "string" + }, + "parsedWhois": { + "description": "The whois record for a given domain", + "$ref": "#/definitions/EnrichmentDomainWhoisDetails" + } + } + }, + "EnrichmentDomainWhoisDetails": { + "description": "The whois record for a given domain", + "properties": { + "registrar": { + "description": "The registrar associated with this domain", + "$ref": "#/definitions/EnrichmentDomainWhoisRegistrarDetails" + }, + "contacts": { + "description": "The set of contacts associated with this domain", + "$ref": "#/definitions/EnrichmentDomainWhoisContacts" + }, + "nameServers": { + "description": "A list of name servers associated with this domain", + "type": "array", + "items": { + "type": "string" + } + }, + "statuses": { + "description": "The set of status flags for this whois record", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "EnrichmentDomainWhoisRegistrarDetails": { + "description": "The registrar associated with this domain", + "properties": { + "name": { + "description": "The name of this registrar", + "type": "string" + }, + "abuseContactEmail": { + "description": "This registrar's abuse contact email", + "type": "string" + }, + "abuseContactPhone": { + "description": "This registrar's abuse contact phone number", + "type": "string" + }, + "ianaId": { + "description": "This registrar's Internet Assigned Numbers Authority id", + "type": "string" + }, + "url": { + "description": "This registrar's URL", + "type": "string" + }, + "whoisServer": { + "description": "The hostname of this registrar's whois server", + "type": "string" + } + } + }, + "EnrichmentDomainWhoisContacts": { + "description": "The set of contacts associated with this domain", + "properties": { + "admin": { + "description": "The admin contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + }, + "billing": { + "description": "The billing contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + }, + "registrant": { + "description": "The registrant contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + }, + "tech": { + "description": "The technical contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + } + } + }, + "EnrichmentDomainWhoisContact": { + "description": "An individual contact associated with this domain", + "properties": { + "name": { + "description": "The name of this contact", + "type": "string" + }, + "org": { + "description": "The organization for this contact", + "type": "string" + }, + "street": { + "description": "A list describing the street address for this contact", + "type": "array", + "items": { + "type": "string" + } + }, + "city": { + "description": "The city for this contact", + "type": "string" + }, + "state": { + "description": "The state for this contact", + "type": "string" + }, + "postal": { + "description": "The postal code for this contact", + "type": "string" + }, + "country": { + "description": "The country for this contact", + "type": "string" + }, + "phone": { + "description": "The phone number for this contact", + "type": "string" + }, + "fax": { + "description": "The fax number for this contact", + "type": "string" + }, + "email": { + "description": "The email address for this contact", + "type": "string" + } + } + }, + "EnrichmentIpGeodata": { + "description": "Geodata information for a given IP address", + "properties": { + "asn": { + "description": "The autonomous system number associated with this IP address", + "type": "string" + }, + "carrier": { + "description": "The name of the carrier for this IP address", + "type": "string" + }, + "city": { + "description": "The city this IP address is located in", + "type": "string" + }, + "cityCf": { + "description": "A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100", + "type": "integer", + "format": "int32" + }, + "continent": { + "description": "The continent this IP address is located on", + "type": "string" + }, + "country": { + "description": "The county this IP address is located in", + "type": "string" + }, + "countryCf": { + "description": "A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100", + "type": "integer", + "format": "int32" + }, + "ipAddr": { + "description": "The dotted-decimal or colon-separated string representation of the IP address", + "type": "string" + }, + "ipRoutingType": { + "description": "A description of the connection type of this IP address", + "type": "string" + }, + "latitude": { + "description": "The latitude of this IP address", + "type": "string" + }, + "longitude": { + "description": "The longitude of this IP address", + "type": "string" + }, + "organization": { + "description": "The name of the organization for this IP address", + "type": "string" + }, + "organizationType": { + "description": "The type of the organization for this IP address", + "type": "string" + }, + "region": { + "description": "The geographic region this IP address is located in", + "type": "string" + }, + "state": { + "description": "The state this IP address is located in", + "type": "string" + }, + "stateCf": { + "description": "A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100", + "type": "integer", + "format": "int32" + }, + "stateCode": { + "description": "The abbreviated name for the state this IP address is located in", + "type": "string" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Entities.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Entities.json new file mode 100644 index 00000000..32a16a5d --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/Entities.json @@ -0,0 +1,1381 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2019-01-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities": { + "get": { + "x-ms-examples": { + "Get all entities.": { + "$ref": "./examples/entities/GetEntities.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Gets all entities.", + "operationId": "Entities_List", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}": { + "get": { + "x-ms-examples": { + "Get an account entity.": { + "$ref": "./examples/entities/GetAccountEntityById.json" + }, + "Get a host entity.": { + "$ref": "./examples/entities/GetHostEntityById.json" + }, + "Get a file entity.": { + "$ref": "./examples/entities/GetFileEntityById.json" + }, + "Get a security alert entity.": { + "$ref": "./examples/entities/GetSecurityAlertEntityById.json" + }, + "Get a file hash entity.": { + "$ref": "./examples/entities/GetFileHashEntityById.json" + }, + "Get a malware entity.": { + "$ref": "./examples/entities/GetMalwareEntityById.json" + }, + "Get a security group entity.": { + "$ref": "./examples/entities/GetSecurityGroupEntityById.json" + }, + "Get an azure resource entity.": { + "$ref": "./examples/entities/GetAzureResourceEntityById.json" + }, + "Get a cloud application entity.": { + "$ref": "./examples/entities/GetCloudApplicationEntityById.json" + }, + "Get a process entity.": { + "$ref": "./examples/entities/GetProcessEntityById.json" + }, + "Get a dns entity.": { + "$ref": "./examples/entities/GetDnsEntityById.json" + }, + "Get an ip entity.": { + "$ref": "./examples/entities/GetIpEntityById.json" + }, + "Get a registry key entity.": { + "$ref": "./examples/entities/GetRegistryKeyEntityById.json" + }, + "Get a registry value entity.": { + "$ref": "./examples/entities/GetRegistryValueEntityById.json" + }, + "Get a url entity.": { + "$ref": "./examples/entities/GetUrlEntityById.json" + }, + "Get an IoT device entity.": { + "$ref": "./examples/entities/GetIoTDeviceEntityById.json" + }, + "Get a mailCluster entity.": { + "$ref": "./examples/entities/GetMailClusterEntityById.json" + }, + "Get a mailbox entity.": { + "$ref": "./examples/entities/GetMailboxEntityById.json" + }, + "Get a mailMessage entity.": { + "$ref": "./examples/entities/GetMailMessageEntityById.json" + }, + "Get a submissionMail entity.": { + "$ref": "./examples/entities/GetSubmissionMailEntityById.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Gets an entity.", + "operationId": "Entities_Get", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "SecurityInsights.json#/definitions/Entity" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand": { + "post": { + "x-ms-examples": { + "Expand an entity": { + "$ref": "./examples/entities/expand/PostExpandEntity.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Expands an entity.", + "operationId": "Entities_Expand", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "#/parameters/EntityExpandRequestBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityExpandResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getTimeline": { + "post": { + "x-ms-examples": { + "Entity timeline": { + "$ref": "./examples/entities/timeline/PostTimelineEntity.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Timeline for an entity.", + "operationId": "EntitiesGetTimeline_list", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "#/parameters/EntityTimelineRequestBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityTimelineResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/queries": { + "get": { + "x-ms-examples": { + "Get Entity Query": { + "$ref": "./examples/entities/GetQueries.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Get Insights and Activities for an entity.", + "operationId": "Entities_Queries", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "#/parameters/EntityQueryKindParam" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/GetQueriesResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getInsights": { + "post": { + "x-ms-examples": { + "Entity Insight": { + "$ref": "./examples/entities/insights/PostGetInsights.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Execute Insights for an entity.", + "operationId": "Entities_GetInsights", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "#/parameters/GetInsightsEntityQueriesRequestBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityGetInsightsResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations": { + "get": { + "x-ms-examples": { + "Get all relations of an entity.": { + "$ref": "./examples/entities/relations/GetAllEntityRelations.json" + } + }, + "tags": [ + "EntityRelations" + ], + "description": "Gets all relations of an entity.", + "operationId": "EntitiesRelations_List", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataFilter" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataOrderBy" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataTop" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "SecurityInsights.json#/definitions/RelationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + }, + "x-ms-odata": "SecurityInsights.json#/definitions/Relation", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations/{relationName}": { + "get": { + "x-ms-examples": { + "Get an entity relation.": { + "$ref": "./examples/entities/relations/GetEntityRelationByName.json" + } + }, + "tags": [ + "EntityRelations" + ], + "description": "Gets an entity relation.", + "operationId": "EntityRelations_GetRelation", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "SecurityInsights.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "SecurityInsights.json#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "EntityExpandRequestBody": { + "description": "The parameters required to execute an expand operation on the given entity.", + "in": "body", + "name": "parameters", + "required": true, + "schema": { + "$ref": "#/definitions/EntityExpandParameters" + }, + "x-ms-parameter-location": "method" + }, + "EntityId": { + "description": "entity ID", + "in": "path", + "name": "entityId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "EntityTimelineRequestBody": { + "description": "The parameters required to execute an timeline operation on the given entity.", + "in": "body", + "name": "parameters", + "required": true, + "schema": { + "$ref": "#/definitions/EntityTimelineParameters" + }, + "x-ms-parameter-location": "method" + }, + "EntityQueryKindParam": { + "description": "The Kind parameter for queries", + "in": "query", + "name": "kind", + "required": true, + "type": "string", + "enum": [ + "Insight" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "EntityItemQueryKind", + "values": [ + { + "description": "insight", + "value": "Insight" + } + ] + }, + "x-ms-parameter-location": "method" + }, + "GetInsightsEntityQueriesRequestBody": { + "description": "The parameters required to execute insights on the given entity.", + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/EntityGetInsightsParameters" + }, + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "ActivityTimelineItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "description": "Represents Activity timeline item.", + "properties": { + "queryId": { + "type": "string", + "description": "The activity query id." + }, + "bucketStartTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The grouping bucket start time." + }, + "bucketEndTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The grouping bucket end time." + }, + "firstActivityTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The time of the first activity in the grouping bucket." + }, + "lastActivityTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The time of the last activity in the grouping bucket." + }, + "content": { + "type": "string", + "description": "The activity timeline content." + }, + "title": { + "type": "string", + "description": "The activity timeline title." + } + }, + "required": [ + "queryId", + "bucketStartTimeUTC", + "bucketEndTimeUTC", + "firstActivityTimeUTC", + "lastActivityTimeUTC", + "content", + "title" + ], + "type": "object", + "x-ms-discriminator-value": "Activity" + }, + "BookmarkTimelineItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "description": "Represents bookmark timeline item.", + "properties": { + "azureResourceId": { + "type": "string", + "description": "The bookmark azure resource id." + }, + "displayName": { + "type": "string", + "description": "The bookmark display name." + }, + "notes": { + "type": "string", + "description": "The notes of the bookmark" + }, + "endTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The bookmark end time." + }, + "startTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The bookmark start time." + }, + "eventTime": { + "format": "date-time", + "type": "string", + "description": "The bookmark event time." + }, + "createdBy": { + "$ref": "SecurityInsights.json#/definitions/UserInfo", + "description": "Describes a user that created the bookmark", + "type": "object" + }, + "labels": { + "description": "List of labels relevant to this bookmark", + "items": { + "$ref": "SecurityInsights.json#/definitions/Label" + }, + "type": "array" + } + }, + "required": [ + "azureResourceId" + ], + "type": "object", + "x-ms-discriminator-value": "Bookmark" + }, + "EntityGetInsightsParameters": { + "description": "The parameters required to execute insights operation on the given entity.", + "type": "object", + "properties": { + "startTime": { + "description": "The start timeline date, so the results returned are after this date.", + "format": "date-time", + "type": "string" + }, + "endTime": { + "description": "The end timeline date, so the results returned are before this date.", + "format": "date-time", + "type": "string" + }, + "addDefaultExtendedTimeRange": { + "description": "Indicates if query time range should be extended with default time range of the query. Default value is false", + "type": "boolean" + }, + "insightQueryIds": { + "description": "List of Insights Query Id. If empty, default value is all insights of this entity", + "type": "array", + "items": { + "description": "Insight Query Id (GUID)", + "format": "uuid", + "type": "string" + } + } + }, + "required": [ + "startTime", + "endTime" + ] + }, + "EntityGetInsightsResponse": { + "description": "The Get Insights result operation response.", + "properties": { + "metaData": { + "$ref": "#/definitions/GetInsightsResultsMetadata", + "description": "The metadata from the get insights operation results." + }, + "value": { + "description": "The insights result values.", + "items": { + "$ref": "#/definitions/EntityInsightItem" + }, + "type": "array" + } + } + }, + "EntityEdges": { + "description": "The edge that connects the entity to the other entity.", + "properties": { + "targetEntityId": { + "description": "The target entity Id.", + "type": "string" + }, + "additionalData": { + "additionalProperties": { + "type": "object" + }, + "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", + "type": "object" + } + }, + "type": "object" + }, + "EntityExpandParameters": { + "description": "The parameters required to execute an expand operation on the given entity.", + "properties": { + "endTime": { + "description": "The end date filter, so the only expansion results returned are before this date.", + "format": "date-time", + "type": "string" + }, + "expansionId": { + "description": "The Id of the expansion to perform.", + "format": "uuid", + "type": "string" + }, + "startTime": { + "description": "The start date filter, so the only expansion results returned are after this date.", + "format": "date-time", + "type": "string" + } + } + }, + "EntityExpandResponse": { + "description": "The entity expansion result operation response.", + "properties": { + "metaData": { + "$ref": "SecurityInsights.json#/definitions/ExpansionResultsMetadata", + "description": "The metadata from the expansion operation results." + }, + "value": { + "description": "The expansion result values.", + "properties": { + "entities": { + "description": "Array of the expansion result entities.", + "items": { + "$ref": "SecurityInsights.json#/definitions/Entity" + }, + "type": "array" + }, + "edges": { + "description": "Array of edges that connects the entity to the list of entities.", + "items": { + "$ref": "#/definitions/EntityEdges" + }, + "type": "array" + } + }, + "type": "object" + } + } + }, + "EntityInsightItem": { + "description": "Entity insight Item.", + "type": "object", + "properties": { + "queryId": { + "type": "string", + "description": "The query id of the insight" + }, + "queryTimeInterval": { + "type": "object", + "description": "The Time interval that the query actually executed on.", + "properties": { + "startTime": { + "format": "date-time", + "type": "string", + "description": "Insight query start time" + }, + "endTime": { + "format": "date-time", + "type": "string", + "description": "Insight query end time" + } + } + }, + "tableQueryResults": { + "$ref": "#/definitions/InsightsTableResult", + "description": "Query results for table insights query." + }, + "chartQueryResults": { + "type": "array", + "description": "Query results for table insights query.", + "items": { + "$ref": "#/definitions/InsightsTableResult", + "description": "Query results for table insights query." + } + } + } + }, + "EntityList": { + "description": "List of all the entities.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of entities.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of entities.", + "items": { + "$ref": "SecurityInsights.json#/definitions/Entity" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "EntityTimelineItem": { + "description": "Entity timeline Item.", + "discriminator": "kind", + "type": "object", + "properties": { + "kind": { + "$ref": "#/definitions/EntityTimelineKind", + "description": "The entity query kind type." + } + }, + "required": [ + "kind" + ] + }, + "EntityTimelineResponse": { + "description": "The entity timeline result operation response.", + "properties": { + "metaData": { + "$ref": "#/definitions/TimelineResultsMetadata", + "description": "The metadata from the timeline operation results." + }, + "value": { + "description": "The timeline result values.", + "items": { + "$ref": "#/definitions/EntityTimelineItem" + }, + "type": "array" + } + } + }, + "EntityTimelineKind": { + "description": "The entity query kind", + "enum": [ + "Activity", + "Bookmark", + "SecurityAlert" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityTimelineKind", + "values": [ + { + "description": "activity", + "value": "Activity" + }, + { + "description": "bookmarks", + "value": "Bookmark" + }, + { + "description": "security alerts", + "value": "SecurityAlert" + } + ] + } + }, + "EntityTimelineParameters": { + "description": "The parameters required to execute s timeline operation on the given entity.", + "properties": { + "kinds": { + "description": "Array of timeline Item kinds.", + "items": { + "$ref": "#/definitions/EntityTimelineKind" + }, + "type": "array" + }, + "startTime": { + "description": "The start timeline date, so the results returned are after this date.", + "format": "date-time", + "type": "string" + }, + "endTime": { + "description": "The end timeline date, so the results returned are before this date.", + "format": "date-time", + "type": "string" + }, + "numberOfBucket": { + "description": "The number of bucket for timeline queries aggregation.", + "type": "integer", + "format": "int32" + } + }, + "required": [ + "startTime", + "endTime" + ] + }, + "EntityQueryItem": { + "description": "An abstract Query item for entity", + "type": "object", + "discriminator": "kind", + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/EntityQueryKind" + } + ], + "properties": { + "id": { + "description": "Query Template ARM ID", + "type": "string", + "readOnly": true + }, + "name": { + "description": "Query Template ARM Name", + "type": "string" + }, + "type": { + "description": "ARM Type", + "type": "string" + } + }, + "required": [ + "kind" + ] + }, + "EntityQueryItemProperties": { + "description": "An properties abstract Query item for entity", + "type": "object", + "properties": { + "dataTypes": { + "description": "Data types for template", + "type": "array", + "items": { + "properties": { + "dataType": { + "description": "Data type name", + "type": "string" + } + } + } + }, + "inputEntityType": { + "description": "The type of the entity", + "$ref": "SecurityInsights.json#/definitions/EntityInnerType" + }, + "requiredInputFieldsSets": { + "description": "Data types for template", + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "entitiesFilter": { + "description": "The query applied only to entities matching to all filters", + "type": "object" + } + } + }, + "InsightsTableResult": { + "type": "object", + "description": "Query results for table insights query.", + "properties": { + "columns": { + "type": "array", + "description": "Columns Metadata of the table", + "items": { + "properties": { + "type": { + "type": "string", + "description": "the type of the colum" + }, + "name": { + "type": "string", + "description": "the name of the colum" + } + } + } + }, + "rows": { + "type": "array", + "description": "Rows data of the table", + "items": { + "type": "array", + "description": "Single row of data", + "items": { + "type": "string", + "description": "Cell in the table" + } + } + } + } + }, + "InsightQueryItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityQueryItem" + } + ], + "description": "Represents Insight Query.", + "properties": { + "properties": { + "description": "Properties bag for InsightQueryItem", + "$ref": "#/definitions/InsightQueryItemProperties" + } + }, + "type": "object", + "x-ms-discriminator-value": "Insight" + }, + "InsightQueryItemProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityQueryItemProperties" + } + ], + "description": "Represents Insight Query.", + "properties": { + "displayName": { + "type": "string", + "description": "The insight display name." + }, + "description": { + "type": "string", + "description": "The insight description." + }, + "baseQuery": { + "type": "string", + "description": "The base query of the insight." + }, + "tableQuery": { + "type": "object", + "description": "The insight table query.", + "properties": { + "columnsDefinitions": { + "type": "array", + "description": "List of insight column definitions.", + "items": { + "properties": { + "header": { + "type": "string", + "description": "Insight column header." + }, + "outputType": { + "type": "string", + "description": "Insights Column type.", + "enum": [ + "Number", + "String", + "Date", + "Entity" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "outputType" + } + }, + "supportDeepLink": { + "type": "boolean", + "description": "Is query supports deep-link." + } + } + } + }, + "queriesDefinitions": { + "type": "array", + "description": "List of insight queries definitions.", + "items": { + "properties": { + "filter": { + "type": "string", + "description": "Insight column header." + }, + "summarize": { + "type": "string", + "description": "Insight column header." + }, + "project": { + "type": "string", + "description": "Insight column header." + }, + "linkColumnsDefinitions": { + "type": "array", + "description": "Insight column header.", + "items": { + "properties": { + "projectedName": { + "type": "string", + "description": "Insight Link Definition Projected Name." + }, + "Query": { + "type": "string", + "description": "Insight Link Definition Query." + } + } + } + } + } + } + } + } + }, + "chartQuery": { + "type": "object", + "description": "The insight chart query." + }, + "additionalQuery": { + "type": "object", + "description": "The activity query definitions.", + "properties": { + "query": { + "type": "string", + "description": "The insight query." + }, + "text": { + "type": "string", + "description": "The insight text." + } + } + }, + "defaultTimeRange": { + "type": "object", + "description": "The insight chart query.", + "properties": { + "beforeRange": { + "type": "string", + "description": "The padding for the start time of the query." + }, + "afterRange": { + "type": "string", + "description": "The padding for the end time of the query." + } + } + }, + "referenceTimeRange": { + "type": "object", + "description": "The insight chart query.", + "properties": { + "beforeRange": { + "type": "string", + "description": "Additional query time for looking back." + } + } + } + }, + "type": "object", + "x-ms-discriminator-value": "Insight" + }, + "GetInsightsResultsMetadata": { + "description": "Get Insights result metadata.", + "properties": { + "totalCount": { + "description": "the total items found for the insights request", + "type": "integer", + "format": "int32" + }, + "errors": { + "description": "information about the failed queries", + "items": { + "$ref": "#/definitions/GetInsightsError" + }, + "type": "array" + } + }, + "required": [ + "totalCount" + ], + "type": "object" + }, + "GetInsightsError": { + "description": "GetInsights Query Errors.", + "properties": { + "kind": { + "description": "the query kind", + "type": "string", + "enum": [ + "Insight" + ] + }, + "queryId": { + "description": "the query id", + "type": "string" + }, + "errorMessage": { + "description": "the error message", + "type": "string" + } + }, + "required": [ + "kind", + "errorMessage" + ], + "type": "object" + }, + "GetQueriesResponse": { + "description": "Retrieve queries for entity result operation response.", + "properties": { + "value": { + "description": "The query result values.", + "items": { + "$ref": "#/definitions/EntityQueryItem" + }, + "type": "array" + } + } + }, + "SecurityAlertTimelineItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "description": "Represents security alert timeline item.", + "properties": { + "azureResourceId": { + "type": "string", + "description": "The alert azure resource id." + }, + "productName": { + "type": "string", + "description": "The alert product name." + }, + "description": { + "type": "string", + "description": "The alert description." + }, + "displayName": { + "type": "string", + "description": "The alert name." + }, + "severity": { + "$ref": "SecurityInsights.json#/definitions/AlertSeverity", + "description": "The alert severity." + }, + "endTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The alert end time." + }, + "startTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The alert start time." + }, + "timeGenerated": { + "format": "date-time", + "type": "string", + "description": "The alert generated time." + }, + "alertType": { + "type": "string", + "description": "The name of the alert type." + } + }, + "required": [ + "azureResourceId", + "displayName", + "severity", + "endTimeUtc", + "startTimeUtc", + "timeGenerated", + "alertType" + ], + "type": "object", + "x-ms-discriminator-value": "SecurityAlert" + }, + "TimelineError": { + "description": "Timeline Query Errors.", + "properties": { + "kind": { + "description": "the query kind", + "$ref": "#/definitions/EntityTimelineKind" + }, + "queryId": { + "description": "the query id", + "type": "string" + }, + "errorMessage": { + "description": "the error message", + "type": "string" + } + }, + "required": [ + "kind", + "errorMessage" + ], + "type": "object" + }, + "TimelineResultsMetadata": { + "description": "Expansion result metadata.", + "properties": { + "totalCount": { + "description": "the total items found for the timeline request", + "type": "integer", + "format": "int32" + }, + "aggregations": { + "description": "timeline aggregation per kind", + "items": { + "$ref": "#/definitions/TimelineAggregation" + }, + "type": "array" + }, + "errors": { + "description": "information about the failure queries", + "items": { + "$ref": "#/definitions/TimelineError" + }, + "type": "array" + } + }, + "required": [ + "totalCount", + "aggregations" + ], + "type": "object" + }, + "TimelineAggregation": { + "description": "timeline aggregation information per kind", + "properties": { + "count": { + "description": "the total items found for a kind", + "type": "integer", + "format": "int32" + }, + "kind": { + "description": "the query kind", + "$ref": "#/definitions/EntityTimelineKind" + } + }, + "required": [ + "kind", + "count" + ], + "type": "object" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/OfficeConsents.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/OfficeConsents.json new file mode 100644 index 00000000..7de81533 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/OfficeConsents.json @@ -0,0 +1,243 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2019-01-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents": { + "get": { + "x-ms-examples": { + "Get all office consents.": { + "$ref": "./examples/officeConsents/GetOfficeConsents.json" + } + }, + "tags": [ + "Office Consents" + ], + "description": "Gets all office365 consents.", + "operationId": "OfficeConsents_List", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/OfficeConsentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}": { + "get": { + "x-ms-examples": { + "Get an office consent.": { + "$ref": "./examples/officeConsents/GetOfficeConsentsById.json" + } + }, + "tags": [ + "Office Consents" + ], + "description": "Gets an office365 consent.", + "operationId": "OfficeConsents_Get", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ConsentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/OfficeConsent" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an office consent.": { + "$ref": "./examples/officeConsents/DeleteOfficeConsents.json" + } + }, + "tags": [ + "Office Consents" + ], + "description": "Delete the office365 consent.", + "operationId": "OfficeConsents_Delete", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ConsentId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "ConsentId": { + "description": "consent ID", + "in": "path", + "name": "consentId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "OfficeConsent": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/Resource" + } + ], + "description": "Consent for Office365 tenant that already made.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeConsentProperties", + "description": "Office consent properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "OfficeConsentList": { + "description": "List of all the office365 consents.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of office consents.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of the consents.", + "items": { + "$ref": "#/definitions/OfficeConsent" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "OfficeConsentProperties": { + "description": "Consent property bag.", + "properties": { + "tenantId": { + "description": "The tenantId of the Office365 with the consent.", + "type": "string" + }, + "consentId": { + "description": "Help to easily cascade among the data layers.", + "type": "string" + } + }, + "type": "object" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json new file mode 100644 index 00000000..0577a3b9 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -0,0 +1,8446 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2019-01-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/providers/Microsoft.SecurityInsights/operations": { + "get": { + "operationId": "Operations_List", + "description": "Lists all operations available Azure Security Insights Resource Provider.", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + } + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "OK. Successfully retrieved operations list.", + "schema": { + "$ref": "#/definitions/OperationsList" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules": { + "get": { + "x-ms-examples": { + "Get all alert rules.": { + "$ref": "./examples/alertRules/GetAllAlertRules.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Gets all alert rules.", + "operationId": "AlertRules_List", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRulesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}": { + "get": { + "x-ms-examples": { + "Get a Scheduled alert rule.": { + "$ref": "./examples/alertRules/GetScheduledAlertRule.json" + }, + "Get a Fusion alert rule.": { + "$ref": "./examples/alertRules/GetFusionAlertRule.json" + }, + "Get a MicrosoftSecurityIncidentCreation rule.": { + "$ref": "./examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Gets the alert rule.", + "operationId": "AlertRules_Get", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a Scheduled alert rule.": { + "$ref": "./examples/alertRules/CreateScheduledAlertRule.json" + }, + "Creates or updates a Fusion alert rule.": { + "$ref": "./examples/alertRules/CreateFusionAlertRule.json" + }, + "Creates or updates a MicrosoftSecurityIncidentCreation rule.": { + "$ref": "./examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Creates or updates the alert rule.", + "operationId": "AlertRules_CreateOrUpdate", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/AlertRule" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an alert rule.": { + "$ref": "./examples/alertRules/DeleteAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Delete the alert rule.", + "operationId": "AlertRules_Delete", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions": { + "get": { + "x-ms-examples": { + "Get all actions of alert rule.": { + "$ref": "./examples/actions/GetAllActionsByAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Gets all actions of alert rule.", + "operationId": "Actions_ListByAlertRule", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ActionsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}": { + "get": { + "x-ms-examples": { + "Get an action of alert rule.": { + "$ref": "./examples/actions/GetActionOfAlertRuleById.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Gets the action of alert rule.", + "operationId": "Actions_Get", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an action of alert rule.": { + "$ref": "./examples/actions/CreateActionOfAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Creates or updates the action of alert rule.", + "operationId": "Actions_CreateOrUpdate", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + }, + { + "$ref": "#/parameters/Action" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an action of alert rule.": { + "$ref": "./examples/actions/DeleteActionOfAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Delete the action of alert rule.", + "operationId": "Actions_Delete", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates": { + "get": { + "x-ms-examples": { + "Get all alert rule templates.": { + "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplates.json" + } + }, + "tags": [ + "Alert Rule Templates" + ], + "description": "Gets all alert rule templates.", + "operationId": "AlertRuleTemplates_List", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRuleTemplatesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}": { + "get": { + "x-ms-examples": { + "Get alert rule template by Id.": { + "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplateById.json" + } + }, + "tags": [ + "Alert Rule Templates" + ], + "description": "Gets the alert rule template.", + "operationId": "AlertRuleTemplates_Get", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AlertRuleTemplateId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRuleTemplate" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors": { + "get": { + "x-ms-examples": { + "Get all data connectors.": { + "$ref": "./examples/dataConnectors/GetDataConnectors.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Gets all data connectors.", + "operationId": "DataConnectors_List", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/DataConnectorList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}": { + "get": { + "x-ms-examples": { + "Get an Office365 data connector.": { + "$ref": "./examples/dataConnectors/GetOfficeDataConnetorById.json" + }, + "Get a TI data connector.": { + "$ref": "./examples/dataConnectors/GetThreatIntelligenceById.json" + }, + "Get a TI Taxii data connector.": { + "$ref": "./examples/dataConnectors/GetThreatIntelligenceTaxiiById.json" + }, + "Get a MCAS data connector.": { + "$ref": "./examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json" + }, + "Get a ASC data connector.": { + "$ref": "./examples/dataConnectors/GetAzureSecurityCenterById.json" + }, + "Get an AAD data connector.": { + "$ref": "./examples/dataConnectors/GetAzureActiveDirectoryById.json" + }, + "Get an AwsCloudTrail data connector.": { + "$ref": "./examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json" + }, + "Get an AATP data connector.": { + "$ref": "./examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json" + }, + "Get a MDATP data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json" + }, + "Get a Office ATP data connector": { + "$ref": "./examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json" + }, + "Get a Dynamics365 data connector": { + "$ref": "./examples/dataConnectors/GetDynamics365DataConnectorById.json" + }, + "Get a MicrosoftThreatProtection data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftThreatProtectionById.json" + }, + "Get a MicrosoftThreatIntelligence data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Gets a data connector.", + "operationId": "DataConnectors_Get", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an Office365 data connector.": { + "$ref": "./examples/dataConnectors/CreateOfficeDataConnetor.json" + }, + "Creates or updates a Threat Intelligence Taxii data connector.": { + "$ref": "./examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json" + }, + "Creates or updates an Threat Intelligence Platform data connector.": { + "$ref": "./examples/dataConnectors/CreateThreatIntelligenceDataConnector.json" + }, + "Creates or updates a Dynamics365 data connector.": { + "$ref": "./examples/dataConnectors/CreateDynamics365DataConnetor.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Creates or updates the data connector.", + "operationId": "DataConnectors_CreateOrUpdate", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + }, + { + "$ref": "#/parameters/DataConnector" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an Office365 data connector.": { + "$ref": "./examples/dataConnectors/DeleteOfficeDataConnetor.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Delete the data connector.", + "operationId": "DataConnectors_Delete", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings": { + "get": { + "x-ms-examples": { + "Get EyesOn settings.": { + "$ref": "./examples/settings/GetAllSettings.json" + } + }, + "tags": [ + "Settings" + ], + "description": "List of all the settings", + "operationId": "ProductSettings_GetAll", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SettingList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}": { + "get": { + "x-ms-examples": { + "Get EyesOn settings.": { + "$ref": "./examples/settings/GetEyesOnSetting.json" + } + }, + "tags": [ + "Settings" + ], + "description": "Gets a setting.", + "operationId": "ProductSettings_Get", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Settings" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete EyesOn settings.": { + "$ref": "./examples/settings/DeleteEyesOnSetting.json" + } + }, + "tags": [ + "Settings" + ], + "description": "Delete setting of the product.", + "operationId": "ProductSettings_Delete", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Update EyesOn settings.": { + "$ref": "./examples/settings/UpdateEyesOnSetting.json" + } + }, + "tags": [ + "Settings" + ], + "description": "Updates setting.", + "operationId": "ProductSettings_Update", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsName" + }, + { + "$ref": "#/parameters/Settings" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Settings" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries": { + "get": { + "x-ms-examples": { + "Get all entity queries.": { + "$ref": "./examples/entityQueries/GetEntityQueries.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Gets all entity queries.", + "operationId": "EntityQueries_List", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQueryList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}": { + "get": { + "x-ms-examples": { + "Get an entity query.": { + "$ref": "./examples/entityQueries/GetExpansionEntityQueryById.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Gets an entity query.", + "operationId": "EntityQueries_Get", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityQueryId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQuery" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents": { + "get": { + "x-ms-examples": { + "Get all incidents.": { + "$ref": "./examples/incidents/GetIncidents.json" + } + }, + "tags": [ + "Incidents" + ], + "description": "Gets all incidents.", + "operationId": "Incidents_List", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ODataFilter" + }, + { + "$ref": "#/parameters/ODataOrderBy" + }, + { + "$ref": "#/parameters/ODataTop" + }, + { + "$ref": "#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}": { + "get": { + "x-ms-examples": { + "Get an incident.": { + "$ref": "./examples/incidents/GetIncidentById.json" + } + }, + "tags": [ + "Incidents" + ], + "description": "Gets an incident.", + "operationId": "Incidents_Get", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an incident.": { + "$ref": "./examples/incidents/CreateIncident.json" + } + }, + "tags": [ + "Incidents" + ], + "description": "Creates or updates the incident.", + "operationId": "Incidents_CreateOrUpdate", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/Incident" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an incident.": { + "$ref": "./examples/incidents/DeleteIncident.json" + } + }, + "tags": [ + "Incidents" + ], + "description": "Delete the incident.", + "operationId": "Incidents_Delete", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts": { + "post": { + "x-ms-examples": { + "Get all incident alerts.": { + "$ref": "./examples/incidents/GetAllIncidentAlerts.json" + } + }, + "tags": [ + "IncidentAlerts" + ], + "description": "Gets all incident alerts.", + "operationId": "Incidents_ListOfAlerts", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentAlertList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks": { + "post": { + "x-ms-examples": { + "Get all incident bookmarks.": { + "$ref": "./examples/incidents/GetAllIncidentBookmarks.json" + } + }, + "tags": [ + "IncidentBookmarks" + ], + "description": "Gets all incident bookmarks.", + "operationId": "Incidents_ListOfBookmarks", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentBookmarkList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments": { + "get": { + "x-ms-examples": { + "Get all incident comments.": { + "$ref": "./examples/incidents/comments/GetAllIncidentComments.json" + } + }, + "tags": [ + "IncidentComments" + ], + "description": "Gets all incident comments.", + "operationId": "IncidentComments_ListByIncident", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/ODataFilter" + }, + { + "$ref": "#/parameters/ODataOrderBy" + }, + { + "$ref": "#/parameters/ODataTop" + }, + { + "$ref": "#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentCommentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-odata": "#/definitions/IncidentComment", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}": { + "get": { + "x-ms-examples": { + "Get an incident comment.": { + "$ref": "./examples/incidents/comments/GetIncidentCommentById.json" + } + }, + "tags": [ + "IncidentComments" + ], + "description": "Gets an incident comment.", + "operationId": "IncidentComments_GetComment", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an incident comment.": { + "$ref": "./examples/incidents/comments/CreateIncidentComment.json" + } + }, + "tags": [ + "IncidentComments" + ], + "description": "Creates or updates the incident comment.", + "operationId": "IncidentComments_CreateComment", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + }, + { + "$ref": "#/parameters/IncidentComment" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete the incident comment.": { + "$ref": "./examples/incidents/comments/DeleteIncidentComment.json" + } + }, + "tags": [ + "IncidentComments" + ], + "description": "Delete the incident comment.", + "operationId": "IncidentComments_DeleteComment", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities": { + "post": { + "x-ms-examples": { + "Gets all incident related entities": { + "$ref": "./examples/incidents/entities/GetAllIncidentEntities.json" + } + }, + "tags": [ + "IncidentEntities" + ], + "description": "Gets all incident related entities.", + "operationId": "Incidents_ListOfEntities", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentEntitiesResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations": { + "get": { + "x-ms-examples": { + "Get all incident relations.": { + "$ref": "./examples/incidents/relations/GetAllIncidentRelations.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Gets all incident relations.", + "operationId": "IncidentRelations_List", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/ODataFilter" + }, + { + "$ref": "#/parameters/ODataOrderBy" + }, + { + "$ref": "#/parameters/ODataTop" + }, + { + "$ref": "#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/RelationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-odata": "#/definitions/Relation", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}": { + "get": { + "x-ms-examples": { + "Get an incident relation.": { + "$ref": "./examples/incidents/relations/GetIncidentRelationByName.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Gets an incident relation.", + "operationId": "IncidentRelations_GetRelation", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an incident relation.": { + "$ref": "./examples/incidents/relations/CreateIncidentRelation.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Creates or updates the incident relation.", + "operationId": "IncidentRelations_CreateOrUpdateRelation", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/RelationName" + }, + { + "$ref": "#/parameters/Relation" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Relation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete the incident relation.": { + "$ref": "./examples/incidents/relations/DeleteIncidentRelation.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Delete the incident relation.", + "operationId": "IncidentRelations_DeleteRelation", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists": { + "get": { + "x-ms-examples": { + "Get all watchlists.": { + "$ref": "./examples/watchlists/GetWatchlists.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Gets all watchlists, without watchlist items.", + "operationId": "Watchlists_List", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}": { + "get": { + "x-ms-examples": { + "Get a watchlist.": { + "$ref": "./examples/watchlists/GetWatchlistByAlias.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Gets a watchlist, without its watchlist items.", + "operationId": "Watchlists_Get", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Watchlist" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a watchlist.": { + "$ref": "./examples/watchlists/DeleteWatchlist.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Delete a watchlist.", + "operationId": "Watchlists_Delete", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates a watchlist.": { + "$ref": "./examples/watchlists/CreateWatchlist.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Creates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint twice : the first call will create an empty Watchlist, and the second one will create its Items.", + "operationId": "Watchlists_Create", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/Watchlist" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Watchlist" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Watchlist" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems": { + "get": { + "x-ms-examples": { + "Get all watchlist Items.": { + "$ref": "./examples/watchlists/GetWatchlistItems.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Gets all watchlist Items.", + "operationId": "WatchlistItems_List", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistItemList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}": { + "get": { + "x-ms-examples": { + "Get a watchlist item.": { + "$ref": "./examples/watchlists/GetWatchlistItemById.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Gets a watchlist, without its watchlist items.", + "operationId": "WatchlistItems_Get", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a watchlist Item.": { + "$ref": "./examples/watchlists/DeleteWatchlistItem.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Delete a watchlist item.", + "operationId": "WatchlistItems_Delete", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a watchlist item.": { + "$ref": "./examples/watchlists/CreateWatchlistItem.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Creates or updates a watchlist item.", + "operationId": "WatchlistItems_CreateOrUpdate", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + }, + { + "$ref": "#/parameters/WatchlistItem" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "Aggregations": { + "allOf": [ + { + "$ref": "#/definitions/Resource" + }, + { + "$ref": "#/definitions/AggregationsKind" + } + ], + "description": "The aggregation.", + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "AggregationsKind": { + "description": "Describes an Azure resource with kind.", + "properties": { + "kind": { + "description": "The kind of the setting", + "enum": [ + "CasesAggregation" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AggregationsKind" + } + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "MLBehaviorAnalyticsAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents MLBehaviorAnalytics alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/MLBehaviorAnalyticsAlertRuleProperties", + "description": "MLBehaviorAnalytics alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MLBehaviorAnalytics" + }, + "MLBehaviorAnalyticsAlertRuleProperties": { + "description": "MLBehaviorAnalytics alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "readOnly": true, + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert rule has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ], + "type": "object" + }, + "MLBehaviorAnalyticsAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents MLBehaviorAnalytics alert rule template.", + "properties": { + "properties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" + } + ], + "description": "MLBehaviorAnalytics alert rule template properties.", + "properties": { + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "tactics": { + "description": "The tactics of the alert rule template.", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "type": "array" + } + }, + "required": [ + "displayName", + "description", + "status", + "severity", + "alertRulesCreatedByTemplateCount" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MLBehaviorAnalytics" + }, + "AADDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents AAD (Azure Active Directory) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AADDataConnectorProperties", + "description": "AAD (Azure Active Directory) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureActiveDirectory" + }, + "AADDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "AAD (Azure Active Directory) data connector properties.", + "type": "object" + }, + "AATPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents AATP (Azure Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AATPDataConnectorProperties", + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureAdvancedThreatProtection" + }, + "AATPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "type": "object" + }, + "MSTIDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Microsoft Threat Intelligence data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MSTIDataConnectorProperties", + "description": "Microsoft Threat Intelligence data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftThreatIntelligence" + }, + "MSTIDataConnectorDataTypes": { + "description": "The available data types for Microsoft Threat Intelligence Platforms data connector.", + "properties": { + "bingSafetyPhishingURL": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "properties": { + "lookbackPeriod": { + "description": "lookback period", + "type": "string" + } + }, + "description": "Data type for Microsoft Threat Intelligence Platforms data connector.", + "type": "object", + "required": [ + "lookbackPeriod" + ] + }, + "microsoftEmergingThreatFeed": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "properties": { + "lookbackPeriod": { + "description": "lookback period", + "type": "string" + } + }, + "description": "Data type for Microsoft Threat Intelligence Platforms data connector.", + "type": "object", + "required": [ + "lookbackPeriod" + ] + } + }, + "type": "object", + "required": [ + "bingSafetyPhishingURL", + "microsoftEmergingThreatFeed" + ] + }, + "MSTIDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Microsoft Threat Intelligence data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MSTIDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "MTPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents MTP (Microsoft Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MTPDataConnectorProperties", + "description": "MTP (Microsoft Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftThreatProtection" + }, + "MTPDataConnectorDataTypes": { + "description": "The available data types for Microsoft Threat Protection Platforms data connector.", + "properties": { + "incidents": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Data type for Microsoft Threat Protection Platforms data connector.", + "type": "object" + } + }, + "type": "object", + "required": [ + "incidents" + ] + }, + "MTPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MTP (Microsoft Threat Protection) data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MTPDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "ASCDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents ASC (Azure Security Center) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/ASCDataConnectorProperties", + "description": "ASC (Azure Security Center) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureSecurityCenter" + }, + "ASCDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "ASC (Azure Security Center) data connector properties.", + "properties": { + "subscriptionId": { + "description": "The subscription id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object" + }, + "AccountEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an account entity.", + "properties": { + "properties": { + "$ref": "#/definitions/AccountEntityProperties", + "description": "Account entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Account" + }, + "AccountEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Account entity property bag.", + "properties": { + "aadTenantId": { + "description": "The Azure Active Directory tenant id.", + "readOnly": true, + "type": "string" + }, + "aadUserId": { + "description": "The Azure Active Directory user id.", + "readOnly": true, + "type": "string" + }, + "accountName": { + "description": "The name of the account. This field should hold only the name without any domain added to it, i.e. administrator.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name of the account.", + "readOnly": true, + "type": "string" + }, + "hostEntityId": { + "description": "The Host entity id that contains the account in case it is a local account (not domain joined)", + "readOnly": true, + "type": "string" + }, + "isDomainJoined": { + "description": "Determines whether this is a domain account.", + "readOnly": true, + "type": "boolean" + }, + "ntDomain": { + "description": "The NetBIOS domain name as it appears in the alert format – domain\\username. Examples: NT AUTHORITY.", + "readOnly": true, + "type": "string" + }, + "objectGuid": { + "description": "The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory.", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "puid": { + "description": "The Azure Active Directory Passport User ID.", + "readOnly": true, + "type": "string" + }, + "sid": { + "description": "The account security identifier, e.g. S-1-5-18.", + "readOnly": true, + "type": "string" + }, + "upnSuffix": { + "description": "The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com.", + "readOnly": true, + "type": "string" + }, + "dnsDomain": { + "description": "The fully qualified domain DNS name.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "ActionRequest": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Action for alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ActionRequestProperties", + "description": "Action properties for put request", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "ActionPropertiesBase": { + "description": "Action property bag base.", + "properties": { + "logicAppResourceId": { + "description": "Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.", + "type": "string" + } + }, + "required": [ + "logicAppResourceId" + ], + "type": "object" + }, + "ActionRequestProperties": { + "allOf": [ + { + "$ref": "#/definitions/ActionPropertiesBase" + } + ], + "description": "Action property bag.", + "properties": { + "triggerUri": { + "description": "Logic App Callback URL for this specific workflow.", + "type": "string" + } + }, + "required": [ + "triggerUri" + ], + "type": "object" + }, + "ActionResponse": { + "allOf": [ + { + "$ref": "#/definitions/Resource" + } + ], + "description": "Action for alert rule.", + "properties": { + "etag": { + "description": "Etag of the action.", + "type": "string" + }, + "properties": { + "$ref": "#/definitions/ActionResponseProperties", + "description": "Action properties for get request", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "ActionResponseProperties": { + "allOf": [ + { + "$ref": "#/definitions/ActionPropertiesBase" + } + ], + "description": "Action property bag.", + "properties": { + "workflowId": { + "description": "The name of the logic app's workflow.", + "type": "string" + } + }, + "type": "object" + }, + "ActionsList": { + "description": "List all the actions.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of actions.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of actions.", + "items": { + "$ref": "#/definitions/ActionResponse" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "AlertRule": { + "allOf": [ + { + "$ref": "#/definitions/ResourceWithEtag" + }, + { + "$ref": "#/definitions/AlertRuleKind" + } + ], + "description": "Alert rule.", + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "AlertRuleKind": { + "description": "Describes an Azure resource with kind.", + "properties": { + "kind": { + "description": "The kind of the alert rule", + "enum": [ + "Scheduled", + "MicrosoftSecurityIncidentCreation", + "Fusion", + "MLBehaviorAnalytics", + "ThreatIntelligence" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertRuleKind", + "values": [ + { + "value": "Scheduled" + }, + { + "value": "MicrosoftSecurityIncidentCreation" + }, + { + "value": "Fusion" + }, + { + "value": "MLBehaviorAnalytics" + }, + { + "value": "ThreatIntelligence" + } + ] + } + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "AlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/Resource" + }, + { + "$ref": "#/definitions/AlertRuleKind" + } + ], + "description": "Alert rule template.", + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "AlertRuleTemplateDataSource": { + "description": "alert rule template data sources", + "properties": { + "connectorId": { + "description": "The connector id that provides the following data types", + "type": "string" + }, + "dataTypes": { + "description": "The data types used by the alert rule template", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AlertRuleTemplatePropertiesBase": { + "description": "Base alert rule template property bag.", + "properties": { + "alertRulesCreatedByTemplateCount": { + "description": "the number of alert rules that were created by this template", + "type": "integer" + }, + "lastUpdatedDateUTC": { + "description": "The last time that this alert rule template has been updated.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "createdDateUTC": { + "description": "The time that this alert rule template has been added.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the alert rule template.", + "type": "string" + }, + "displayName": { + "description": "The display name for alert rule template.", + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data sources for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "type": "array" + }, + "status": { + "description": "The alert rule template status.", + "enum": [ + "Installed", + "Available", + "NotAvailable" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "TemplateStatus", + "values": [ + { + "description": "Alert rule template installed. and can not use more then once", + "value": "Installed" + }, + { + "description": "Alert rule template is available.", + "value": "Available" + }, + { + "description": "Alert rule template is not available", + "value": "NotAvailable" + } + ] + } + } + }, + "type": "object" + }, + "AlertRuleTemplatesList": { + "description": "List all the alert rule templates.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of alert rule templates.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of alert rule templates.", + "items": { + "$ref": "#/definitions/AlertRuleTemplate" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "AlertRuleTriggerOperator": { + "description": "The operation against the threshold that triggers alert rule.", + "enum": [ + "GreaterThan", + "LessThan", + "Equal", + "NotEqual" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "TriggerOperator" + } + }, + "AlertRulesList": { + "description": "List all the alert rules.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of alert rules.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of alert rules.", + "items": { + "$ref": "#/definitions/AlertRule" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "AlertSeverity": { + "description": "The severity of the alert", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertSeverity", + "values": [ + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "AlertsDataTypeOfDataConnector": { + "description": "Alerts data type for data connectors.", + "properties": { + "alerts": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Alerts data type connection.", + "type": "object" + } + }, + "type": "object", + "required": [ + "alerts" + ] + }, + "AttackTactic": { + "description": "The severity for alerts created by this alert rule.", + "enum": [ + "InitialAccess", + "Execution", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact", + "PreAttack" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AttackTactic" + } + }, + "AwsCloudTrailDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Amazon Web Services CloudTrail data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorProperties", + "description": "Amazon Web Services CloudTrail data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AmazonWebServicesCloudTrail" + }, + "AwsCloudTrailDataConnectorDataTypes": { + "description": "The available data types for Amazon Web Services CloudTrail data connector.", + "properties": { + "logs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Logs data type.", + "type": "object" + } + }, + "type": "object", + "required": [ + "logs" + ] + }, + "AwsCloudTrailDataConnectorProperties": { + "description": "Amazon Web Services CloudTrail data connector properties.", + "properties": { + "awsRoleArn": { + "description": "The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "AzureResourceEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an azure resource entity.", + "properties": { + "properties": { + "$ref": "#/definitions/AzureResourceEntityProperties", + "description": "AzureResource entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureResource" + }, + "AzureResourceEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "AzureResource entity property bag.", + "properties": { + "resourceId": { + "description": "The azure resource id of the resource", + "readOnly": true, + "type": "string" + }, + "subscriptionId": { + "description": "The subscription id of the resource", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "CasesAggregation": { + "allOf": [ + { + "$ref": "#/definitions/Aggregations" + } + ], + "description": "Represents aggregations results for cases.", + "properties": { + "properties": { + "$ref": "#/definitions/CasesAggregationProperties", + "description": "Properties of aggregations results of cases.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "CasesAggregation" + }, + "CasesAggregationBySeverityProperties": { + "description": "Aggregative results of cases by severity property bag.", + "properties": { + "totalCriticalSeverity": { + "description": "Total amount of open cases with severity Critical", + "readOnly": true, + "type": "integer" + }, + "totalHighSeverity": { + "description": "Total amount of open cases with severity High", + "readOnly": true, + "type": "integer" + }, + "totalInformationalSeverity": { + "description": "Total amount of open cases with severity Informational", + "readOnly": true, + "type": "integer" + }, + "totalLowSeverity": { + "description": "Total amount of open cases with severity Low", + "readOnly": true, + "type": "integer" + }, + "totalMediumSeverity": { + "description": "Total amount of open cases with severity medium", + "readOnly": true, + "type": "integer" + } + }, + "type": "object" + }, + "CasesAggregationByStatusProperties": { + "description": "Aggregative results of cases by status property bag.", + "properties": { + "totalDismissedStatus": { + "description": "Total amount of closed cases with status Dismissed", + "readOnly": true, + "type": "integer" + }, + "totalInProgressStatus": { + "description": "Total amount of open cases with status InProgress", + "readOnly": true, + "type": "integer" + }, + "totalNewStatus": { + "description": "Total amount of open cases with status New", + "readOnly": true, + "type": "integer" + }, + "totalResolvedStatus": { + "description": "Total amount of closed cases with status Resolved", + "readOnly": true, + "type": "integer" + }, + "totalFalsePositiveStatus": { + "description": "Total amount of closed cases with status Closed and Close reason of False positive", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "totalTruePositiveStatus": { + "description": "Total amount of closed cases with status Closed and Close reason of True positive", + "readOnly": true, + "type": "integer", + "format": "int32" + } + }, + "type": "object" + }, + "CasesAggregationProperties": { + "description": "Aggregative results of cases property bag.", + "properties": { + "aggregationBySeverity": { + "$ref": "#/definitions/CasesAggregationBySeverityProperties", + "description": "Aggregations results by case severity." + }, + "aggregationByStatus": { + "$ref": "#/definitions/CasesAggregationByStatusProperties", + "description": "Aggregations results by case status." + } + }, + "type": "object" + }, + "ClientInfo": { + "description": "Information on the client (user or application) that made some action", + "properties": { + "email": { + "description": "The email of the client.", + "type": "string" + }, + "name": { + "description": "The name of the client.", + "type": "string" + }, + "objectId": { + "description": "The object id of the client.", + "format": "uuid", + "type": "string" + }, + "userPrincipalName": { + "description": "The user principal name of the client.", + "type": "string" + } + }, + "type": "object" + }, + "CloudApplicationEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a cloud application entity.", + "properties": { + "properties": { + "$ref": "#/definitions/CloudApplicationEntityProperties", + "description": "CloudApplication entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "CloudApplication" + }, + "CloudApplicationEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "CloudApplication entity property bag.", + "properties": { + "appId": { + "description": "The technical identifier of the application.", + "readOnly": true, + "type": "integer" + }, + "appName": { + "description": "The name of the related cloud application.", + "readOnly": true, + "type": "string" + }, + "instanceName": { + "description": "The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "CloudError": { + "description": "Error response structure.", + "properties": { + "error": { + "$ref": "#/definitions/CloudErrorBody", + "description": "Error data", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-external": true + }, + "CloudErrorBody": { + "description": "Error details.", + "properties": { + "code": { + "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", + "readOnly": true, + "type": "string" + }, + "message": { + "description": "A message describing the error, intended to be suitable for display in a user interface.", + "readOnly": true, + "type": "string" + } + }, + "type": "object", + "x-ms-external": true + }, + "DataConnector": { + "allOf": [ + { + "$ref": "#/definitions/ResourceWithEtag" + }, + { + "$ref": "#/definitions/DataConnectorKind" + } + ], + "description": "Data connector.", + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "DataConnectorDataTypeCommon": { + "description": "Common field for data type in data connectors.", + "properties": { + "state": { + "description": "Describe whether this data type connection is enabled or not.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataTypeState" + } + } + }, + "type": "object", + "required": [ + "state" + ] + }, + "DataConnectorKind": { + "description": "Describes an Azure resource with kind.", + "properties": { + "kind": { + "description": "The kind of the data connector", + "enum": [ + "AzureActiveDirectory", + "AzureSecurityCenter", + "MicrosoftCloudAppSecurity", + "ThreatIntelligence", + "ThreatIntelligenceTaxii", + "Office365", + "OfficeATP", + "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", + "Dynamics365", + "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataConnectorKind", + "values": [ + { + "value": "AzureActiveDirectory" + }, + { + "value": "AzureSecurityCenter" + }, + { + "value": "MicrosoftCloudAppSecurity" + }, + { + "value": "ThreatIntelligence" + }, + { + "value": "ThreatIntelligenceTaxii" + }, + { + "value": "Office365" + }, + { + "value": "OfficeATP" + }, + { + "value": "AmazonWebServicesCloudTrail" + }, + { + "value": "AzureAdvancedThreatProtection" + }, + { + "value": "MicrosoftDefenderAdvancedThreatProtection" + }, + { + "value": "Dynamics365" + }, + { + "value": "MicrosoftThreatProtection" + }, + { + "value": "MicrosoftThreatIntelligence" + } + ] + } + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "DataConnectorList": { + "description": "List all the data connectors.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of data connectors.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of data connectors.", + "items": { + "$ref": "#/definitions/DataConnector" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "DataConnectorTenantId": { + "description": "Properties data connector on tenant level.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + } + }, + "required": [ + "tenantId" + ], + "type": "object" + }, + "DataConnectorWithAlertsProperties": { + "description": "Data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "type": "object" + }, + "DnsEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a dns entity.", + "properties": { + "properties": { + "$ref": "#/definitions/DnsEntityProperties", + "description": "Dns entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "DnsResolution" + }, + "DnsEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Dns entity property bag.", + "properties": { + "dnsServerIpEntityId": { + "description": "An ip entity id for the dns server resolving the request", + "readOnly": true, + "type": "string" + }, + "domainName": { + "description": "The name of the dns record associated with the alert", + "readOnly": true, + "type": "string" + }, + "hostIpAddressEntityId": { + "description": "An ip entity id for the dns request client", + "readOnly": true, + "type": "string" + }, + "ipAddressEntityIds": { + "description": "Ip entity identifiers for the resolved ip address.", + "items": { + "description": "Ip entity id", + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "Dynamics365DataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Dynamics365 data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/Dynamics365DataConnectorProperties", + "description": "Dynamics365 data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Dynamics365" + }, + "Dynamics365DataConnectorDataTypes": { + "description": "The available data types for Dynamics365 data connector.", + "properties": { + "dynamics365CdsActivities": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Common Data Service data type connection.", + "type": "object" + } + }, + "type": "object", + "required": [ + "dynamics365CdsActivities" + ] + }, + "Dynamics365DataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Dynamics365 data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/Dynamics365DataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "Entity": { + "allOf": [ + { + "$ref": "#/definitions/Resource" + }, + { + "$ref": "#/definitions/EntityKind" + } + ], + "description": "Specific entity.", + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "EntityCommonProperties": { + "description": "Entity common property bag.", + "properties": { + "additionalData": { + "additionalProperties": { + "type": "object" + }, + "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", + "readOnly": true, + "type": "object" + }, + "friendlyName": { + "description": "The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "EntityInnerKind": { + "description": "The kind of the entity", + "enum": [ + "Account", + "Host", + "File", + "AzureResource", + "CloudApplication", + "DnsResolution", + "FileHash", + "Ip", + "Malware", + "Process", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "Url", + "IoTDevice", + "SecurityAlert", + "Bookmark", + "Mailbox", + "MailCluster", + "MailMessage", + "SubmissionMail" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityKind", + "values": [ + { + "description": "Entity represents account in the system.", + "value": "Account" + }, + { + "description": "Entity represents host in the system.", + "value": "Host" + }, + { + "description": "Entity represents file in the system.", + "value": "File" + }, + { + "description": "Entity represents azure resource in the system.", + "value": "AzureResource" + }, + { + "description": "Entity represents cloud application in the system.", + "value": "CloudApplication" + }, + { + "description": "Entity represents dns resolution in the system.", + "value": "DnsResolution" + }, + { + "description": "Entity represents file hash in the system.", + "value": "FileHash" + }, + { + "description": "Entity represents ip in the system.", + "value": "Ip" + }, + { + "description": "Entity represents malware in the system.", + "value": "Malware" + }, + { + "description": "Entity represents process in the system.", + "value": "Process" + }, + { + "description": "Entity represents registry key in the system.", + "value": "RegistryKey" + }, + { + "description": "Entity represents registry value in the system.", + "value": "RegistryValue" + }, + { + "description": "Entity represents security group in the system.", + "value": "SecurityGroup" + }, + { + "description": "Entity represents url in the system.", + "value": "Url" + }, + { + "description": "Entity represents IoT device in the system.", + "value": "IoTDevice" + }, + { + "description": "Entity represents security alert in the system.", + "value": "SecurityAlert" + }, + { + "description": "Entity represents bookmark in the system.", + "value": "Bookmark" + }, + { + "description": "Entity represents mail cluster in the system.", + "value": "MailCluster" + }, + { + "description": "Entity represents mail message in the system.", + "value": "MailMessage" + }, + { + "description": "Entity represents mailbox in the system.", + "value": "Mailbox" + }, + { + "description": "Entity represents submission mail in the system.", + "value": "SubmissionMail" + } + ] + } + }, + "EntityInnerType": { + "description": "The type of the entity", + "enum": [ + "Account", + "Host", + "File", + "AzureResource", + "CloudApplication", + "DNS", + "FileHash", + "IP", + "Malware", + "Process", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "URL", + "IoTDevice", + "SecurityAlert", + "HuntingBookmark", + "MailCluster", + "MailMessage", + "Mailbox", + "SubmissionMail" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityType", + "values": [ + { + "description": "Entity represents account in the system.", + "value": "Account" + }, + { + "description": "Entity represents host in the system.", + "value": "Host" + }, + { + "description": "Entity represents file in the system.", + "value": "File" + }, + { + "description": "Entity represents azure resource in the system.", + "value": "AzureResource" + }, + { + "description": "Entity represents cloud application in the system.", + "value": "CloudApplication" + }, + { + "description": "Entity represents dns in the system.", + "value": "DNS" + }, + { + "description": "Entity represents file hash in the system.", + "value": "FileHash" + }, + { + "description": "Entity represents ip in the system.", + "value": "IP" + }, + { + "description": "Entity represents malware in the system.", + "value": "Malware" + }, + { + "description": "Entity represents process in the system.", + "value": "Process" + }, + { + "description": "Entity represents registry key in the system.", + "value": "RegistryKey" + }, + { + "description": "Entity represents registry value in the system.", + "value": "RegistryValue" + }, + { + "description": "Entity represents security group in the system.", + "value": "SecurityGroup" + }, + { + "description": "Entity represents url in the system.", + "value": "URL" + }, + { + "description": "Entity represents IoT device in the system.", + "value": "IoTDevice" + }, + { + "description": "Entity represents security alert in the system.", + "value": "SecurityAlert" + }, + { + "description": "Entity represents HuntingBookmark in the system.", + "value": "HuntingBookmark" + }, + { + "description": "Entity represents mail cluster in the system.", + "value": "MailCluster" + }, + { + "description": "Entity represents mail message in the system.", + "value": "MailMessage" + }, + { + "description": "Entity represents mailbox in the system.", + "value": "Mailbox" + }, + { + "description": "Entity represents submission mail in the system.", + "value": "SubmissionMail" + } + ] + } + }, + "EntityKind": { + "description": "Describes an entity with kind.", + "properties": { + "kind": { + "$ref": "#/definitions/EntityInnerKind", + "description": "The kind of the entity." + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "EntityQueryKind": { + "description": "Describes an Entity query resource with kind.", + "properties": { + "kind": { + "description": "The kind of the entity query", + "enum": [ + "Expansion", + "Insight" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityQueryKind", + "values": [ + { + "value": "Expansion" + }, + { + "value": "Insight" + } + ] + } + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "EntityQuery": { + "allOf": [ + { + "$ref": "#/definitions/ResourceWithEtag" + }, + { + "$ref": "#/definitions/EntityQueryKind" + } + ], + "description": "Specific entity query.", + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "ExpansionEntityQuery": { + "description": "Represents Expansion entity query.", + "allOf": [ + { + "$ref": "#/definitions/EntityQuery" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ExpansionEntityQueriesProperties", + "description": "Expansion entity query properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Expansion" + }, + "EntityQueryList": { + "description": "List of all the entity queries.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of entity queries.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of entity queries.", + "items": { + "$ref": "#/definitions/EntityQuery" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "ExpansionResultAggregation": { + "description": "Information of a specific aggregation in the expansion result.", + "properties": { + "aggregationType": { + "description": "The common type of the aggregation. (for e.g. entity field name)", + "type": "string" + }, + "count": { + "description": "Total number of aggregations of the given kind (and aggregationType if given) in the expansion result.", + "type": "integer" + }, + "displayName": { + "description": "The display name of the aggregation by type.", + "type": "string" + }, + "entityKind": { + "$ref": "#/definitions/EntityInnerKind", + "description": "The kind of the aggregated entity." + } + }, + "required": [ + "entityKind", + "count" + ], + "type": "object" + }, + "ExpansionResultsMetadata": { + "description": "Expansion result metadata.", + "properties": { + "aggregations": { + "description": "Information of the aggregated nodes in the expansion result.", + "items": { + "$ref": "#/definitions/ExpansionResultAggregation" + }, + "type": "array" + } + }, + "type": "object" + }, + "ExpansionEntityQueriesProperties": { + "description": "Describes expansion entity query properties", + "properties": { + "dataSources": { + "description": "List of the data sources that are required to run the query", + "items": { + "description": "data source", + "type": "string" + }, + "type": "array" + }, + "displayName": { + "description": "The query display name", + "type": "string" + }, + "inputEntityType": { + "$ref": "#/definitions/EntityInnerType", + "description": "The type of the query's source entity" + }, + "inputFields": { + "description": "List of the fields of the source entity that are required to run the query", + "items": { + "description": "input field", + "type": "string" + }, + "type": "array" + }, + "outputEntityTypes": { + "description": "List of the desired output types to be constructed from the result", + "items": { + "$ref": "#/definitions/EntityInnerType", + "description": "output entity type" + }, + "type": "array" + }, + "queryTemplate": { + "description": "The template query string to be parsed and formatted", + "type": "string" + } + }, + "type": "object" + }, + "ConnectedEntity": { + "description": "Expansion result connected entities", + "properties": { + "targetEntityId": { + "description": "Entity Id of the connected entity", + "type": "string" + }, + "additionalData": { + "description": "key-value pairs for a connected entity mapping", + "type": "object" + } + } + }, + "FileEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a file entity.", + "properties": { + "properties": { + "$ref": "#/definitions/FileEntityProperties", + "description": "File entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "File" + }, + "FileEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "File entity property bag.", + "properties": { + "directory": { + "description": "The full path to the file.", + "readOnly": true, + "type": "string" + }, + "fileHashEntityIds": { + "description": "The file hash entity identifiers associated with this file", + "items": { + "description": "file hash id", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "fileName": { + "description": "The file name without path (some alerts might not include path).", + "readOnly": true, + "type": "string" + }, + "hostEntityId": { + "description": "The Host entity id which the file belongs to", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "FileHashEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a file hash entity.", + "properties": { + "properties": { + "$ref": "#/definitions/FileHashEntityProperties", + "description": "FileHash entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "FileHash" + }, + "FileHashEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "FileHash entity property bag.", + "properties": { + "algorithm": { + "description": "The hash algorithm type.", + "enum": [ + "Unknown", + "MD5", + "SHA1", + "SHA256", + "SHA256AC" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "FileHashAlgorithm", + "values": [ + { + "description": "Unknown hash algorithm", + "value": "Unknown" + }, + { + "description": "MD5 hash type", + "value": "MD5" + }, + { + "description": "SHA1 hash type", + "value": "SHA1" + }, + { + "description": "SHA256 hash type", + "value": "SHA256" + }, + { + "description": "SHA256 Authenticode hash type", + "value": "SHA256AC" + } + ] + } + }, + "hashValue": { + "description": "The file hash value.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "FusionAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents Fusion alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/FusionAlertRuleProperties", + "description": "Fusion alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Fusion" + }, + "FusionAlertRuleProperties": { + "description": "Fusion alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "readOnly": true, + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ], + "type": "object" + }, + "FusionAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents Fusion alert rule template.", + "properties": { + "properties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" + } + ], + "description": "Fusion alert rule template properties", + "properties": { + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "tactics": { + "description": "The tactics of the alert rule template", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "type": "array" + } + }, + "required": [ + "displayName", + "description", + "status", + "severity", + "alertRulesCreatedByTemplateCount" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Fusion" + }, + "ThreatIntelligenceAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents Threat Intelligence alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ThreatIntelligenceAlertRuleProperties", + "description": "Threat Intelligence alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "ThreatIntelligenceAlertRuleProperties": { + "description": "Threat Intelligence alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "readOnly": true, + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ], + "type": "object" + }, + "ThreatIntelligenceAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents Threat Intelligence alert rule template.", + "properties": { + "properties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" + } + ], + "description": "Threat Intelligence alert rule template properties", + "properties": { + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "tactics": { + "description": "The tactics of the alert rule template", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "type": "array" + } + }, + "required": [ + "displayName", + "description", + "status", + "severity", + "alertRulesCreatedByTemplateCount" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "GeoLocation": { + "description": "The geo-location context attached to the ip entity", + "properties": { + "asn": { + "description": "Autonomous System Number", + "readOnly": true, + "type": "integer" + }, + "city": { + "description": "City name", + "readOnly": true, + "type": "string" + }, + "countryCode": { + "description": "The country code according to ISO 3166 format", + "readOnly": true, + "type": "string" + }, + "countryName": { + "description": "Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name", + "readOnly": true, + "type": "string" + }, + "latitude": { + "description": "The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code.", + "format": "double", + "readOnly": true, + "type": "number" + }, + "longitude": { + "description": "The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code.", + "format": "double", + "readOnly": true, + "type": "number" + }, + "state": { + "description": "State name", + "readOnly": true, + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "HostEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a host entity.", + "properties": { + "properties": { + "$ref": "#/definitions/HostEntityProperties", + "description": "Host entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Host" + }, + "HostEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Host entity property bag.", + "properties": { + "azureID": { + "description": "The azure resource id of the VM.", + "readOnly": true, + "type": "string" + }, + "dnsDomain": { + "description": "The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain", + "readOnly": true, + "type": "string" + }, + "hostName": { + "description": "The hostname without the domain suffix.", + "readOnly": true, + "type": "string" + }, + "isDomainJoined": { + "description": "Determines whether this host belongs to a domain.", + "readOnly": true, + "type": "boolean" + }, + "netBiosName": { + "description": "The host name (pre-windows2000).", + "readOnly": true, + "type": "string" + }, + "ntDomain": { + "description": "The NT domain that this host belongs to.", + "readOnly": true, + "type": "string" + }, + "omsAgentID": { + "description": "The OMS agent id, if the host has OMS agent installed.", + "readOnly": true, + "type": "string" + }, + "osFamily": { + "description": "The operating system type.", + "enum": [ + "Linux", + "Windows", + "Android", + "IOS", + "Unknown" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "OSFamily", + "values": [ + { + "description": "Host with Linux operating system.", + "value": "Linux" + }, + { + "description": "Host with Windows operating system.", + "value": "Windows" + }, + { + "description": "Host with Android operating system.", + "value": "Android" + }, + { + "description": "Host with IOS operating system.", + "value": "IOS" + }, + { + "description": "Host with Unknown operating system.", + "value": "Unknown" + } + ] + } + }, + "osVersion": { + "description": "A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "Incident": { + "allOf": [ + { + "$ref": "#/definitions/ResourceWithEtag" + } + ], + "description": "Represents an incident in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/IncidentProperties", + "description": "Incident properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "HuntingBookmark": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a Hunting bookmark entity.", + "properties": { + "properties": { + "$ref": "#/definitions/HuntingBookmarkProperties", + "description": "HuntingBookmark entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Bookmark" + }, + "HuntingBookmarkProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Describes bookmark properties", + "properties": { + "created": { + "description": "The time the bookmark was created", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the bookmark", + "type": "object" + }, + "displayName": { + "description": "The display name of the bookmark", + "type": "string" + }, + "eventTime": { + "description": "The time of the event", + "format": "date-time", + "type": "string" + }, + "labels": { + "description": "List of labels relevant to this bookmark", + "items": { + "$ref": "#/definitions/Label" + }, + "type": "array" + }, + "notes": { + "description": "The notes of the bookmark", + "type": "string" + }, + "query": { + "description": "The query of the bookmark.", + "type": "string" + }, + "queryResult": { + "description": "The query result of the bookmark.", + "type": "string" + }, + "updated": { + "description": "The last time the bookmark was updated", + "format": "date-time", + "type": "string" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the bookmark", + "type": "object" + }, + "incidentInfo": { + "$ref": "#/definitions/IncidentInfo", + "description": "Describes an incident that relates to bookmark", + "type": "object" + } + }, + "required": [ + "displayName", + "query" + ], + "type": "object" + }, + "IncidentAdditionalData": { + "description": "Incident additional data property bag.", + "properties": { + "alertsCount": { + "description": "The number of alerts in the incident", + "readOnly": true, + "type": "integer" + }, + "bookmarksCount": { + "description": "The number of bookmarks in the incident", + "readOnly": true, + "type": "integer" + }, + "commentsCount": { + "description": "The number of comments in the incident", + "readOnly": true, + "type": "integer" + }, + "alertProductNames": { + "description": "List of product names of alerts in the incident", + "items": { + "description": "Alert product name", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "tactics": { + "description": "The tactics associated with incident", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "IncidentAlertList": { + "description": "List of incident alerts.", + "properties": { + "value": { + "description": "Array of incident alerts.", + "type": "array", + "items": { + "$ref": "#/definitions/SecurityAlert" + } + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "IncidentBookmarkList": { + "description": "List of incident bookmarks.", + "properties": { + "value": { + "description": "Array of incident bookmarks.", + "type": "array", + "items": { + "$ref": "#/definitions/HuntingBookmark" + } + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "IncidentComment": { + "allOf": [ + { + "$ref": "#/definitions/ResourceWithEtag" + } + ], + "description": "Represents an incident comment", + "properties": { + "properties": { + "$ref": "#/definitions/IncidentCommentProperties", + "description": "Incident comment properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "IncidentCommentList": { + "description": "List of incident comments.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of comments.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of comments.", + "items": { + "$ref": "#/definitions/IncidentComment" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "IncidentCommentProperties": { + "description": "Incident comment property bag.", + "properties": { + "createdTimeUtc": { + "description": "The time the comment was created", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "lastModifiedTimeUtc": { + "description": "The time the comment was updated", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "message": { + "description": "The comment message", + "type": "string" + }, + "author": { + "$ref": "#/definitions/ClientInfo", + "description": "Describes the client that created the comment", + "readOnly": true, + "type": "object" + } + }, + "required": [ + "message" + ], + "type": "object" + }, + "IncidentEntitiesResponse": { + "description": "The incident related entities response.", + "type": "object", + "properties": { + "entities": { + "description": "Array of the incident related entities.", + "type": "array", + "items": { + "$ref": "#/definitions/Entity" + } + }, + "metaData": { + "description": "The metadata from the incident related entities results.", + "type": "array", + "items": { + "$ref": "#/definitions/IncidentEntitiesResultsMetadata" + } + } + } + }, + "IncidentEntitiesResultsMetadata": { + "description": "Information of a specific aggregation in the incident related entities result.", + "properties": { + "count": { + "description": "Total number of aggregations of the given kind in the incident related entities result.", + "type": "integer", + "format": "int32" + }, + "entityKind": { + "$ref": "#/definitions/EntityInnerKind", + "description": "The kind of the aggregated entity." + } + }, + "required": [ + "entityKind", + "count" + ], + "type": "object" + }, + "IncidentLabel": { + "description": "Represents an incident label", + "properties": { + "labelName": { + "description": "The name of the label", + "type": "string" + }, + "labelType": { + "description": "The type of the label", + "enum": [ + "User", + "System" + ], + "type": "string", + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentLabelType", + "values": [ + { + "description": "Label manually created by a user", + "value": "User" + }, + { + "description": "Label automatically created by the system", + "value": "System" + } + ] + } + } + }, + "required": [ + "labelName" + ], + "type": "object" + }, + "IncidentList": { + "description": "List all the incidents.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of incidents.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of incidents.", + "items": { + "$ref": "#/definitions/Incident" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "IncidentOwnerInfo": { + "description": "Information on the user an incident is assigned to", + "properties": { + "email": { + "description": "The email of the user the incident is assigned to.", + "type": "string" + }, + "assignedTo": { + "description": "The name of the user the incident is assigned to.", + "type": "string" + }, + "objectId": { + "description": "The object id of the user the incident is assigned to.", + "format": "uuid", + "type": "string" + }, + "userPrincipalName": { + "description": "The user principal name of the user the incident is assigned to.", + "type": "string" + } + }, + "type": "object" + }, + "IncidentClassification": { + "description": "The reason the incident was closed", + "enum": [ + "Undetermined", + "TruePositive", + "BenignPositive", + "FalsePositive" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentClassification", + "values": [ + { + "description": "Incident classification was undetermined", + "value": "Undetermined" + }, + { + "description": "Incident was true positive", + "value": "TruePositive" + }, + { + "description": "Incident was benign positive", + "value": "BenignPositive" + }, + { + "description": "Incident was false positive", + "value": "FalsePositive" + } + ] + } + }, + "IncidentClassificationReason": { + "description": "The classification reason the incident was closed with", + "enum": [ + "SuspiciousActivity", + "SuspiciousButExpected", + "IncorrectAlertLogic", + "InaccurateData" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentClassificationReason", + "values": [ + { + "description": "Classification reason was suspicious activity", + "value": "SuspiciousActivity" + }, + { + "description": "Classification reason was suspicious but expected", + "value": "SuspiciousButExpected" + }, + { + "description": "Classification reason was incorrect alert logic", + "value": "IncorrectAlertLogic" + }, + { + "description": "Classification reason was inaccurate data", + "value": "InaccurateData" + } + ] + } + }, + "IncidentSeverity": { + "description": "The severity of the incident", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentSeverity", + "values": [ + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "IncidentStatus": { + "description": "The status of the incident", + "enum": [ + "New", + "Active", + "Closed" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentStatus", + "values": [ + { + "description": "An active incident which isn't being handled currently", + "value": "New" + }, + { + "description": "An active incident which is being handled", + "value": "Active" + }, + { + "description": "A non-active incident", + "value": "Closed" + } + ] + } + }, + "IncidentProperties": { + "description": "Describes incident properties", + "properties": { + "additionalData": { + "$ref": "#/definitions/IncidentAdditionalData", + "description": "Additional data on the incident", + "readOnly": true, + "type": "object" + }, + "classification": { + "$ref": "#/definitions/IncidentClassification", + "description": "The reason the incident was closed" + }, + "classificationComment": { + "description": "Describes the reason the incident was closed", + "type": "string" + }, + "classificationReason": { + "$ref": "#/definitions/IncidentClassificationReason", + "description": "The classification reason the incident was closed with" + }, + "createdTimeUtc": { + "description": "The time the incident was created", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the incident", + "type": "string" + }, + "firstActivityTimeUtc": { + "description": "The time of the first activity in the incident", + "format": "date-time", + "type": "string" + }, + "incidentUrl": { + "description": "The deep-link url to the incident in Azure portal", + "readOnly": true, + "type": "string" + }, + "incidentNumber": { + "description": "A sequential number", + "readOnly": true, + "type": "integer" + }, + "labels": { + "description": "List of labels relevant to this incident", + "items": { + "$ref": "#/definitions/IncidentLabel" + }, + "type": "array" + }, + "providerName": { + "description": "The name of the source provider that generated the incident", + "type": "string" + }, + "providerIncidentId": { + "description": "The incident ID assigned by the incident provider", + "type": "string" + }, + "lastActivityTimeUtc": { + "description": "The time of the last activity in the incident", + "format": "date-time", + "type": "string" + }, + "lastModifiedTimeUtc": { + "description": "The last time the incident was updated", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "owner": { + "$ref": "#/definitions/IncidentOwnerInfo", + "description": "Describes a user that the incident is assigned to", + "type": "object" + }, + "relatedAnalyticRuleIds": { + "description": "List of resource ids of Analytic rules related to the incident", + "items": { + "description": "Related Analytic rule resource id", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "severity": { + "$ref": "#/definitions/IncidentSeverity", + "description": "The severity of the incident" + }, + "status": { + "$ref": "#/definitions/IncidentStatus", + "description": "The status of the incident" + }, + "title": { + "description": "The title of the incident", + "type": "string" + } + }, + "required": [ + "title", + "severity", + "status" + ], + "type": "object" + }, + "IpEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an ip entity.", + "properties": { + "properties": { + "$ref": "#/definitions/IpEntityProperties", + "description": "Ip entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Ip" + }, + "IpEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Ip entity property bag.", + "properties": { + "address": { + "description": "The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)", + "readOnly": true, + "type": "string" + }, + "location": { + "$ref": "#/definitions/GeoLocation", + "description": "The geo-location context attached to the ip entity" + }, + "threatIntelligence": { + "description": "A list of TI contexts attached to the ip entity.", + "items": { + "$ref": "#/definitions/ThreatIntelligence" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "Label": { + "description": "Label that will be used to tag and filter on.", + "type": "string" + }, + "MailboxEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a mailbox entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailboxEntityProperties", + "description": "Mailbox entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Mailbox" + }, + "MailboxEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Mailbox entity property bag.", + "properties": { + "mailboxPrimaryAddress": { + "description": "The mailbox's primary address", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The mailbox's display name", + "readOnly": true, + "type": "string" + }, + "upn": { + "description": "The mailbox's UPN", + "readOnly": true, + "type": "string" + }, + "externalDirectoryObjectId": { + "description": "The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox object on office side", + "format": "uuid", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "MailClusterEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a mail cluster entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailClusterEntityProperties", + "description": "Mail cluster entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MailCluster" + }, + "MailClusterEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Mail cluster entity property bag.", + "properties": { + "networkMessageIds": { + "description": "The mail message IDs that are part of the mail cluster", + "items": { + "description": "A mail message ID", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "countByDeliveryStatus": { + "description": "Count of mail messages by DeliveryStatus string representation", + "readOnly": true, + "type": "object" + }, + "countByThreatType": { + "description": "Count of mail messages by ThreatType string representation", + "readOnly": true, + "type": "object" + }, + "countByProtectionStatus": { + "description": "Count of mail messages by ProtectionStatus string representation", + "readOnly": true, + "type": "object" + }, + "threats": { + "description": "The threats of mail messages that are part of the mail cluster", + "items": { + "description": "A threat", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "query": { + "description": "The query that was used to identify the messages of the mail cluster", + "readOnly": true, + "type": "string" + }, + "queryTime": { + "description": "The query time", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "mailCount": { + "description": "The number of mail messages that are part of the mail cluster", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "isVolumeAnomaly": { + "description": "Is this a volume anomaly mail cluster", + "readOnly": true, + "type": "boolean" + }, + "source": { + "description": "The source of the mail cluster (default is 'O365 ATP')", + "readOnly": true, + "type": "string" + }, + "clusterSourceIdentifier": { + "description": "The id of the cluster source", + "readOnly": true, + "type": "string" + }, + "clusterSourceType": { + "description": "The type of the cluster source", + "readOnly": true, + "type": "string" + }, + "clusterQueryStartTime": { + "description": "The cluster query start time", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "clusterQueryEndTime": { + "description": "The cluster query end time", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "clusterGroup": { + "description": "The cluster group", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "MailMessageEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a mail message entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailMessageEntityProperties", + "description": "Mail message entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MailMessage" + }, + "MailMessageEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Mail message entity property bag.", + "properties": { + "fileEntityIds": { + "description": "The File entity ids of this mail message's attachments", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "recipient": { + "description": "The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and each copy has one recipient", + "readOnly": true, + "type": "string" + }, + "urls": { + "description": "The Urls contained in this mail message", + "items": { + "description": "A Url contained in this mail message", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "threats": { + "description": "The threats of this mail message", + "items": { + "description": "A threat of the mail message", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "p1Sender": { + "description": "The p1 sender's email address", + "readOnly": true, + "type": "string" + }, + "p1SenderDisplayName": { + "description": "The p1 sender's display name", + "readOnly": true, + "type": "string" + }, + "p1SenderDomain": { + "description": "The p1 sender's domain", + "readOnly": true, + "type": "string" + }, + "senderIP": { + "description": "The sender's IP address", + "readOnly": true, + "type": "string" + }, + "p2Sender": { + "description": "The p2 sender's email address", + "readOnly": true, + "type": "string" + }, + "p2SenderDisplayName": { + "description": "The p2 sender's display name", + "readOnly": true, + "type": "string" + }, + "p2SenderDomain": { + "description": "The p2 sender's domain", + "readOnly": true, + "type": "string" + }, + "receiveDate": { + "description": "The receive date of this message", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "networkMessageId": { + "description": "The network message id of this mail message", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "internetMessageId": { + "description": "The internet message id of this mail message", + "readOnly": true, + "type": "string" + }, + "subject": { + "description": "The subject of this mail message", + "readOnly": true, + "type": "string" + }, + "language": { + "description": "The language of this mail message", + "readOnly": true, + "type": "string" + }, + "threatDetectionMethods": { + "description": "The threat detection methods", + "items": { + "description": "A threat detection method", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "bodyFingerprintBin1": { + "description": "The bodyFingerprintBin1", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin2": { + "description": "The bodyFingerprintBin2", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin3": { + "description": "The bodyFingerprintBin3", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin4": { + "description": "The bodyFingerprintBin4", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin5": { + "description": "The bodyFingerprintBin5", + "type": "integer", + "format": "int32" + }, + "antispamDirection": { + "description": "The directionality of this mail message", + "enum": [ + "Unknown", + "Inbound", + "Outbound", + "Intraorg" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AntispamMailDirection", + "values": [ + { + "description": "Unknown", + "value": "Unknown" + }, + { + "description": "Inbound", + "value": "Inbound" + }, + { + "description": "Outbound", + "value": "Outbound" + }, + { + "description": "Intraorg", + "value": "Intraorg" + } + ] + } + }, + "deliveryAction": { + "description": "The delivery action of this mail message like Delivered, Blocked, Replaced etc", + "enum": [ + "Unknown", + "DeliveredAsSpam", + "Delivered", + "Blocked", + "Replaced" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "DeliveryAction", + "values": [ + { + "description": "Unknown", + "value": "Unknown" + }, + { + "description": "DeliveredAsSpam", + "value": "DeliveredAsSpam" + }, + { + "description": "Delivered", + "value": "Delivered" + }, + { + "description": "Blocked", + "value": "Blocked" + }, + { + "description": "Replaced", + "value": "Replaced" + } + ] + } + }, + "deliveryLocation": { + "description": "The delivery location of this mail message like Inbox, JunkFolder etc", + "enum": [ + "Unknown", + "Inbox", + "JunkFolder", + "DeletedFolder", + "Quarantine", + "External", + "Failed", + "Dropped", + "Forwarded" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "DeliveryLocation", + "values": [ + { + "description": "Unknown", + "value": "Unknown" + }, + { + "description": "Inbox", + "value": "Inbox" + }, + { + "description": "JunkFolder", + "value": "JunkFolder" + }, + { + "description": "DeletedFolder", + "value": "DeletedFolder" + }, + { + "description": "Quarantine", + "value": "Quarantine" + }, + { + "description": "External", + "value": "External" + }, + { + "description": "Failed", + "value": "Failed" + }, + { + "description": "Dropped", + "value": "Dropped" + }, + { + "description": "Forwarded", + "value": "Forwarded" + } + ] + } + } + }, + "type": "object" + }, + "SubmissionMailEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a submission mail entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SubmissionMailEntityProperties", + "description": "Submission mail entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SubmissionMail" + }, + "SubmissionMailEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Submission mail entity property bag.", + "properties": { + "networkMessageId": { + "description": "The network message id of email to which submission belongs", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "submissionId": { + "description": "The submission id", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "submitter": { + "description": "The submitter", + "readOnly": true, + "type": "string" + }, + "submissionDate": { + "description": "The submission date", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "timestamp": { + "description": "The Time stamp when the message is received (Mail)", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "recipient": { + "description": "The recipient of the mail", + "readOnly": true, + "type": "string" + }, + "sender": { + "description": "The sender of the mail", + "readOnly": true, + "type": "string" + }, + "senderIp": { + "description": "The sender's IP", + "readOnly": true, + "type": "string" + }, + "subject": { + "description": "The subject of submission mail", + "readOnly": true, + "type": "string" + }, + "reportType": { + "description": "The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "MCASDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents MCAS (Microsoft Cloud App Security) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MCASDataConnectorProperties", + "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftCloudAppSecurity" + }, + "MCASDataConnectorDataTypes": { + "allOf": [ + { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector" + } + ], + "description": "The available data types for MCAS (Microsoft Cloud App Security) data connector.", + "properties": { + "discoveryLogs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Discovery log data type connection.", + "type": "object" + } + }, + "type": "object" + }, + "MCASDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MCASDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "MDATPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MDATPDataConnectorProperties", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection" + }, + "MDATPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "type": "object" + }, + "MalwareEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a malware entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MalwareEntityProperties", + "description": "File entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Malware" + }, + "MalwareEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Malware entity property bag.", + "properties": { + "category": { + "description": "The malware category by the vendor, e.g. Trojan", + "readOnly": true, + "type": "string" + }, + "fileEntityIds": { + "description": "List of linked file entity identifiers on which the malware was found", + "items": { + "description": "file entity id", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "malwareName": { + "description": "The malware name by the vendor, e.g. Win32/Toga!rfn", + "readOnly": true, + "type": "string" + }, + "processEntityIds": { + "description": "List of linked process entity identifiers on which the malware was found.", + "items": { + "description": "process entity id", + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "MicrosoftSecurityIncidentCreationAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents MicrosoftSecurityIncidentCreation rule.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleProperties", + "description": "MicrosoftSecurityIncidentCreation rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" + }, + "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties": { + "description": "MicrosoftSecurityIncidentCreation rule common property bag.", + "properties": { + "displayNamesFilter": { + "description": "the alerts' displayNames on which the cases will be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "displayNamesExcludeFilter": { + "description": "the alerts' displayNames on which the cases will not be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "productFilter": { + "description": "The alerts' productName on which the cases will be generated", + "enum": [ + "Microsoft Cloud App Security", + "Azure Security Center", + "Azure Advanced Threat Protection", + "Azure Active Directory Identity Protection", + "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", + "Microsoft Defender Advanced Threat Protection" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "MicrosoftSecurityProductName" + } + }, + "severitiesFilter": { + "description": "the alerts' severities on which the cases will be generated", + "items": { + "$ref": "#/definitions/AlertSeverity" + }, + "type": "array" + } + }, + "required": [ + "productFilter" + ], + "type": "object" + }, + "MicrosoftSecurityIncidentCreationAlertRuleProperties": { + "allOf": [ + { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleCommonProperties" + } + ], + "description": "MicrosoftSecurityIncidentCreation rule property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "displayName", + "enabled", + "productFilter" + ], + "type": "object" + }, + "MicrosoftSecurityIncidentCreationAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents MicrosoftSecurityIncidentCreation rule template.", + "properties": { + "properties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" + }, + { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleCommonProperties" + } + ], + "description": "MicrosoftSecurityIncidentCreation rule template properties", + "required": [ + "displayName", + "description", + "createdDateUTC", + "status", + "alertRulesCreatedByTemplateCount", + "productFilter" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" + }, + "OfficeATPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents OfficeATP (Office 365 Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeATPDataConnectorProperties", + "description": "OfficeATP (Office 365 Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficeATP" + }, + "OfficeATPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "OfficeATP (Office 365 Advanced Threat Protection) data connector properties.", + "type": "object" + }, + "OfficeDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents office data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeDataConnectorProperties", + "description": "Office data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Office365" + }, + "OfficeDataConnectorDataTypes": { + "description": "The available data types for office data connector.", + "properties": { + "exchange": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Exchange data type connection.", + "type": "object" + }, + "sharePoint": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "SharePoint data type connection.", + "type": "object" + }, + "teams": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Teams data type connection.", + "type": "object" + } + }, + "type": "object", + "required": [ + "exchange", + "sharePoint", + "teams" + ] + }, + "OfficeDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Office data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/OfficeDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "Operation": { + "description": "Operation provided by provider", + "properties": { + "display": { + "description": "Properties of the operation", + "properties": { + "description": { + "description": "Description of the operation", + "type": "string" + }, + "operation": { + "description": "Operation name", + "type": "string" + }, + "provider": { + "description": "Provider name", + "type": "string" + }, + "resource": { + "description": "Resource name", + "type": "string" + } + }, + "type": "object" + }, + "name": { + "description": "Name of the operation", + "type": "string" + }, + "origin": { + "description": "The origin of the operation", + "type": "string" + } + } + }, + "OperationsList": { + "description": "Lists the operations available in the SecurityInsights RP.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of operations.", + "type": "string" + }, + "value": { + "description": "Array of operations", + "items": { + "$ref": "#/definitions/Operation" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "ProcessEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a process entity.", + "properties": { + "properties": { + "$ref": "#/definitions/ProcessEntityProperties", + "description": "Process entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Process" + }, + "ProcessEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Process entity property bag.", + "properties": { + "accountEntityId": { + "description": "The account entity id running the processes.", + "readOnly": true, + "type": "string" + }, + "commandLine": { + "description": "The command line used to create the process", + "readOnly": true, + "type": "string" + }, + "creationTimeUtc": { + "description": "The time when the process started to run", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "elevationToken": { + "description": "The elevation token associated with the process.", + "enum": [ + "Default", + "Full", + "Limited" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "ElevationToken", + "values": [ + { + "description": "Default elevation token", + "value": "Default" + }, + { + "description": "Full elevation token", + "value": "Full" + }, + { + "description": "Limited elevation token", + "value": "Limited" + } + ] + } + }, + "hostEntityId": { + "description": "The host entity id on which the process was running", + "readOnly": true, + "type": "string" + }, + "hostLogonSessionEntityId": { + "description": "The session entity id in which the process was running", + "readOnly": true, + "type": "string" + }, + "imageFileEntityId": { + "description": "Image file entity id", + "readOnly": true, + "type": "string" + }, + "parentProcessEntityId": { + "description": "The parent process entity id.", + "readOnly": true, + "type": "string" + }, + "processId": { + "description": "The process ID", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "RegistryKeyEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a registry key entity.", + "properties": { + "properties": { + "$ref": "#/definitions/RegistryKeyEntityProperties", + "description": "RegistryKey entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "RegistryKey" + }, + "RegistryKeyEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "RegistryKey entity property bag.", + "properties": { + "hive": { + "description": "the hive that holds the registry key.", + "enum": [ + "HKEY_LOCAL_MACHINE", + "HKEY_CLASSES_ROOT", + "HKEY_CURRENT_CONFIG", + "HKEY_USERS", + "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "HKEY_PERFORMANCE_DATA", + "HKEY_PERFORMANCE_NLSTEXT", + "HKEY_PERFORMANCE_TEXT", + "HKEY_A", + "HKEY_CURRENT_USER" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "RegistryHive", + "values": [ + { + "description": "HKEY_LOCAL_MACHINE", + "value": "HKEY_LOCAL_MACHINE" + }, + { + "description": "HKEY_CLASSES_ROOT", + "value": "HKEY_CLASSES_ROOT" + }, + { + "description": "HKEY_CURRENT_CONFIG", + "value": "HKEY_CURRENT_CONFIG" + }, + { + "description": "HKEY_USERS", + "value": "HKEY_USERS" + }, + { + "description": "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "value": "HKEY_CURRENT_USER_LOCAL_SETTINGS" + }, + { + "description": "HKEY_PERFORMANCE_DATA", + "value": "HKEY_PERFORMANCE_DATA" + }, + { + "description": "HKEY_PERFORMANCE_NLSTEXT", + "value": "HKEY_PERFORMANCE_NLSTEXT" + }, + { + "description": "HKEY_PERFORMANCE_TEXT", + "value": "HKEY_PERFORMANCE_TEXT" + }, + { + "description": "HKEY_A", + "value": "HKEY_A" + }, + { + "description": "HKEY_CURRENT_USER", + "value": "HKEY_CURRENT_USER" + } + ] + } + }, + "key": { + "description": "The registry key path.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "RegistryValueEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a registry value entity.", + "properties": { + "properties": { + "$ref": "#/definitions/RegistryValueEntityProperties", + "description": "RegistryKey entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "RegistryValue" + }, + "RegistryValueEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "RegistryValue entity property bag.", + "properties": { + "keyEntityId": { + "description": "The registry key entity id.", + "readOnly": true, + "type": "string" + }, + "valueData": { + "description": "String formatted representation of the value data.", + "readOnly": true, + "type": "string" + }, + "valueName": { + "description": "The registry value name.", + "readOnly": true, + "type": "string" + }, + "valueType": { + "description": "Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry.", + "enum": [ + "None", + "Unknown", + "String", + "ExpandString", + "Binary", + "DWord", + "MultiString", + "QWord" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "RegistryValueKind", + "values": [ + { + "description": "None", + "value": "None" + }, + { + "description": "Unknown value type", + "value": "Unknown" + }, + { + "description": "String value type", + "value": "String" + }, + { + "description": "ExpandString value type", + "value": "ExpandString" + }, + { + "description": "Binary value type", + "value": "Binary" + }, + { + "description": "DWord value type", + "value": "DWord" + }, + { + "description": "MultiString value type", + "value": "MultiString" + }, + { + "description": "QWord value type", + "value": "QWord" + } + ] + } + } + }, + "type": "object" + }, + "RelationList": { + "description": "List of relations.", + "properties": { + "nextLink": { + "readOnly": true, + "description": "URL to fetch the next set of relations.", + "type": "string" + }, + "value": { + "description": "Array of relations.", + "type": "array", + "items": { + "$ref": "#/definitions/Relation" + } + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "Relation": { + "type": "object", + "description": "Represents a relation between two resources", + "allOf": [ + { + "$ref": "#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/RelationProperties", + "description": "Relation properties", + "x-ms-client-flatten": true + } + } + }, + "RelationProperties": { + "description": "Relation property bag.", + "properties": { + "relatedResourceId": { + "description": "The resource ID of the related resource", + "type": "string" + }, + "relatedResourceName": { + "description": "The name of the related resource", + "readOnly": true, + "type": "string" + }, + "relatedResourceType": { + "description": "The resource type of the related resource", + "readOnly": true, + "type": "string" + }, + "relatedResourceKind": { + "description": "The resource kind of the related resource", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "relatedResourceId" + ], + "type": "object" + }, + "Resource": { + "description": "An azure resource object", + "properties": { + "id": { + "description": "Azure resource Id", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "Azure resource name", + "readOnly": true, + "type": "string" + }, + "type": { + "description": "Azure resource type", + "readOnly": true, + "type": "string" + } + }, + "x-ms-azure-resource": true + }, + "ResourceWithEtag": { + "description": "An azure resource object with an Etag property", + "properties": { + "id": { + "description": "Azure resource Id", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "Azure resource name", + "readOnly": true, + "type": "string" + }, + "type": { + "description": "Azure resource type", + "readOnly": true, + "type": "string" + }, + "etag": { + "description": "Etag of the azure resource", + "type": "string" + } + }, + "x-ms-azure-resource": true + }, + "ScheduledAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents scheduled alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ScheduledAlertRuleProperties", + "description": "Scheduled alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Scheduled" + }, + "ScheduledAlertRuleCommonProperties": { + "description": "Scheduled alert rule template property bag.", + "properties": { + "query": { + "description": "The query that creates alerts for this rule.", + "type": "string" + }, + "queryFrequency": { + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run.", + "format": "duration", + "type": "string" + }, + "queryPeriod": { + "description": "The period (in ISO 8601 duration format) that this alert rule looks at.", + "format": "duration", + "type": "string" + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "triggerOperator": { + "$ref": "#/definitions/AlertRuleTriggerOperator", + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "description": "The threshold triggers this alert rule.", + "type": "integer" + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + } + }, + "type": "object" + }, + "EventGroupingSettings": { + "description": "Event grouping settings property bag.", + "properties": { + "aggregationKind": { + "$ref": "#/definitions/EventGroupingAggregationKind" + } + }, + "type": "object" + }, + "EventGroupingAggregationKind": { + "description": "The event grouping aggregation kinds", + "enum": [ + "SingleAlert", + "AlertPerResult" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EventGroupingAggregationKind" + } + }, + "ScheduledAlertRuleProperties": { + "allOf": [ + { + "$ref": "#/definitions/ScheduledAlertRuleCommonProperties" + } + ], + "description": "Scheduled alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert rule has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "suppressionDuration": { + "description": "The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.", + "format": "duration", + "type": "string" + }, + "suppressionEnabled": { + "description": "Determines whether the suppression for this alert rule is enabled or disabled.", + "type": "boolean" + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "type": "array" + }, + "incidentConfiguration": { + "$ref": "#/definitions/IncidentConfiguration", + "description": "The settings of the incidents that created from alerts triggered by this analytics rule" + } + }, + "required": [ + "displayName", + "enabled", + "severity", + "query", + "queryFrequency", + "queryPeriod", + "triggerOperator", + "triggerThreshold", + "suppressionEnabled", + "suppressionDuration" + ], + "type": "object" + }, + "ScheduledAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents scheduled alert rule template.", + "properties": { + "properties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" + }, + { + "$ref": "#/definitions/ScheduledAlertRuleCommonProperties" + } + ], + "description": "Scheduled alert rule template properties", + "properties": { + "tactics": { + "description": "The tactics of the alert rule template", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "type": "array" + } + }, + "required": [ + "displayName", + "description", + "status", + "alertRulesCreatedByTemplateCount", + "severity", + "query", + "queryFrequency", + "queryPeriod", + "triggerOperator", + "triggerThreshold" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Scheduled" + }, + "IncidentConfiguration": { + "description": "Incident Configuration property bag.", + "properties": { + "createIncident": { + "description": "Create incidents from alerts triggered by this analytics rule", + "type": "boolean" + }, + "groupingConfiguration": { + "$ref": "#/definitions/GroupingConfiguration", + "description": "Set how the alerts that are triggered by this analytics rule, are grouped into incidents" + } + }, + "type": "object", + "required": [ + "createIncident" + ] + }, + "GroupingConfiguration": { + "description": "Grouping configuration property bag.", + "properties": { + "enabled": { + "description": "Grouping enabled", + "type": "boolean" + }, + "reopenClosedIncident": { + "description": "Re-open closed matching incidents", + "type": "boolean" + }, + "lookbackDuration": { + "description": "Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)", + "format": "duration", + "type": "string" + }, + "entitiesMatchingMethod": { + "description": "Grouping matching method", + "enum": [ + "All", + "None", + "Custom" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntitiesMatchingMethod", + "values": [ + { + "description": "Grouping alerts into a single incident if all the entities match", + "value": "All" + }, + { + "description": "Grouping all alerts triggered by this rule into a single incident", + "value": "None" + }, + { + "description": "Grouping alerts into a single incident if the selected entities match", + "value": "Custom" + } + ] + } + }, + "groupByEntities": { + "description": "A list of entity types to group by (when entitiesMatchingMethod is Custom)", + "items": { + "description": "Grouping entity type", + "enum": [ + "Account", + "Host", + "Ip", + "Url", + "FileHash" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "GroupingEntityType", + "values": [ + { + "description": "Account entity", + "value": "Account" + }, + { + "description": "Host entity", + "value": "Host" + }, + { + "description": "Ip entity", + "value": "Ip" + }, + { + "description": "Url entity", + "value": "Url" + }, + { + "description": "FileHash entity", + "value": "FileHash" + } + ] + } + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "enabled", + "reopenClosedIncident", + "lookbackDuration", + "entitiesMatchingMethod" + ] + }, + "SecurityAlert": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a security alert entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SecurityAlertProperties", + "description": "SecurityAlert entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SecurityAlert" + }, + "SecurityAlertProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "SecurityAlert entity property bag.", + "properties": { + "alertDisplayName": { + "description": "The display name of the alert.", + "readOnly": true, + "type": "string" + }, + "alertType": { + "description": "The type name of the alert.", + "readOnly": true, + "type": "string" + }, + "compromisedEntity": { + "description": "Display name of the main entity being reported on.", + "readOnly": true, + "type": "string" + }, + "confidenceLevel": { + "description": "The confidence level of this alert.", + "enum": [ + "Unknown", + "Low", + "High" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ConfidenceLevel", + "values": [ + { + "description": "Unknown confidence, the is the default value", + "value": "Unknown" + }, + { + "description": "Low confidence, meaning we have some doubts this is indeed malicious or part of an attack", + "value": "Low" + }, + { + "description": "High confidence that the alert is true positive malicious", + "value": "High" + } + ] + } + }, + "confidenceReasons": { + "description": "The confidence reasons", + "items": { + "description": "confidence reason item", + "properties": { + "reason": { + "description": "The reason's description", + "readOnly": true, + "type": "string" + }, + "reasonType": { + "description": "The type (category) of the reason", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "readOnly": true, + "type": "array" + }, + "confidenceScore": { + "description": "The confidence score of the alert.", + "format": "double", + "readOnly": true, + "type": "number" + }, + "confidenceScoreStatus": { + "description": "The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final.", + "enum": [ + "NotApplicable", + "InProcess", + "NotFinal", + "Final" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ConfidenceScoreStatus", + "values": [ + { + "description": "Score will not be calculated for this alert as it is not supported by virtual analyst", + "value": "NotApplicable" + }, + { + "description": "No score was set yet and calculation is in progress", + "value": "InProcess" + }, + { + "description": "Score is calculated and shown as part of the alert, but may be updated again at a later time following the processing of additional data", + "value": "NotFinal" + }, + { + "description": "Final score was calculated and available", + "value": "Final" + } + ] + } + }, + "description": { + "description": "Alert description.", + "readOnly": true, + "type": "string" + }, + "endTimeUtc": { + "description": "The impact end time of the alert (the time of the last event contributing to the alert).", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "intent": { + "description": "Holds the alert intent stage(s) mapping for this alert.", + "enum": [ + "Unknown", + "Probing", + "Exploitation", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Execution", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "KillChainIntent", + "values": [ + { + "description": "The default value.", + "value": "Unknown" + }, + { + "description": "Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in.", + "value": "Probing" + }, + { + "description": "Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage.", + "value": "Exploitation" + }, + { + "description": "Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access.", + "value": "Persistence" + }, + { + "description": "Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege.", + "value": "PrivilegeEscalation" + }, + { + "description": "Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. ", + "value": "DefenseEvasion" + }, + { + "description": "Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment.", + "value": "CredentialAccess" + }, + { + "description": "Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must orient themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase.", + "value": "Discovery" + }, + { + "description": "Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect.", + "value": "LateralMovement" + }, + { + "description": "The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network.", + "value": "Execution" + }, + { + "description": "Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", + "value": "Collection" + }, + { + "description": "Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", + "value": "Exfiltration" + }, + { + "description": "The command and control tactic represents how adversaries communicate with systems under their control within a target network.", + "value": "CommandAndControl" + }, + { + "description": "The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others.", + "value": "Impact" + } + ] + } + }, + "providerAlertId": { + "description": "The identifier of the alert inside the product which generated the alert.", + "readOnly": true, + "type": "string" + }, + "processingEndTime": { + "description": "The time the alert was made available for consumption.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "productComponentName": { + "description": "The name of a component inside the product which generated the alert.", + "readOnly": true, + "type": "string" + }, + "productName": { + "description": "The name of the product which published this alert.", + "readOnly": true, + "type": "string" + }, + "productVersion": { + "description": "The version of the product generating the alert.", + "readOnly": true, + "type": "string" + }, + "remediationSteps": { + "description": "Manual action items to take to remediate the alert.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity of the alert" + }, + "startTimeUtc": { + "description": "The impact start time of the alert (the time of the first event contributing to the alert).", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "status": { + "description": "The lifecycle status of the alert.", + "enum": [ + "Unknown", + "New", + "Resolved", + "Dismissed", + "InProgress" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertStatus", + "values": [ + { + "description": "Unknown value", + "value": "Unknown" + }, + { + "description": "New alert", + "value": "New" + }, + { + "description": "Alert closed after handling", + "value": "Resolved" + }, + { + "description": "Alert dismissed as false positive", + "value": "Dismissed" + }, + { + "description": "Alert is being handled", + "value": "InProgress" + } + ] + } + }, + "systemAlertId": { + "description": "Holds the product identifier of the alert for the product.", + "readOnly": true, + "type": "string" + }, + "tactics": { + "description": "The tactics of the alert", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + }, + "timeGenerated": { + "description": "The time the alert was generated.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "vendorName": { + "description": "The name of the vendor that raise the alert.", + "readOnly": true, + "type": "string" + }, + "alertLink": { + "description": "The uri link of the alert.", + "readOnly": true, + "type": "string" + }, + "resourceIdentifiers": { + "description": "The list of resource identifiers of the alert.", + "items": { + "type": "object" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "SecurityGroupEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a security group entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SecurityGroupEntityProperties", + "description": "SecurityGroup entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SecurityGroup" + }, + "SecurityGroupEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "SecurityGroup entity property bag.", + "properties": { + "distinguishedName": { + "description": "The group distinguished name", + "readOnly": true, + "type": "string" + }, + "objectGuid": { + "description": "A single-value attribute that is the unique identifier for the object, assigned by active directory.", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "sid": { + "description": "The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "SettingList": { + "description": "List of all the settings.", + "properties": { + "value": { + "description": "Array of settings.", + "items": { + "$ref": "#/definitions/Settings" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "Settings": { + "allOf": [ + { + "$ref": "#/definitions/ResourceWithEtag" + }, + { + "$ref": "#/definitions/SettingsKind" + } + ], + "description": "The Setting.", + "discriminator": "kind", + "type": "object" + }, + "SettingsKind": { + "description": "Describes an Azure resource with kind.", + "properties": { + "kind": { + "description": "The kind of the setting", + "enum": [ + "Anomalies", + "EyesOn", + "EntityAnalytics", + "Ueba" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "SettingKind" + } + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "TIDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Data connector to pull threat intelligence data from TIP products.", + "properties": { + "properties": { + "$ref": "#/definitions/TIDataConnectorProperties", + "description": "Threat Intelligence Platforms data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "TIDataConnectorDataTypes": { + "description": "The available data types for Threat Intelligence Platforms data connector.", + "properties": { + "indicators": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Data type for Threat Intelligence Platforms data connector.", + "type": "object" + } + }, + "type": "object", + "required": [ + "indicators" + ] + }, + "TIDataConnectorProperties": { + "description": "TI (Threat Intelligence) data connector properties.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + }, + "tipLookbackPeriod": { + "description": "The lookback period for the feed to be imported.", + "format": "date-time", + "type": "string", + "x-nullable": true + }, + "dataTypes": { + "$ref": "#/definitions/TIDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "tenantId", + "dataTypes" + ] + }, + "TiTaxiiDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server", + "properties": { + "properties": { + "$ref": "#/definitions/TiTaxiiDataConnectorProperties", + "description": "Threat intelligence TAXII data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligenceTaxii" + }, + "TiTaxiiDataConnectorDataTypes": { + "description": "The available data types for Threat Intelligence TAXII data connector.", + "properties": { + "taxiiClient": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Data type for TAXII connector.", + "type": "object" + } + }, + "type": "object", + "required": [ + "taxiiClient" + ] + }, + "TiTaxiiDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Threat Intelligence TAXII data connector properties.", + "properties": { + "workspaceId": { + "description": "The workspace id.", + "type": "string" + }, + "friendlyName": { + "description": "The friendly name for the TAXII server.", + "type": "string" + }, + "taxiiServer": { + "description": "The API root for the TAXII server.", + "type": "string" + }, + "collectionId": { + "description": "The collection id of the TAXII server.", + "type": "string" + }, + "userName": { + "description": "The userName for the TAXII server.", + "type": "string" + }, + "password": { + "description": "The password for the TAXII server.", + "type": "string" + }, + "taxiiLookbackPeriod": { + "description": "The lookback period for the TAXII server.", + "format": "date-time", + "type": "string", + "x-nullable": true + }, + "pollingFrequency": { + "description": "The polling frequency for the TAXII server.", + "type": "string", + "x-nullable": true, + "enum": [ + "OnceAMinute", + "OnceAnHour", + "OnceADay" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "PollingFrequency", + "values": [ + { + "description": "Once a minute", + "value": "OnceAMinute" + }, + { + "description": "Once an hour", + "value": "OnceAnHour" + }, + { + "description": "Once a day", + "value": "OnceADay" + } + ] + } + }, + "dataTypes": { + "$ref": "#/definitions/TiTaxiiDataConnectorDataTypes", + "description": "The available data types for Threat Intelligence TAXII data connector." + } + }, + "required": [ + "dataTypes", + "pollingFrequency" + ], + "type": "object" + }, + "ThreatIntelligence": { + "description": "ThreatIntelligence property bag.", + "properties": { + "confidence": { + "description": "Confidence (must be between 0 and 1)", + "format": "double", + "readOnly": true, + "type": "number" + }, + "providerName": { + "description": "Name of the provider from whom this Threat Intelligence information was received", + "readOnly": true, + "type": "string" + }, + "reportLink": { + "description": "Report link", + "readOnly": true, + "type": "string" + }, + "threatDescription": { + "description": "Threat description (free text)", + "readOnly": true, + "type": "string" + }, + "threatName": { + "description": "Threat name (e.g. \"Jedobot malware\")", + "readOnly": true, + "type": "string" + }, + "threatType": { + "description": "Threat type (e.g. \"Botnet\")", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "UserInfo": { + "description": "User information that made some action", + "properties": { + "email": { + "description": "The email of the user.", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "The name of the user.", + "readOnly": true, + "type": "string" + }, + "objectId": { + "description": "The object id of the user.", + "format": "uuid", + "type": "string", + "x-nullable": true + } + }, + "type": "object" + }, + "Anomalies": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/AnomaliesProperties", + "description": "Anomalies properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Anomalies" + }, + "AnomaliesProperties": { + "description": "Anomalies property bag.", + "properties": { + "isEnabled": { + "description": "Determines whether the setting is enable or disabled.", + "readOnly": true, + "type": "boolean" + } + }, + "type": "object" + }, + "IPSyncer": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/IPSyncerSettingsProperties", + "description": "IPSyncer properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "IPSyncer" + }, + "IPSyncerSettingsProperties": { + "description": "IPSyncer property bag.", + "properties": { + "isEnabled": { + "description": "Determines whether the setting is enable or disabled.", + "readOnly": true, + "type": "boolean" + } + }, + "type": "object" + }, + "EyesOn": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/EyesOnSettingsProperties", + "description": "EyesOn properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "EyesOn" + }, + "EyesOnSettingsProperties": { + "description": "EyesOn property bag.", + "properties": { + "isEnabled": { + "description": "Determines whether the setting is enable or disabled.", + "readOnly": true, + "type": "boolean" + } + }, + "type": "object" + }, + "EntityAnalytics": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/EntityAnalyticsProperties", + "description": "EntityAnalytics properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "EntityAnalytics" + }, + "EntityAnalyticsProperties": { + "description": "EntityAnalytics property bag.", + "properties": { + "isEnabled": { + "description": "Determines whether the setting is enable or disabled.", + "readOnly": true, + "type": "boolean" + } + }, + "type": "object" + }, + "Ueba": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/UebaProperties", + "description": "Ueba properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Ueba" + }, + "UebaProperties": { + "description": "Ueba property bag.", + "properties": { + "dataSources": { + "description": "The relevant data sources that enriched by ueba", + "items": { + "$ref": "#/definitions/UebaDataSources" + }, + "type": "array" + } + }, + "type": "object" + }, + "UebaDataSources": { + "description": "The data source that enriched by ueba.", + "enum": [ + "AuditLogs", + "AzureActivity", + "SecurityEvent", + "SigninLogs" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "UebaDataSources" + } + }, + "UrlEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a url entity.", + "properties": { + "properties": { + "$ref": "#/definitions/UrlEntityProperties", + "description": "Url entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Url" + }, + "UrlEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Url entity property bag.", + "properties": { + "url": { + "description": "A full URL the entity points to", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "IoTDeviceEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an IoT device entity.", + "properties": { + "properties": { + "$ref": "#/definitions/IoTDeviceEntityProperties", + "description": "IoTDevice entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "IoTDevice" + }, + "IoTDeviceEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "IoTDevice entity property bag.", + "properties": { + "deviceId": { + "description": "The ID of the IoT Device in the IoT Hub", + "readOnly": true, + "type": "string" + }, + "deviceName": { + "description": "The friendly name of the device", + "readOnly": true, + "type": "string" + }, + "source": { + "description": "The source of the device", + "readOnly": true, + "type": "string" + }, + "iotSecurityAgentId": { + "description": "The ID of the security agent running on the device", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "deviceType": { + "description": "The type of the device", + "readOnly": true, + "type": "string" + }, + "vendor": { + "description": "The vendor of the device", + "readOnly": true, + "type": "string" + }, + "edgeId": { + "description": "The ID of the edge device", + "readOnly": true, + "type": "string" + }, + "macAddress": { + "description": "The MAC address of the device", + "readOnly": true, + "type": "string" + }, + "model": { + "description": "The model of the device", + "readOnly": true, + "type": "string" + }, + "serialNumber": { + "description": "The serial number of the device", + "readOnly": true, + "type": "string" + }, + "firmwareVersion": { + "description": "The firmware version of the device", + "readOnly": true, + "type": "string" + }, + "operatingSystem": { + "description": "The operating system of the device", + "readOnly": true, + "type": "string" + }, + "iotHubEntityId": { + "description": "The AzureResource entity id of the IoT Hub", + "readOnly": true, + "type": "string" + }, + "hostEntityId": { + "description": "The Host entity id of this device", + "readOnly": true, + "type": "string" + }, + "ipAddressEntityId": { + "description": "The IP entity if of this device", + "readOnly": true, + "type": "string" + }, + "threatIntelligence": { + "description": "A list of TI contexts attached to the IoTDevice entity.", + "items": { + "$ref": "#/definitions/ThreatIntelligence" + }, + "readOnly": true, + "type": "array" + }, + "protocols": { + "description": "A list of protocols of the IoTDevice entity.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "IncidentInfo": { + "description": "Describes related incident information for the bookmark", + "properties": { + "incidentId": { + "description": "Incident Id", + "type": "string" + }, + "severity": { + "description": "The severity of the incident", + "enum": [ + "Critical", + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "CaseSeverity", + "values": [ + { + "description": "Critical severity", + "value": "Critical" + }, + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "title": { + "description": "The title of the incident", + "type": "string" + }, + "relationName": { + "description": "Relation Name", + "type": "string" + } + }, + "type": "object" + }, + "WatchlistList": { + "description": "List all the watchlists.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of watchlists.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of watchlist.", + "items": { + "$ref": "#/definitions/Watchlist" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "Watchlist": { + "allOf": [ + { + "$ref": "#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Watchlist in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/WatchlistProperties", + "description": "Watchlist properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WatchlistProperties": { + "description": "Describes watchlist properties", + "properties": { + "watchlistId": { + "description": "The id (a Guid) of the watchlist", + "type": "string" + }, + "displayName": { + "description": "The display name of the watchlist", + "type": "string" + }, + "provider": { + "description": "The provider of the watchlist", + "type": "string" + }, + "source": { + "description": "The source of the watchlist", + "enum": [ + "Local file", + "Remote storage" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "source" + } + }, + "created": { + "description": "The time the watchlist was created", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The last time the watchlist was updated", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the watchlist", + "type": "object" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the watchlist", + "type": "object" + }, + "description": { + "description": "A description of the watchlist", + "type": "string" + }, + "watchlistType": { + "description": "The type of the watchlist", + "type": "string" + }, + "watchlistAlias": { + "description": "The alias of the watchlist", + "type": "string" + }, + "isDeleted": { + "description": "A flag that indicates if the watchlist is deleted or not", + "type": "boolean" + }, + "labels": { + "description": "List of labels relevant to this watchlist", + "items": { + "$ref": "#/definitions/Label" + }, + "type": "array" + }, + "defaultDuration": { + "description": "The default duration of a watchlist (in ISO 8601 duration format)", + "format": "duration", + "type": "string" + }, + "tenantId": { + "description": "The tenantId where the watchlist belongs to", + "type": "string" + }, + "numberOfLinesToSkip": { + "description": "The number of lines in a csv/tsv content to skip before the header", + "type": "integer", + "format": "int32" + }, + "rawContent": { + "description": "The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint", + "type": "string" + }, + "contentType": { + "description": "The content type of the raw content. Example : text/csv or text/tsv ", + "type": "string" + }, + "uploadStatus": { + "description": "The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted", + "type": "string" + }, + "watchlistItemsCount": { + "description": "The number of Watchlist Items in the Watchlist", + "type": "integer", + "format": "int32" + } + }, + "required": [ + "displayName", + "source", + "provider" + ], + "type": "object" + }, + "WatchlistItemList": { + "description": "List all the watchlist items.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of watchlist item.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of watchlist items.", + "items": { + "$ref": "#/definitions/WatchlistItem" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "WatchlistItem": { + "allOf": [ + { + "$ref": "#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Watchlist item in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/WatchlistItemProperties", + "description": "Watchlist Item properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WatchlistItemProperties": { + "description": "Describes watchlist item properties", + "properties": { + "watchlistItemType": { + "description": "The type of the watchlist item", + "type": "string" + }, + "watchlistItemId": { + "description": "The id (a Guid) of the watchlist item", + "type": "string" + }, + "tenantId": { + "description": "The tenantId to which the watchlist item belongs to", + "type": "string" + }, + "isDeleted": { + "description": "A flag that indicates if the watchlist item is deleted or not", + "type": "boolean" + }, + "created": { + "description": "The time the watchlist item was created", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The last time the watchlist item was updated", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the watchlist item", + "type": "object" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the watchlist item", + "type": "object" + }, + "itemsKeyValue": { + "description": "key-value pairs for a watchlist item", + "type": "object" + }, + "entityMapping": { + "description": "key-value pairs for a watchlist item entity mapping", + "type": "object" + } + }, + "required": [ + "itemsKeyValue" + ], + "type": "object" + } + }, + "parameters": { + "Action": { + "description": "The action", + "in": "body", + "name": "action", + "required": true, + "schema": { + "$ref": "#/definitions/ActionRequest" + }, + "x-ms-parameter-location": "method" + }, + "ActionId": { + "description": "Action ID", + "in": "path", + "name": "actionId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "AlertRule": { + "description": "The alert rule", + "in": "body", + "name": "alertRule", + "required": true, + "schema": { + "$ref": "#/definitions/AlertRule" + }, + "x-ms-parameter-location": "method" + }, + "AlertRuleTemplateId": { + "description": "Alert rule template ID", + "in": "path", + "name": "alertRuleTemplateId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ApiVersion": { + "description": "API version for the operation", + "enum": [ + "2019-01-01-preview" + ], + "in": "query", + "name": "api-version", + "required": true, + "type": "string" + }, + "RelationName": { + "name": "relationName", + "in": "path", + "required": true, + "type": "string", + "description": "Relation Name", + "x-ms-parameter-location": "method" + }, + "DataConnector": { + "description": "The data connector", + "in": "body", + "name": "dataConnector", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnector" + }, + "x-ms-parameter-location": "method" + }, + "DataConnectorId": { + "description": "Connector ID", + "in": "path", + "name": "dataConnectorId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "EntityQueryId": { + "description": "entity query ID", + "in": "path", + "name": "entityQueryId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "Incident": { + "description": "The incident", + "in": "body", + "name": "incident", + "required": true, + "schema": { + "$ref": "#/definitions/Incident" + }, + "x-ms-parameter-location": "method" + }, + "IncidentComment": { + "description": "The incident comment", + "in": "body", + "name": "incidentComment", + "required": true, + "schema": { + "$ref": "#/definitions/IncidentComment" + }, + "x-ms-parameter-location": "method" + }, + "IncidentCommentId": { + "description": "Incident comment ID", + "in": "path", + "name": "incidentCommentId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "IncidentId": { + "description": "Incident ID", + "in": "path", + "name": "incidentId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ODataFilter": { + "description": "Filters the results, based on a Boolean condition. Optional.", + "in": "query", + "name": "$filter", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ODataOrderBy": { + "description": "Sorts the results. Optional.", + "in": "query", + "name": "$orderby", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ODataSkipToken": { + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "in": "query", + "name": "$skipToken", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ODataTop": { + "description": "Returns only the first n results. Optional.", + "format": "int32", + "in": "query", + "name": "$top", + "required": false, + "type": "integer", + "x-ms-parameter-location": "method" + }, + "OperationalInsightsResourceProvider": { + "description": "The namespace of workspaces resource provider- Microsoft.OperationalInsights.", + "in": "path", + "name": "operationalInsightsResourceProvider", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "Relation": { + "name": "relation", + "in": "body", + "description": "The relation model", + "required": true, + "schema": { + "$ref": "#/definitions/Relation" + }, + "x-ms-parameter-location": "method" + }, + "ResourceGroupName": { + "description": "The name of the resource group within the user's subscription. The name is case insensitive.", + "in": "path", + "maxLength": 90, + "minLength": 1, + "name": "resourceGroupName", + "pattern": "^[-\\w\\._\\(\\)]+$", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "RuleId": { + "description": "Alert rule ID", + "in": "path", + "name": "ruleId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "Settings": { + "description": "The setting", + "in": "body", + "name": "settings", + "required": true, + "schema": { + "$ref": "#/definitions/Settings" + }, + "x-ms-parameter-location": "method" + }, + "SettingsName": { + "description": "The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba", + "in": "path", + "name": "settingsName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SubscriptionId": { + "description": "Azure subscription ID", + "in": "path", + "name": "subscriptionId", + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", + "required": true, + "type": "string" + }, + "WorkspaceName": { + "description": "The name of the workspace.", + "in": "path", + "maxLength": 90, + "minLength": 1, + "name": "workspaceName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "WatchlistAlias": { + "description": "Watchlist Alias", + "in": "path", + "name": "watchlistAlias", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "Watchlist": { + "description": "The watchlist", + "in": "body", + "name": "watchlist", + "required": true, + "schema": { + "$ref": "#/definitions/Watchlist" + }, + "x-ms-parameter-location": "method" + }, + "WatchlistItem": { + "description": "The watchlist item", + "in": "body", + "name": "watchlistItem", + "required": true, + "schema": { + "$ref": "#/definitions/WatchlistItem" + }, + "x-ms-parameter-location": "method" + }, + "WatchlistItemId": { + "description": "Watchlist Item Id (GUID)", + "in": "path", + "name": "watchlistItemId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/ThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/ThreatIntelligence.json new file mode 100644 index 00000000..a860224c --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/ThreatIntelligence.json @@ -0,0 +1,1129 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2019-01-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator": { + "post": { + "x-ms-examples": { + "Create a new Threat Intelligence": { + "$ref": "./examples/threatintelligence/CreateThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Create a new threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_CreateIndicator", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceProperties" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to create indicators.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators": { + "get": { + "x-ms-examples": { + "Get all threat intelligence indicators": { + "$ref": "./examples/threatintelligence/GetThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Get all threat intelligence indicators.", + "operationId": "ThreatIntelligenceIndicators_List", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataFilter" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataOrderBy" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataTop" + }, + { + "$ref": "SecurityInsights.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformationList" + } + }, + "default": { + "description": "Error response describing why the operation failed to get indicators.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}": { + "get": { + "x-ms-examples": { + "View a threat intelligence indicator by name": { + "$ref": "./examples/threatintelligence/GetThreatIntelligenceById.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "View a threat intelligence indicator by name.", + "operationId": "ThreatIntelligenceIndicator_Get", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to view an indicator.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Update a threat Intelligence indicator": { + "$ref": "./examples/threatintelligence/UpdateThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Update a threat Intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_Create", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceProperties" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to update an indicator.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a threat intelligence indicator": { + "$ref": "./examples/threatintelligence/DeleteThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Delete a threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_Delete", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed to delete an indicator.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators": { + "post": { + "x-ms-examples": { + "Query threat intelligence indicators as per filtering criteria": { + "$ref": "./examples/threatintelligence/QueryThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Query threat intelligence indicators as per filtering criteria.", + "operationId": "ThreatIntelligenceIndicator_QueryIndicators", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceFilteringCriteria" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics": { + "get": { + "x-ms-examples": { + "Get threat intelligence indicators metrics.": { + "$ref": "./examples/threatintelligence/CollectThreatIntelligenceMetrics.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source).", + "operationId": "ThreatIntelligenceIndicatorMetrics_List", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceMetricsList" + } + }, + "default": { + "description": "Error response describing why the operation failed to get metrics.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags": { + "post": { + "x-ms-examples": { + "Append tags to a threat intelligence indicator": { + "$ref": "./examples/threatintelligence/AppendTagsThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Append tags to a threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_AppendTags", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceAppendTags" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed to append tags.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags": { + "post": { + "x-ms-examples": { + "Replace tags to a Threat Intelligence": { + "$ref": "./examples/threatintelligence/ReplaceTagsThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Replace tags added to a threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_ReplaceTags", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceReplaceTags" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to replace tags.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "ThreatIntelligenceName": { + "description": "Threat intelligence indicator name field.", + "in": "path", + "name": "name", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceProperties": { + "description": "Properties of threat intelligence indicators to create and update.", + "in": "body", + "name": "ThreatIntelligenceProperties", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorModelForRequestBody" + }, + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceReplaceTags": { + "description": "Tags in the threat intelligence indicator to be replaced.", + "in": "body", + "name": "ThreatIntelligenceReplaceTags", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorModelForRequestBody" + }, + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceFilteringCriteria": { + "description": "Filtering criteria for querying threat intelligence indicators.", + "in": "body", + "name": "ThreatIntelligenceFilteringCriteria", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceFilteringCriteria" + }, + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceIndicatorEntityKind": { + "description": "The threat intelligence entity kind", + "in": "query", + "name": "ctiEntityKind", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceAppendTags": { + "description": "The threat intelligence append tags request body", + "in": "body", + "name": "ThreatIntelligenceAppendTags", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceAppendTags" + }, + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "ThreatIntelligenceInformationList": { + "description": "List of all the threat intelligence information objects.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of information objects.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of threat intelligence information objects.", + "items": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "ThreatIntelligenceInformation": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/ResourceWithEtag" + }, + { + "$ref": "#/definitions/ThreatIntelligenceResourceKind" + } + ], + "description": "Threat intelligence information object.", + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "ThreatIntelligenceIndicatorModel": { + "allOf": [ + { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + ], + "description": "Threat intelligence indicator entity.", + "properties": { + "properties": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorProperties", + "description": "Threat Intelligence Entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "indicator" + }, + "ThreatIntelligenceIndicatorModelForRequestBody": { + "allOf": [ + { + "$ref": "#/definitions/ThreatIntelligenceResourceKind" + } + ], + "description": "Threat intelligence indicator entity used in request body.", + "properties": { + "etag": { + "description": "Etag of the azure resource", + "type": "string" + }, + "properties": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorProperties", + "description": "Threat Intelligence Entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "indicator" + }, + "ThreatIntelligenceResourceKind": { + "description": "Describes an entity with kind.", + "properties": { + "kind": { + "$ref": "#/definitions/ThreatIntelligenceResourceInnerKind", + "description": "The kind of the entity." + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "ThreatIntelligenceResourceInnerKind": { + "description": "The kind of the threat intelligence entity", + "enum": [ + "indicator" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ThreatIntelligenceResourceKind", + "values": [ + { + "description": "Entity represents threat intelligence indicator in the system.", + "value": "indicator" + } + ] + } + }, + "ThreatIntelligenceIndicatorProperties": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/EntityCommonProperties" + } + ], + "description": "Describes threat intelligence entity properties", + "properties": { + "threatIntelligenceTags": { + "description": "List of tags", + "items": { + "description": "tag", + "type": "string" + }, + "type": "array" + }, + "lastUpdatedTimeUtc": { + "description": "Last updated time in UTC", + "type": "string" + }, + "source": { + "description": "Source of a threat intelligence entity", + "type": "string" + }, + "displayName": { + "description": "Display name of a threat intelligence entity", + "type": "string" + }, + "description": { + "description": "Description of a threat intelligence entity", + "type": "string" + }, + "indicatorTypes": { + "description": "Indicator types of threat intelligence entities", + "items": { + "description": "Indicator type of a threat intelligence entity", + "type": "string" + }, + "type": "array" + }, + "pattern": { + "description": "Pattern of a threat intelligence entity", + "type": "string" + }, + "patternType": { + "description": "Pattern type of a threat intelligence entity", + "type": "string" + }, + "patternVersion": { + "description": "Pattern version of a threat intelligence entity", + "type": "string" + }, + "killChainPhases": { + "description": "Kill chain phases", + "items": { + "description": "Kill chain phase", + "$ref": "#/definitions/ThreatIntelligenceKillChainPhase" + }, + "type": "array" + }, + "parsedPattern": { + "description": "Parsed patterns", + "items": { + "description": "Parsed pattern", + "$ref": "#/definitions/ThreatIntelligenceParsedPattern" + }, + "type": "array" + }, + "externalId": { + "description": "External ID of threat intelligence entity", + "type": "string" + }, + "createdByRef": { + "description": "Created by reference of threat intelligence entity", + "type": "string" + }, + "defanged": { + "description": "Is threat intelligence entity defanged", + "type": "boolean" + }, + "externalLastUpdatedTimeUtc": { + "description": "External last updated time in UTC", + "type": "string" + }, + "externalReferences": { + "description": "External References", + "items": { + "description": "external_reference", + "$ref": "#/definitions/ThreatIntelligenceExternalReference" + }, + "type": "array" + }, + "granularMarkings": { + "description": "Granular Markings", + "items": { + "description": "Granular marking", + "$ref": "#/definitions/ThreatIntelligenceGranularMarkingModel" + }, + "type": "array" + }, + "labels": { + "description": "Labels of threat intelligence entity", + "items": { + "description": "label", + "type": "string" + }, + "type": "array" + }, + "revoked": { + "description": "Is threat intelligence entity revoked", + "type": "boolean" + }, + "confidence": { + "description": "Confidence of threat intelligence entity", + "type": "integer", + "format": "int32" + }, + "objectMarkingRefs": { + "description": "Threat intelligence entity object marking references", + "items": { + "description": "Threat intelligence entity object marking reference", + "type": "string" + }, + "type": "array" + }, + "language": { + "description": "Language of threat intelligence entity", + "type": "string" + }, + "threatTypes": { + "description": "Threat types", + "items": { + "description": "Threat type", + "type": "string" + }, + "type": "array" + }, + "validFrom": { + "description": "Valid from", + "type": "string" + }, + "validUntil": { + "description": "Valid until", + "type": "string" + }, + "created": { + "description": "Created by", + "type": "string" + }, + "modified": { + "description": "Modified by", + "type": "string" + }, + "extensions": { + "description": "Extensions map", + "type": "object", + "additionalProperties": {} + } + }, + "type": "object" + }, + "ThreatIntelligenceKillChainPhase": { + "description": "Describes threat kill chain phase entity", + "properties": { + "killChainName": { + "description": "Kill chainName name", + "type": "string" + }, + "phaseName": { + "description": "Phase name", + "type": "string" + } + }, + "type": "object" + }, + "ThreatIntelligenceParsedPattern": { + "description": "Describes parsed pattern entity", + "properties": { + "patternTypeKey": { + "description": "Pattern type key", + "type": "string" + }, + "patternTypeValues": { + "description": "Pattern type keys", + "items": { + "description": "Pattern type key", + "$ref": "#/definitions/ThreatIntelligenceParsedPatternTypeValue" + }, + "type": "array" + } + }, + "type": "object" + }, + "ThreatIntelligenceParsedPatternTypeValue": { + "description": "Describes threat kill chain phase entity", + "properties": { + "valueType": { + "description": "Type of the value", + "type": "string" + }, + "value": { + "description": "Value of parsed pattern", + "type": "string" + } + }, + "type": "object" + }, + "ThreatIntelligenceGranularMarkingModel": { + "description": "Describes threat granular marking model entity", + "properties": { + "language": { + "description": "Language granular marking model", + "type": "string" + }, + "markingRef": { + "description": "marking reference granular marking model", + "type": "integer", + "format": "int32" + }, + "selectors": { + "description": "granular marking model selectors", + "items": { + "description": "granular marking model selector", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "ThreatIntelligenceExternalReference": { + "description": "Describes external reference", + "properties": { + "description": { + "description": "External reference description", + "type": "string" + }, + "externalId": { + "description": "External reference ID", + "type": "string" + }, + "sourceName": { + "description": "External reference source name", + "type": "string" + }, + "url": { + "description": "External reference URL", + "type": "string" + }, + "hashes": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "External reference hashes" + } + }, + "type": "object" + }, + "ThreatIntelligenceFilteringCriteria": { + "description": "Filtering criteria for querying threat intelligence indicators.", + "properties": { + "pageSize": { + "description": "Page size", + "type": "integer", + "format": "int32" + }, + "minConfidence": { + "description": "Minimum confidence.", + "type": "integer", + "format": "int32" + }, + "maxConfidence": { + "description": "Maximum confidence.", + "type": "integer", + "format": "int32" + }, + "minValidUntil": { + "description": "Start time for ValidUntil filter.", + "type": "string" + }, + "maxValidUntil": { + "description": "End time for ValidUntil filter.", + "type": "string" + }, + "includeDisabled": { + "description": "Parameter to include/exclude disabled indicators.", + "type": "boolean" + }, + "sortBy": { + "description": "Columns to sort by and sorting order", + "items": { + "description": "Sort By", + "$ref": "#/definitions/ThreatIntelligenceSortingCriteria" + }, + "type": "array" + }, + "sources": { + "description": "Sources of threat intelligence indicators", + "items": { + "description": "Source", + "type": "string" + }, + "type": "array" + }, + "patternTypes": { + "description": "Pattern types", + "items": { + "description": "Pattern type", + "type": "string" + }, + "type": "array" + }, + "threatTypes": { + "description": "Threat types of threat intelligence indicators", + "items": { + "description": "Threat type of a threat intelligence indicator", + "type": "string" + }, + "type": "array" + }, + "ids": { + "description": "Ids of threat intelligence indicators", + "items": { + "description": "Id of a threat intelligence indicator", + "type": "string" + }, + "type": "array" + }, + "keywords": { + "description": "Keywords for searching threat intelligence indicators", + "items": { + "description": "keyword for searching threat intelligence indicators", + "type": "string" + }, + "type": "array" + }, + "skipToken": { + "description": "Skip token.", + "type": "string" + } + }, + "type": "object" + }, + "ThreatIntelligenceSortingCriteria": { + "description": "List of available columns for sorting", + "properties": { + "itemKey": { + "description": "Column name", + "type": "string" + }, + "sortOrder": { + "$ref": "#/definitions/ThreatIntelligenceSortingOrder", + "description": "Sorting order (ascending/descending/unsorted)." + } + }, + "type": "object" + }, + "ThreatIntelligenceSortingOrder": { + "description": "Sorting order (ascending/descending/unsorted).", + "enum": [ + "unsorted", + "ascending", + "descending" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ThreatIntelligenceSortingCriteria", + "values": [ + { + "value": "unsorted" + }, + { + "value": "ascending" + }, + { + "value": "descending" + } + ] + } + }, + "ThreatIntelligenceAppendTags": { + "description": "Array of tags to be appended to the threat intelligence indicator.", + "properties": { + "threatIntelligenceTags": { + "description": "List of tags to be appended.", + "items": { + "description": "parameter", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "ThreatIntelligenceMetricsList": { + "description": "List of all the threat intelligence metric fields (type/threat type/source).", + "properties": { + "value": { + "description": "Array of threat intelligence metric fields (type/threat type/source).", + "items": { + "$ref": "#/definitions/ThreatIntelligenceMetrics" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "ThreatIntelligenceMetrics": { + "description": "Threat intelligence metrics.", + "properties": { + "properties": { + "description": "Threat intelligence metrics.", + "$ref": "#/definitions/ThreatIntelligenceMetric" + } + } + }, + "ThreatIntelligenceMetric": { + "description": "Describes threat intelligence metric", + "properties": { + "lastUpdatedTimeUtc": { + "description": "Last updated indicator metric", + "type": "string" + }, + "threatTypeMetrics": { + "description": "Threat type metrics", + "items": { + "description": "parameter", + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "type": "array" + }, + "patternTypeMetrics": { + "description": "Pattern type metrics", + "items": { + "description": "parameter", + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "type": "array" + }, + "sourceMetrics": { + "description": "Source metrics", + "items": { + "description": "parameter", + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "ThreatIntelligenceMetricEntity": { + "description": "Describes threat intelligence metric entity", + "properties": { + "metricName": { + "description": "Metric name", + "type": "string" + }, + "metricValue": { + "description": "Metric value", + "type": "integer", + "format": "int32" + } + }, + "type": "object" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/CreateActionOfAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/CreateActionOfAlertRule.json new file mode 100644 index 00000000..b9646c9a --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/CreateActionOfAlertRule.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "action": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "triggerUri": "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/DeleteActionOfAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/DeleteActionOfAlertRule.json new file mode 100644 index 00000000..9bac7acf --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/DeleteActionOfAlertRule.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/GetActionOfAlertRuleById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/GetActionOfAlertRuleById.json new file mode 100644 index 00000000..d67ffd31 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/GetActionOfAlertRuleById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/GetAllActionsByAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/GetAllActionsByAlertRule.json new file mode 100644 index 00000000..25672aac --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/GetAllActionsByAlertRule.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/aggregations/GetCasesAggregations.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/aggregations/GetCasesAggregations.json new file mode 100644 index 00000000..da5cf61e --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/aggregations/GetCasesAggregations.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "aggregationsName": "Cases" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/aggregations/Cases", + "name": "Cases", + "type": "Microsoft.SecurityInsights/aggregations", + "kind": "CasesAggregation", + "properties": { + "aggregationBySeverity": { + "totalCriticalSeverity": 13, + "totalHighSeverity": 14, + "totalMediumSeverity": 4, + "totalLowSeverity": 15, + "totalInformationalSeverity": 26 + }, + "aggregationByStatus": { + "totalNewStatus": 42, + "totalInProgressStatus": 30, + "totalResolvedStatus": 2, + "totalDismissedStatus": 1, + "totalTruePositiveStatus": 7, + "totalFalsePositiveStatus": 0 + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json new file mode 100644 index 00000000..02e76a6e --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "alertRuleTemplateId": "65360bb0-8986-4ade-a89d-af3cf44d28aa" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Scheduled", + "properties": { + "severity": "Low", + "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", + "queryFrequency": "P1D", + "queryPeriod": "P1D", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "displayName": "Changes to Amazon VPC settings", + "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "tactics": [ + "PrivilegeEscalation", + "LateralMovement" + ], + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "createdDateUTC": "2019-02-27T00:00:00Z", + "status": "Available", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "alertRulesCreatedByTemplateCount": 0 + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json new file mode 100644 index 00000000..060fabfb --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json @@ -0,0 +1,85 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Scheduled", + "properties": { + "severity": "Low", + "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", + "queryFrequency": "P1D", + "queryPeriod": "P1D", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "displayName": "Changes to Amazon VPC settings", + "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", + "tactics": [ + "PrivilegeEscalation", + "LateralMovement" + ], + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "createdDateUTC": "2019-02-27T00:00:00Z", + "status": "Available", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "alertRulesCreatedByTemplateCount": 0 + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/f71aba3d-28fb-450b-b192-4e76a83015c8", + "name": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Place holder: Fusion uses graph powered machine learning algorithms to correlate between millions of lower fidelity anomalous activities from different products such as Azure AD Identity Protection, and Microsoft Cloud App Security, to combine them into a manageable number of interesting security cases.\n", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "createdDateUTC": "2019-07-25T00:00:00Z", + "status": "Available", + "severity": "High", + "alertRulesCreatedByTemplateCount": 0 + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/b3cfc7c0-092c-481c-a55b-34a3979758cb", + "name": "b3cfc7c0-092c-481c-a55b-34a3979758cb", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "displayName": "Create incidents based on Microsoft Cloud App Security alerts", + "description": "Create incidents based on all alerts generated in Microsoft Cloud App Security", + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "createdDateUTC": "2019-07-16T00:00:00Z", + "status": "Available", + "alertRulesCreatedByTemplateCount": 0 + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateFusionAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateFusionAlertRule.json new file mode 100644 index 00000000..2c9605f9 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateFusionAlertRule.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "myFirstFusionRule", + "alertRule": { + "kind": "Fusion", + "etag": "3d00c3ca-0000-0100-0000-5d42d5010000", + "properties": { + "enabled": true, + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json new file mode 100644 index 00000000..0d0009cb --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "microsoftSecurityIncidentCreationRuleExample", + "alertRule": { + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "displayName": "testing displayname", + "enabled": true + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateScheduledAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateScheduledAlertRule.json new file mode 100644 index 00000000..153980fd --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateScheduledAlertRule.json @@ -0,0 +1,134 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "alertRule": { + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "entitiesMatchingMethod": "Custom", + "groupByEntities": [ + "Host", + "Account" + ] + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "entitiesMatchingMethod": "Custom", + "groupByEntities": [ + "Host", + "Account" + ] + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "entitiesMatchingMethod": "Custom", + "groupByEntities": [ + "Host", + "Account" + ] + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/DeleteAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/DeleteAlertRule.json new file mode 100644 index 00000000..45ff1c95 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/DeleteAlertRule.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetAllAlertRules.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetAllAlertRules.json new file mode 100644 index 00000000..d88a4ee5 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetAllAlertRules.json @@ -0,0 +1,97 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "entitiesMatchingMethod": "Custom", + "groupByEntities": [ + "Host", + "Account" + ] + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"25005c11-0000-0d00-0000-5d6cc0e20000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "severity": "High", + "enabled": false, + "lastModifiedUtc": "2019-09-02T07:12:34.9065092Z" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetFusionAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetFusionAlertRule.json new file mode 100644 index 00000000..f5020610 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetFusionAlertRule.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "myFirstFusionRule" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json new file mode 100644 index 00000000..39470e16 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "microsoftSecurityIncidentCreationRuleExample" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetScheduledAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetScheduledAlertRule.json new file mode 100644 index 00000000..bb101e34 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetScheduledAlertRule.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "entitiesMatchingMethod": "Custom", + "groupByEntities": [ + "Host", + "Account" + ] + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/CreateAutomationRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/CreateAutomationRule.json new file mode 100644 index 00000000..a792af5d --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/CreateAutomationRule.json @@ -0,0 +1,176 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "automationRule": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "order": 1, + "displayName": "High severity incidents escalation", + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "ModifyProperties", + "actionConfiguration": { + "severity": "High" + } + }, + { + "order": 2, + "actionType": "RunPlaybook", + "actionConfiguration": { + "tenantId": "ee48efaf-50c6-411b-9345-b2bdc3eb4abc", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook" + } + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "properties": { + "order": 1, + "displayName": "High severity incidents escalation", + "createdTimeUtc": "2019-01-01T13:00:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + }, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "ModifyProperties", + "actionConfiguration": { + "severity": "High" + } + }, + { + "order": 2, + "actionType": "RunPlaybook", + "actionConfiguration": { + "tenantId": "ee48efaf-50c6-411b-9345-b2bdc3eb4abc", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook" + } + } + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "properties": { + "order": 1, + "displayName": "High severity incidents escalation", + "createdTimeUtc": "2019-01-01T13:00:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + }, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "ModifyProperties", + "actionConfiguration": { + "severity": "High" + } + }, + { + "order": 2, + "actionType": "RunPlaybook", + "actionConfiguration": { + "tenantId": "ee48efaf-50c6-411b-9345-b2bdc3eb4abc", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook" + } + } + ] + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/DeleteAutomationRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/DeleteAutomationRule.json new file mode 100644 index 00000000..76eebc5d --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/DeleteAutomationRule.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/GetAllAutomationRules.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/GetAllAutomationRules.json new file mode 100644 index 00000000..2cd33d57 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/GetAllAutomationRules.json @@ -0,0 +1,69 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "$top": 1 + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/automationRules", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "order": 1, + "displayName": "High severity incidents escalation", + "createdTimeUtc": "2019-01-01T13:00:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + }, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "ModifyProperties", + "actionConfiguration": { + "severity": "High" + } + } + ] + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/GetAutomationRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/GetAutomationRule.json new file mode 100644 index 00000000..cc077509 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/GetAutomationRule.json @@ -0,0 +1,76 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "order": 1, + "displayName": "High severity incidents escalation", + "createdTimeUtc": "2019-01-01T13:00:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + }, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentTitle", + "operator": "Contains", + "propertyValues": [ + "logon failure" + ] + } + }, + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "HostName", + "operator": "Equals", + "propertyValues": [ + "TestVM" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "ModifyProperties", + "actionConfiguration": { + "status": "Closed", + "classification": "BenignPositive", + "classificationReason": "SuspiciousButExpected" + } + } + ] + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/CreateBookmark.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/CreateBookmark.json new file mode 100644 index 00000000..e0735815 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/CreateBookmark.json @@ -0,0 +1,93 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "bookmark": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "updated": "2019-01-01T13:15:30Z", + "created": "2019-01-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2019-01-01T13:15:30Z", + "created": "2019-01-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2019-01-01T13:15:30Z", + "created": "2019-01-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/DeleteBookmark.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/DeleteBookmark.json new file mode 100644 index 00000000..75aa6ebd --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/DeleteBookmark.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/GetBookmarkById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/GetBookmarkById.json new file mode 100644 index 00000000..2d9829a9 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/GetBookmarkById.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2019-01-01T13:15:30Z", + "created": "2019-01-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "incidentInfo": { + "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", + "severity": "Low", + "title": "New case 1", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018" + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/GetBookmarks.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/GetBookmarks.json new file mode 100644 index 00000000..83b3911c --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/GetBookmarks.json @@ -0,0 +1,51 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2019-01-01T13:15:30Z", + "created": "2019-01-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "incidentInfo": { + "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", + "severity": "Low", + "title": "New case 1", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018" + } + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/expand/PostExpandBookmark.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/expand/PostExpandBookmark.json new file mode 100644 index 00000000..6db0bd92 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/expand/PostExpandBookmark.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "parameters": { + "expansionId": "27f76e63-c41b-480f-bb18-12ad2e011d49", + "startTime": "2019-12-25T17:21:00.000Z", + "endTime": "2020-01-24T17:21:00.000Z" + } + }, + "responses": { + "200": { + "body": { + "value": { + "entities": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/fe4ddab5-8cea-eca3-c8b8-9e92e830a387", + "name": "fe4ddab5-8cea-eca3-c8b8-9e92e830a387", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Account", + "properties": { + "friendlyName": "administrator", + "accountName": "administrator", + "ntDomain": "domain" + } + } + ] + }, + "metaData": { + "aggregations": [ + { + "entityKind": "Account", + "count": 1 + } + ] + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json new file mode 100644 index 00000000..66174191 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "relation": { + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json new file mode 100644 index 00000000..0a4bc219 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json new file mode 100644 index 00000000..edd5062c --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json new file mode 100644 index 00000000..c02146c3 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/CreateCase.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/CreateCase.json new file mode 100644 index 00000000..3a22fdc9 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/CreateCase.json @@ -0,0 +1,97 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "caseId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "case": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "endTimeUtc": "2019-01-01T13:05:30Z", + "startTimeUtc": "2019-01-01T13:00:30Z", + "labels": [ + "Tag1", + "Tag2" + ], + "description": "This is a demo case", + "title": "My case", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "severity": "High", + "closeReason": "Resolved", + "status": "Closed" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/cases", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "lastUpdatedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "endTimeUtc": "2019-01-01T13:05:30Z", + "startTimeUtc": "2019-01-01T13:00:30Z", + "labels": [ + "Tag1", + "Tag2" + ], + "description": "This is a demo case", + "title": "My case", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "severity": "High", + "closeReason": "Resolved", + "status": "Closed", + "relatedAlertIds": [ + "cf441808-2d50-4c10-81af-cdd0b908c121" + ], + "tactics": [], + "caseNumber": 3177 + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/cases", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "lastUpdatedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "endTimeUtc": "2019-01-01T13:05:30Z", + "startTimeUtc": "2019-01-01T13:00:30Z", + "labels": [ + "Tag1", + "Tag2" + ], + "description": "This is a demo case", + "title": "My case", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "severity": "High", + "closeReason": "Resolved", + "status": "Closed", + "relatedAlertIds": [ + "cf441808-2d50-4c10-81af-cdd0b908c121" + ], + "tactics": [], + "caseNumber": 3177 + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/DeleteCase.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/DeleteCase.json new file mode 100644 index 00000000..90581fc8 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/DeleteCase.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "caseId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCaseById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCaseById.json new file mode 100644 index 00000000..7e290b8e --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCaseById.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "caseId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/cases", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "lastUpdatedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "endTimeUtc": "2019-01-01T13:05:30Z", + "startTimeUtc": "2019-01-01T13:00:30Z", + "labels": [ + "Tag1", + "Tag2" + ], + "description": "This is a demo case", + "title": "My case", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "severity": "High", + "closeReason": "Resolved", + "status": "Closed", + "closedReasonText": "case resolved", + "relatedAlertIds": [ + "cf441808-2d50-4c10-81af-cdd0b908c121" + ], + "relatedAlertProductNames": [ + "Azure Sentinel" + ], + "tactics": [ + "InitialAccess", + "Persistence" + ], + "caseNumber": 3177, + "lastComment": "This is a demo case", + "totalComments": 3, + "metrics": { + "SecurityAlert": 1 + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCases.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCases.json new file mode 100644 index 00000000..be30141c --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCases.json @@ -0,0 +1,62 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "$orderby": "properties/createdTimeUtc desc", + "$top": 1 + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/cases", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "lastUpdatedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "endTimeUtc": "2019-01-01T13:05:30Z", + "startTimeUtc": "2019-01-01T13:00:30Z", + "labels": [ + "Tag1", + "Tag2" + ], + "description": "This is a demo case", + "title": "My case", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "severity": "High", + "closeReason": "Resolved", + "status": "Closed", + "closedReasonText": "case resolved", + "relatedAlertIds": [ + "cf441808-2d50-4c10-81af-cdd0b908c121" + ], + "relatedAlertProductNames": [ + "Azure Sentinel" + ], + "tactics": [ + "InitialAccess", + "Persistence" + ], + "caseNumber": 3177, + "lastComment": "This is a demo case", + "totalComments": 3, + "metrics": { + "SecurityAlert": 1 + } + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/CreateCaseComment.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/CreateCaseComment.json new file mode 100644 index 00000000..345e3eb6 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/CreateCaseComment.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "caseId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "caseCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "caseComment": { + "properties": { + "message": "Some message" + } + } + }, + "responses": { + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/cases/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "userInfo": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetAllCaseComments.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetAllCaseComments.json new file mode 100644 index 00000000..9ca262b1 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetAllCaseComments.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "caseId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/cases/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "userInfo": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + } + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetCaseCommentById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetCaseCommentById.json new file mode 100644 index 00000000..72aefbb0 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetCaseCommentById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "caseId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "caseCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/cases/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "userInfo": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/CreateCaseRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/CreateCaseRelation.json new file mode 100644 index 00000000..73a38c85 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/CreateCaseRelation.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "caseId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "relationInputModel": { + "properties": { + "sourceRelationNode": { + "relationNodeId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "targetRelationNode": { + "relationNodeId": "2216d0e1-91e3-4902-89fd-d2df8c535096" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/cases/relations", + "kind": "CasesToBookmarks", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "caseIdentifier": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "bookmarkName": "Test bookmark", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/cases/relations", + "kind": "CasesToBookmarks", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "caseIdentifier": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "bookmarkName": "Test bookmark", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/DeleteCaseRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/DeleteCaseRelation.json new file mode 100644 index 00000000..f2c639b8 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/DeleteCaseRelation.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "caseId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/GetAllCaseRelations.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/GetAllCaseRelations.json new file mode 100644 index 00000000..eeb5656e --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/GetAllCaseRelations.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "caseId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/cases/relations", + "kind": "CasesToBookmarks", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "caseIdentifier": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "bookmarkName": "Test bookmark", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/GetCaseRelationByName.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/GetCaseRelationByName.json new file mode 100644 index 00000000..94f60b00 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/GetCaseRelationByName.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "caseId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/cases/relations", + "kind": "CasesToBookmarks", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "caseIdentifier": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "bookmarkName": "Test bookmark", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json new file mode 100644 index 00000000..8c1b4a54 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "DataConnectorsCheckRequirements": { + "kind": "AzureActiveDirectory", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json new file mode 100644 index 00000000..8c1b4a54 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "DataConnectorsCheckRequirements": { + "kind": "AzureActiveDirectory", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json new file mode 100644 index 00000000..8c1b4a54 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "DataConnectorsCheckRequirements": { + "kind": "AzureActiveDirectory", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json new file mode 100644 index 00000000..782af2f9 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "DataConnectorsCheckRequirements": { + "kind": "AzureSecurityCenter", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json new file mode 100644 index 00000000..090e4b5b --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "DataConnectorsCheckRequirements": { + "kind": "Dynamics365", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json new file mode 100644 index 00000000..f404ff1c --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftCloudAppSecurity", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json new file mode 100644 index 00000000..f404ff1c --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftCloudAppSecurity", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json new file mode 100644 index 00000000..9f419962 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftThreatIntelligence", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json new file mode 100644 index 00000000..b90142f4 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftThreatProtection", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json new file mode 100644 index 00000000..d84f4b55 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "DataConnectorsCheckRequirements": { + "kind": "OfficeATP", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json new file mode 100644 index 00000000..d862f472 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "DataConnectorsCheckRequirements": { + "kind": "ThreatIntelligence", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json new file mode 100644 index 00000000..662be278 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "DataConnectorsCheckRequirements": { + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json new file mode 100644 index 00000000..5ffa8d38 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "dataConnector": { + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json new file mode 100644 index 00000000..dd359736 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json @@ -0,0 +1,76 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json new file mode 100644 index 00000000..ae4f0133 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "ThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json new file mode 100644 index 00000000..923b7bbf --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json @@ -0,0 +1,82 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "collectionId": "135", + "workspaceId": "dd124572-4962-4495-9bd2-9dade12314b4", + "friendlyName": "testTaxii", + "userName": "--", + "password": "--", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "collectionId": "135", + "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871", + "friendlyName": "testTaxii", + "userName": null, + "password": null, + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "collectionId": "135", + "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871", + "friendlyName": "testTaxii", + "userName": null, + "password": null, + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json new file mode 100644 index 00000000..e226cb41 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json new file mode 100644 index 00000000..9d15d53a --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json new file mode 100644 index 00000000..9d43733d --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureActiveDirectory", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json new file mode 100644 index 00000000..642d47eb --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "07e42cb3-e658-4e90-801c-efa0f29d3d44" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json new file mode 100644 index 00000000..77fa2804 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureSecurityCenter", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDataConnectors.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDataConnectors.json new file mode 100644 index 00000000..9c253b18 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDataConnectors.json @@ -0,0 +1,198 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureSecurityCenter", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "name": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligenceTaxii", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "workspaceId": "8b014a77-4695-4ef4-96bb-6623afb121a2", + "friendlyName": "My TI Taxii Connector", + "taxiiServer": "https://mytaxiiserver.com/taxiing/v2/api", + "collectionId": "e0b1f32d-1188-48f7-a7a3-de71924e4b5e", + "userName": "", + "password": "", + "pollingFrequency": "OnceAMinute", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureActiveDirectory", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftCloudAppSecurity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficeATP", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json new file mode 100644 index 00000000..e715758c --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json new file mode 100644 index 00000000..b95ac0e2 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "b96d014d-b5c2-4a01-9aba-a8058f629d42" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftCloudAppSecurity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json new file mode 100644 index 00000000..699853dd --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json new file mode 100644 index 00000000..f459ef93 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "bingSafetyPhishingURL": { + "state": "Enabled", + "lookbackPeriod": "example ??" + }, + "microsoftEmergingThreatFeed": { + "state": "Enabled", + "lookbackPeriod": "example" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json new file mode 100644 index 00000000..ffcc45f3 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "incidents": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json new file mode 100644 index 00000000..cf6f4020 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "3d3e955e-33eb-401d-89a7-251c81ddd660" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficeATP", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json new file mode 100644 index 00000000..d7b7b59d --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json new file mode 100644 index 00000000..48c7ef9d --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json new file mode 100644 index 00000000..5408280f --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "c39bb458-02a7-4b3f-b0c8-71a1d2692652" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "name": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligenceTaxii", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "workspaceId": "8b014a77-4695-4ef4-96bb-6623afb121a2", + "friendlyName": "My TI Taxii Connector", + "taxiiServer": "https://mytaxiiserver.com/taxiing/v2/api", + "collectionId": "e0b1f32d-1188-48f7-a7a3-de71924e4b5e", + "userName": "", + "password": "", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json new file mode 100644 index 00000000..a351f5e1 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "ipAddress": "1.2.3.4" + }, + "responses": { + "200": { + "body": { + "asn": "12345", + "carrier": "Microsoft", + "city": "Redmond", + "cityCf": 90, + "continent": "north america", + "country": "united states", + "countryCf": 99, + "ipAddr": "1.2.3.4", + "ipRoutingType": "fixed", + "latitude": "40.2436", + "longitude": "-100.8891", + "organization": "Microsoft", + "organizationType": "tech", + "region": "western usa", + "state": "washington", + "stateCf": null, + "stateCode": "wa" + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json new file mode 100644 index 00000000..446f5f05 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json @@ -0,0 +1,87 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "domain": "microsoft.com" + }, + "responses": { + "200": { + "body": { + "domain": "microsoft.com", + "server": null, + "created": "2021-02-25T16:15:01.187045Z", + "updated": "2021-02-25T16:15:01.187045Z", + "expires": null, + "parsedWhois": { + "registrar": { + "name": "MarkMonitor, Inc", + "abuseContactPhone": "12083895770", + "abuseContactEmail": "abuse@microsoft.com", + "url": "http://www.markmonitor.com", + "whoisServer": "whois.markmonitor.com" + }, + "contacts": { + "admin": { + "name": "Administrator", + "org": "Microsoft", + "street": [ + "One Microsoft Way" + ], + "city": null, + "state": "WA", + "postal": "98052", + "country": "United States", + "phone": "1-800-555-1234", + "fax": null, + "email": "mail@microsoft.com" + }, + "registrant": null, + "billing": { + "name": "Administrator", + "org": "Microsoft", + "street": [ + "One Microsoft Way" + ], + "city": null, + "state": "WA", + "postal": "98052", + "country": "United States", + "phone": "1-800-555-1234", + "fax": null, + "email": "mail@microsoft.com" + }, + "tech": { + "name": "Administrator", + "org": "Microsoft", + "street": [ + "One Microsoft Way" + ], + "city": null, + "state": "WA", + "postal": "98052", + "country": "United States", + "phone": "1-800-555-1234", + "fax": null, + "email": "mail@microsoft.com" + } + }, + "nameServers": [ + "ns1-205.azure-dns.com", + "ns2-205.azure-dns.net", + "ns3-205.azure-dns.org", + "ns4-205.azure-dns.info" + ], + "statuses": [ + "clientUpdateProhibited", + "clientTransferProhibited", + "clientDeleteProhibited", + "serverUpdateProhibited", + "serverTransferProhibited", + "serverDeleteProhibited" + ] + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAccountEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAccountEntityById.json new file mode 100644 index 00000000..540c3e71 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAccountEntityById.json @@ -0,0 +1,33 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Account", + "properties": { + "friendlyName": "administrator", + "accountName": "administrator", + "ntDomain": "domain", + "upnSuffix": "contoso", + "sid": "S-1-5-18", + "aadTenantId": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "aadUserId": "f7033626-2572-46b1-bba0-06646f4f95b3", + "puid": "ee3cb2d8-14ba-45ef-8009-d6f1cacfa04d", + "isDomainJoined": true, + "objectGuid": "11227b78-3c6e-436e-a2a2-02fc7662eca0", + "dnsDomain": "contoso.com" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAzureResourceEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAzureResourceEntityById.json new file mode 100644 index 00000000..942132f4 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAzureResourceEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "AzureResource", + "properties": { + "friendlyName": "vm1", + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetCloudApplicationEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetCloudApplicationEntityById.json new file mode 100644 index 00000000..4e1145c9 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetCloudApplicationEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "CloudApplication", + "properties": { + "friendlyName": "AppName", + "appId": 1, + "appName": "AppName", + "instanceName": "InstanceName" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetDnsEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetDnsEntityById.json new file mode 100644 index 00000000..aafd2be9 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetDnsEntityById.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "f4e74920-f2c0-4412-a45f-66d94fdf01f8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/f4e74920-f2c0-4412-a45f-66d94fdf01f8", + "name": "f4e74920-f2c0-4412-a45f-66d94fdf01f8", + "type": "Microsoft.SecurityInsights/entities", + "kind": "DnsResolution", + "properties": { + "friendlyName": "domain", + "domainName": "domain", + "ipAddressEntityIds": [ + "475d3120-33e0-4841-9f1c-a8f15a801d19" + ] + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetEntities.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetEntities.json new file mode 100644 index 00000000..8056f72d --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetEntities.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Account", + "properties": { + "friendlyName": "administrator", + "accountName": "administrator", + "ntDomain": "domain", + "upnSuffix": "contoso", + "sid": "S-1-5-18", + "aadTenantId": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "aadUserId": "f7033626-2572-46b1-bba0-06646f4f95b3", + "puid": "ee3cb2d8-14ba-45ef-8009-d6f1cacfa04d", + "isDomainJoined": true, + "objectGuid": "11227b78-3c6e-436e-a2a2-02fc7662eca0" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/fed9fe89-dce8-40f2-bf44-70f23fe93b3c", + "name": "fed9fe89-dce8-40f2-bf44-70f23fe93b3c", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Host", + "properties": { + "friendlyName": "vm1", + "dnsDomain": "contoso", + "ntDomain": "domain", + "hostName": "vm1", + "netBiosName": "contoso", + "azureID": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", + "omsAgentID": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "osFamily": "Windows", + "osVersion": "1.0", + "isDomainJoined": true + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", + "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "type": "Microsoft.SecurityInsights/entities", + "kind": "File", + "properties": { + "friendlyName": "cmd.exe", + "directory": "C:\\Windows\\System32", + "fileName": "cmd.exe" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetFileEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetFileEntityById.json new file mode 100644 index 00000000..c9bd988f --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetFileEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "af378b21-b4aa-4fe7-bc70-13f8621a322f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", + "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "type": "Microsoft.SecurityInsights/entities", + "kind": "File", + "properties": { + "friendlyName": "cmd.exe", + "directory": "C:\\Windows\\System32", + "fileName": "cmd.exe" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetFileHashEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetFileHashEntityById.json new file mode 100644 index 00000000..7ca192c6 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetFileHashEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "ea359fa6-c1e5-f878-e105-6344f3e399a1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/ea359fa6-c1e5-f878-e105-6344f3e399a1", + "name": "ea359fa6-c1e5-f878-e105-6344f3e399a1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "FileHash", + "properties": { + "friendlyName": "E923636F1093C414AAB39F846E9D7A372BEEFA7B628B28179197E539C56AA0F0(SHA256)", + "hashValue": "E923636F1093C414AAB39F846E9D7A372BEEFA7B628B28179197E539C56AA0F0", + "algorithm": "SHA256" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetHostEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetHostEntityById.json new file mode 100644 index 00000000..9a958340 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetHostEntityById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Host", + "properties": { + "friendlyName": "vm1", + "dnsDomain": "contoso", + "ntDomain": "domain", + "hostName": "vm1", + "netBiosName": "contoso", + "azureID": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", + "omsAgentID": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "osFamily": "Windows", + "osVersion": "1.0", + "isDomainJoined": true + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIoTDeviceEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIoTDeviceEntityById.json new file mode 100644 index 00000000..d906f228 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIoTDeviceEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "IoTDevice", + "properties": { + "friendlyName": "device1", + "deviceId": "device1", + "iotHubEntityId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/8b2d9401-f953-e89d-2583-be9b4975870c" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIpEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIpEntityById.json new file mode 100644 index 00000000..48dbbc12 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIpEntityById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Ip", + "properties": { + "friendlyName": "10.3.2.8", + "address": "10.3.2.8" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailClusterEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailClusterEntityById.json new file mode 100644 index 00000000..5c2c5e81 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailClusterEntityById.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "MailCluster", + "properties": { + "friendlyName": "ClusterSourceIdentifier", + "networkMessageIds": [ + "ccfce855-e02f-491b-a1cc-5bafb371ad0c" + ], + "countByDeliveryStatus": { + "deliveryStatus": 5 + }, + "countByThreatType": { + "threatType": 6 + }, + "countByProtectionStatus": { + "protectionStatus": 65 + }, + "threats": [ + "thrreat1", + "thread2" + ], + "query": "kqlFilter", + "queryTime": "2019-06-05T01:42:01.6026755Z", + "source": "ClusterSourceIdentifier", + "clusterSourceIdentifier": "cluster source identifier", + "clusterSourceType": "Similarity", + "clusterGroup": "cluster group" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailMessageEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailMessageEntityById.json new file mode 100644 index 00000000..d0ed8f49 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailMessageEntityById.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "MailMessage", + "properties": { + "friendlyName": "cmd.exe", + "fileEntityIds": [ + "ccfce855-e02f-491b-a1cc-5bafb371ad0c" + ], + "recipient": "recipient", + "urls": [ + "http://moqbrarcwmnk.banxhdcojlg.biz" + ], + "threats": [ + "thrreat1", + "thread2" + ], + "p1Sender": "email@fake.com", + "p1SenderDisplayName": "p1 sender display name", + "p1SenderDomain": "p1 sender domain", + "senderIP": "1.23.34.43", + "p2Sender": "the sender", + "deliveryAction": "Blocked", + "p2SenderDisplayName": "p2 sender display name", + "p2SenderDomain": "p2 Sender Domain", + "internetMessageId": "message id", + "subject": "subject", + "language": "language", + "threatDetectionMethods": [ + "thrreat1", + "thread2" + ] + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailboxEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailboxEntityById.json new file mode 100644 index 00000000..402117b1 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailboxEntityById.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Mailbox", + "properties": { + "friendlyName": "emailAddress1", + "displayName": "display name", + "mailboxPrimaryAddress": "emailAddress1", + "upn": "upn1", + "externalDirectoryObjectId": "18cc8fdc-e169-4451-983a-bd027db286eb" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMalwareEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMalwareEntityById.json new file mode 100644 index 00000000..95b24ec7 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMalwareEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "af378b21-b4aa-4fe7-bc70-13f8621a322f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", + "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Malware", + "properties": { + "malwareName": "Win32/Toga!rfn", + "category": "Trojan", + "friendlyName": "Win32/Toga!rfn" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetProcessEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetProcessEntityById.json new file mode 100644 index 00000000..911d28f6 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetProcessEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "7264685c-038c-42c6-948c-38e14ef1fb98" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/7264685c-038c-42c6-948c-38e14ef1fb98", + "name": "7264685c-038c-42c6-948c-38e14ef1fb98", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Process", + "properties": { + "friendlyName": "cmd.exe", + "processId": "0x2aa48", + "commandLine": "\"cmd\"", + "imageFileEntityId": "bba7b47b-c1c1-4021-b568-5b07b9292f5e" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetQueries.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetQueries.json new file mode 100644 index 00000000..29b22c51 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetQueries.json @@ -0,0 +1,457 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Insight" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/6db7f5d1-f41e-46c2-b935-230b36a569e6", + "name": "6db7f5d1-f41e-46c2-b935-230b36a569e6", + "type": "Microsoft.SecurityInsights/entities/queries", + "kind": "Insight", + "properties": { + "displayName": "Actions on account", + "description": "Summary of actions taken on the specified account, grouped by action: password resets and changes, account lockouts (policy or admin), account creation and deletion, account enabled and disabled\n", + "baseQuery": "let GetAccountActions = (v_Account_Name:string, v_Account_NTDomain:string, v_Account_UPNSuffix:string, v_Account_AADUserId:string, v_Account_SID:string){\nAuditLogs\n| where OperationName in~ ('Delete user', 'Change user password', 'Reset user password', 'Change password (self-service)', 'Reset password (by admin)', 'Reset password (self-service)', 'Update user')\n| extend UserPrincipalName = tostring(TargetResources[0].userPrincipalName)\n| extend Account_Name = tostring(split(UserPrincipalName, '@')[0])\n| extend Account_UPNSuffix = tostring(split(UserPrincipalName, '@')[1])\n| extend Action = tostring(parse_json(tostring(parse_json(tostring(TargetResources[0].modifiedProperties))[0])))\n| extend ModifiedProperty = parse_json(Action).displayName\n| extend ModifiedValue = parse_json(Action).newValue\n| extend Account_AADUserId = tostring(TargetResources[0].id)\n| extend DisableUser = iif(ModifiedProperty =~ 'AccountEnabled' and ModifiedValue =~ '[false]', 'True', 'False')\n| union isfuzzy=true (\nSecurityEvent\n| where EventID in (4720, 4722, 4723, 4724, 4725, 4726, 4740)\n| extend OperationName = tostring(EventID)\n| where AccountType =~ \"user\" or isempty(AccountType)\n| extend Account_Name = TargetUserName, Account_NTDomain = TargetDomainName, Account_SID = TargetSid\n)\n| where (Account_Name =~ v_Account_Name and (Account_UPNSuffix =~ v_Account_UPNSuffix or Account_NTDomain =~ v_Account_NTDomain)) or Account_AADUserId =~ v_Account_AADUserId or Account_SID =~ v_Account_SID\n};\nGetAccountActions('CTFFUser4', '', 'seccxp.ninja', '', '')\n", + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Action", + "outputType": "String", + "supportDeepLink": false + }, + { + "header": "Most Recent", + "outputType": "Date", + "supportDeepLink": false + }, + { + "header": "Count", + "outputType": "Number", + "supportDeepLink": true + } + ], + "queriesDefinitions": [ + { + "filter": "where OperationName in~ ('Change user password', 'Reset user password', 'Change password (self-service)', 'Reset password (by admin)', 'Reset password (self-service)', '4724', '4723')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('Blocked from self-service password reset', '4740')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName == '4725' or (OperationName =~ 'Update user' and DisableUser =~ 'True')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('Add user', '4720')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('Delete user', '4726')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('4725', 'Blocked from self-service password reset', '4740') or (OperationName =~ 'Update user' and DisableUser =~ 'True')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('4722', '4767') or (OperationName =~ 'Update user' and DisableUser =~ 'False')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('Update user','4738')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + } + ] + }, + "chartQuery": { + "title": "Actions by type", + "dataSets": [ + { + "query": "summarize Count = count() by bin(TimeGenerated, 1h), OperationName", + "xColumnName": "TimeGenerated", + "yColumnName": "Count", + "legendColumnName": "OperationName" + } + ], + "type": "BarChart" + }, + "additionalQuery": { + "text": "See all account activity", + "query": "project TimeGenerated, UserPrincipalName, Account_Name, OperationName, Activity, DisableUser, TargetSid, AADUserId, InitiatedBy, AADTenantId, AccountType, Computer, SubjectAccount, SubjectUserSid, EventData" + }, + "defaultTimeRange": { + "beforeRange": "12h", + "afterRange": "12h" + }, + "referenceTimeRange": null, + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ], + "inputEntityType": "Account", + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_NTDomain" + ], + [ + "Account_Name", + "Account_UPNSuffix" + ], + [ + "Account_AADUserId" + ], + [ + "Account_SID" + ] + ], + "entitiesFilter": {} + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/0a5d7b14-b485-450a-a0ac-4100c860ac32", + "name": "0a5d7b14-b485-450a-a0ac-4100c860ac32", + "type": "Microsoft.SecurityInsights/entities/queries", + "kind": "Insight", + "properties": { + "displayName": "Anomalously high office operation count", + "description": "Highlight office operations of the user with anomalously high count compared to those observed in the preceding 14 days.", + "baseQuery": "let AScoreThresh = 3; \nlet maxAnomalies = 3;\nlet BeforeRange = 12d; \nlet EndTime = todatetime('{{EndTimeUTC}}'); \nlet StartTime = todatetime('{{StartTimeUTC}}');\nlet numDays = tolong((EndTime-StartTime)/1d); \nlet userData = (v_Account_Name:string, v_Account_UPNSuffix:string) { \n OfficeActivity \n | extend splitUserId=split(UserId, '@')\n | extend Account_Name = tostring(splitUserId[0]), Account_UPNSuffix = tostring(splitUserId[1])\n | where Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix }; \nuserData('CTFFUser4', 'seccxp.ninja')\n", + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Operation", + "outputType": "String", + "supportDeepLink": true + }, + { + "header": "Expected Count", + "outputType": "Number", + "supportDeepLink": false + }, + { + "header": "Actual Count", + "outputType": "Number", + "supportDeepLink": false + } + ], + "queriesDefinitions": [ + { + "filter": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost=maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore-maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc\n", + "summarize": "take 1", + "project": "project Operation, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)", + "linkColumnsDefinitions": [ + { + "projectedName": "Operation", + "Query": "{{BaseQuery}} \n| where TimeGenerated between (StartTime .. EndTime) \n| where Operation == ''\n" + } + ] + } + ] + }, + "chartQuery": { + "title": "Anomalous operation timeline", + "dataSets": [ + { + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost=maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore-maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,round(postExpectedCount,2)) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| take 1 \n| project Operation, TimeGenerated, count_\n| mvexpand TimeGenerated, count_ | project todatetime(TimeGenerated), toint(count_), Operation\n", + "xColumnName": "TimeGenerated", + "yColumnName": "count_", + "legendColumnName": "Operation" + } + ], + "type": "LineChart" + }, + "additionalQuery": { + "text": "Query all anomalous operations", + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_\n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies\n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh | order by maxAnomalyScorePost desc \n| project Operation, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)\n" + }, + "defaultTimeRange": { + "beforeRange": "1d", + "afterRange": "0d" + }, + "referenceTimeRange": { + "beforeRange": "12d" + }, + "dataTypes": [ + { + "dataType": "OfficeActivity" + } + ], + "inputEntityType": "Account", + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_UPNSuffix" + ] + ], + "entitiesFilter": {} + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/e6cf68e6-1eca-4fbb-9fad-6280f2a9476e", + "name": "e6cf68e6-1eca-4fbb-9fad-6280f2a9476e", + "type": "Microsoft.SecurityInsights/entities/queries", + "kind": "Insight", + "properties": { + "displayName": "Resource access", + "description": "Provides the count and distinct resource accesses by a given user account\n", + "baseQuery": "let Operations = dynamic([\"FileDownloaded\", \"FileUploaded\"]);\nlet UserOperationToSharePoint = (v_Account_Name:string, v_Account_UPNSuffix:string) {\nOfficeActivity\n// Select sharepoint activity that is relevant\n| where RecordType in~ ('SharePointFileOperation')\n| where Operation in~ (Operations)\n| extend Account_Name = tostring(split(UserId, '@')[0])\n| extend Account_UPNSuffix = tostring(split(UserId, '@')[1])\n| where Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix\n| project TimeGenerated, Account_Name, Account_UPNSuffix, UserId, OfficeId, RecordType, Operation, OrganizationId, UserType, UserKey, OfficeWorkload, OfficeObjectId, ClientIP, ItemType, UserAgent, Site_Url, SourceRelativeUrl, SourceFileName, SourceFileExtension , Start_Time , ElevationTime , TenantId, SourceSystem , Type\n};\nUserOperationToSharePoint ('CTFFUser4','seccxp.ninja')\n", + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Resource Type", + "outputType": "String", + "supportDeepLink": false + }, + { + "header": "Distinct Resources", + "outputType": "Number", + "supportDeepLink": true + }, + { + "header": "Total Resources", + "outputType": "Number", + "supportDeepLink": true + }, + { + "header": "IPAddress(es)", + "outputType": "String", + "supportDeepLink": false + } + ], + "queriesDefinitions": [ + { + "filter": "where Operation =~ 'FileUploaded'", + "summarize": "summarize DistinctResources = dcount(SourceFileName), TotalResources = count(SourceFileName), IPAddresses = make_set(ClientIP) by Operation", + "project": "project Title = Operation, DistinctResources, TotalResources, IPAddresses = case(array_length(IPAddresses) == 1, tostring(IPAddresses[0]), array_length(IPAddresses) > 1, 'Many', 'None')", + "linkColumnsDefinitions": [ + { + "projectedName": "DistinctResources", + "Query": "{{BaseQuery}} | " + }, + { + "projectedName": "TotalResources", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where Operation =~ 'FileDownloaded'", + "summarize": "summarize DistinctResources = dcount(SourceFileName), TotalResources = count(SourceFileName), IPAddresses = make_set(ClientIP) by Operation", + "project": "project Title = Operation, DistinctResources, TotalResources, IPAddresses = case(array_length(IPAddresses) == 1, tostring(IPAddresses[0]), array_length(IPAddresses) > 1, 'Many', 'None')", + "linkColumnsDefinitions": [ + { + "projectedName": "DistinctResources", + "Query": "{{BaseQuery}} | " + }, + { + "projectedName": "TotalResources", + "Query": "{{BaseQuery}} | " + } + ] + } + ] + }, + "chartQuery": { + "title": "Resource access over time", + "dataSets": [ + { + "query": "summarize DistinctResources = dcountif(Operation, Operation =~ 'FileUploaded'), TotalResources = countif(Operation =~ 'FileUploaded') by bin(TimeGenerated, 1h) | extend Legend = 'File Uploads'", + "xColumnName": "TimeGenerated", + "yColumnName": "TotalResources", + "legendColumnName": "Legend" + }, + { + "query": "summarize DistinctResources = dcountif(Operation, Operation =~ 'FileDownloaded'), TotalResources = countif(Operation =~ 'FileDownloaded') by bin(TimeGenerated, 1h) | extend Legend = 'File Downloads'", + "xColumnName": "TimeGenerated", + "yColumnName": "TotalResources", + "legendColumnName": "Legend" + } + ], + "type": "LineChart" + }, + "additionalQuery": { + "text": "See all resource activity", + "query": "where Operation in~ (Operations)" + }, + "defaultTimeRange": { + "beforeRange": "12h", + "afterRange": "12h" + }, + "referenceTimeRange": null, + "dataTypes": [ + { + "dataType": "OfficeActivity" + } + ], + "inputEntityType": "Account", + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_UPNSuffix" + ], + [ + "Account_AADUserId" + ] + ], + "entitiesFilter": {} + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4", + "name": "cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4", + "type": "Microsoft.SecurityInsights/entities/queries", + "kind": "Insight", + "properties": { + "displayName": "Anomalously high Azure sign-in result count", + "description": "Highlight Azure sign-in results by the user principal with anomalously high count compared to those observed in the preceding 14 days.", + "baseQuery": "let AScoreThresh=3; \nlet maxAnomalies=3; \nlet BeforeRange = 12d; \nlet EndTime=todatetime('{{EndTimeUTC}}');\nlet StartTime = todatetime('{{StartTimeUTC}}'); \nlet numDays = tolong((EndTime-StartTime)/1d); \nlet userData = (v_Account_Name:string, v_Account_UPNSuffix:string, v_Account_AADUserId:string) { \n SigninLogs \n | where TimeGenerated between ((StartTime-BeforeRange) .. EndTime)\n | extend splitUserId=split(UserPrincipalName, '@')\n | extend Account_Name = tostring(splitUserId[0]), Account_UPNSuffix = tostring(splitUserId[1])\n | where (Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix) or UserId =~ v_Account_AADUserId };\nuserData('CTFFUser4', 'seccxp.ninja', '')\n", + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Result Description", + "outputType": "String", + "supportDeepLink": true + }, + { + "header": "Expected Count", + "outputType": "Number", + "supportDeepLink": false + }, + { + "header": "Actual Count", + "outputType": "Number", + "supportDeepLink": false + } + ], + "queriesDefinitions": [ + { + "filter": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc\n", + "summarize": "take 1", + "project": "project ResultDescription, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)", + "linkColumnsDefinitions": [ + { + "projectedName": "ResultDescription", + "Query": "{{BaseQuery}} \n| where TimeGenerated between (StartTime .. EndTime) \n| where ResultDescription == ''\n" + } + ] + } + ] + }, + "chartQuery": { + "title": "Anomalous sign-in result timeline", + "dataSets": [ + { + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,round(postExpectedCount,2)) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| take 1 \n| project ResultDescription, TimeGenerated, count_ \n| mvexpand TimeGenerated, count_ \n| project todatetime(TimeGenerated), toint(count_), ResultDescription \n", + "xColumnName": "TimeGenerated", + "yColumnName": "count_", + "legendColumnName": "ResultDescription" + } + ], + "type": "LineChart" + }, + "additionalQuery": { + "text": "Query all anomalous sign-in results", + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_\n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies\n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| project ResultDescription, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)\n" + }, + "defaultTimeRange": { + "beforeRange": "1d", + "afterRange": "0d" + }, + "referenceTimeRange": { + "beforeRange": "12d" + }, + "dataTypes": [ + { + "dataType": "SigninLogs" + } + ], + "inputEntityType": "Account", + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_UPNSuffix" + ], + [ + "Account_AADUserId" + ] + ], + "entitiesFilter": {} + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetRegistryKeyEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetRegistryKeyEntityById.json new file mode 100644 index 00000000..1b5078f4 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetRegistryKeyEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "RegistryKey", + "properties": { + "friendlyName": "SOFTWARE", + "hive": "HKEY_LOCAL_MACHINE", + "key": "SOFTWARE" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetRegistryValueEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetRegistryValueEntityById.json new file mode 100644 index 00000000..726b6098 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetRegistryValueEntityById.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "dc44bd11-b348-4d76-ad29-37bf7aa41356" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/dc44bd11-b348-4d76-ad29-37bf7aa41356", + "name": "dc44bd11-b348-4d76-ad29-37bf7aa41356", + "type": "Microsoft.SecurityInsights/entities", + "kind": "RegistryValue", + "properties": { + "friendlyName": "Data", + "valueName": "Name", + "valueData": "Data", + "valueType": "String", + "keyEntityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityAlertEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityAlertEntityById.json new file mode 100644 index 00000000..1f5f0d3b --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityAlertEntityById.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "4aa486e0-6f85-41af-99ea-7acdce7be6c8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/4aa486e0-6f85-41af-99ea-7acdce7be6c8", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "SecurityAlert", + "properties": { + "systemAlertId": "4aa486e0-6f85-41af-99ea-7acdce7be6c8", + "intent": "Unknown", + "alertDisplayName": "Suspicious account detected", + "description": "", + "confidenceLevel": "Unknown", + "severity": "Medium", + "vendorName": "Microsoft", + "productName": "Azure Sentinel", + "productComponentName": "Scheduled Alerts", + "alertType": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b_46c7b6c0-ff43-44dd-8b4d-ceffff7aa7df", + "providerAlertId": "c2bafff9-fb31-41d0-a177-ecbff7a02ffe", + "processingEndTime": "2019-07-06T13:56:53.5392366Z", + "status": "New", + "endTimeUtc": "2019-07-06T13:21:45.926185Z", + "startTimeUtc": "2019-07-06T08:21:45.926185Z", + "timeGenerated": "2019-07-06T13:56:53.5392366Z", + "tactics": [ + "Persistence", + "LateralMovement" + ], + "additionalData": { + "Query": "Heartbeat \n| extend AccountCustomEntity = \"administrator\"", + "Query Period": "05:00:00", + "Trigger Operator": "GreaterThan", + "Trigger Threshold": "200", + "Search Query Results Overall Count": "203", + "Total Account Entities": "1" + }, + "friendlyName": "Suspicious account detected", + "alertLink": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518119885989999999_4aa486e0-6f85-41af-99ea-7acdce7be6c8/subscriptionId/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/myRg/myWorkspace/referencedFrom/alertDeepLink/location/centralus" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityGroupEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityGroupEntityById.json new file mode 100644 index 00000000..63726bc3 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityGroupEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "SecurityGroup", + "properties": { + "friendlyName": "Name", + "distinguishedName": "Name", + "sid": "Sid", + "objectGuid": "fb1b8e04-d944-4986-b39a-1ce9adedcd98" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSubmissionMailEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSubmissionMailEntityById.json new file mode 100644 index 00000000..70c52747 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSubmissionMailEntityById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "SubmissionMail", + "properties": { + "friendlyName": "recipient", + "submissionId": "5bb3d8fe-54bc-499c-bc21-86fe8df2a184", + "submitter": "submitter", + "recipient": "recipient", + "sender": "sender", + "senderIp": "1.4.35.34", + "subject": "subject", + "reportType": "report type" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetUrlEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetUrlEntityById.json new file mode 100644 index 00000000..de7ef67a --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetUrlEntityById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Url", + "properties": { + "friendlyName": "https://bing.com", + "url": "https://bing.com" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/expand/PostExpandEntity.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/expand/PostExpandEntity.json new file mode 100644 index 00000000..699aca47 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/expand/PostExpandEntity.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "parameters": { + "expansionId": "a77992f3-25e9-4d01-99a4-5ff606cc410a", + "startTime": "2019-04-25T00:00:00.000Z", + "endTime": "2019-05-26T00:00:00.000Z" + } + }, + "responses": { + "200": { + "body": { + "value": { + "entities": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Ip", + "properties": { + "address": "13.89.108.248", + "friendlyName": "13.89.108.248" + } + } + ], + "edges": [ + { + "targetEntityId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/c1d60d86-5988-11eb-ae93-0242ac130002", + "additionalData": { + "EpochTimestamp": "1608289949", + "FirstSeen": "2020-12-18T11:12:29.597Z", + "Source": "Heartbeat" + } + } + ] + }, + "metaData": { + "aggregations": [ + { + "entityKind": "Account", + "count": 1 + } + ] + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/insights/PostGetInsights.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/insights/PostGetInsights.json new file mode 100644 index 00000000..50f29030 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/insights/PostGetInsights.json @@ -0,0 +1,101 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "parameters": { + "addDefaultExtendedTimeRange": false, + "startTime": "2019-04-25T00:00:00.000Z", + "endTime": "2019-05-26T00:00:00.000Z", + "insightQueryIds": [ + "cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4" + ] + } + }, + "responses": { + "200": { + "body": { + "value": [ + { + "tableQueryResults": { + "columns": [ + { + "name": "Title", + "type": "string" + }, + { + "name": "NameCount", + "type": "long" + }, + { + "name": "SIDCount", + "type": "long" + }, + { + "name": "InternalOrder", + "type": "long" + }, + { + "name": "Index", + "type": "long" + } + ], + "rows": [ + [ + "MyTitle", + "15", + "SID", + "1", + "1" + ] + ] + }, + "chartQueryResults": [ + { + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime" + }, + { + "name": "Count", + "type": "long" + }, + { + "name": "Legend", + "type": "string" + } + ], + "rows": [ + [ + "2019-04-25T00:00:00.000Z", + "55", + "SomeLegend" + ] + ] + } + ], + "queryTimeInterval": { + "startTime": "2020-07-07T23:35:20Z", + "endTime": "2020-11-11T23:35:20Z" + }, + "queryId": "e29ee1ef-7445-455e-85f1-269f2d536d61" + } + ], + "metaData": { + "totalCount": 7, + "errors": [ + { + "kind": "Insight", + "queryId": "4a70a63d-25c4-6312-b73e-4f302a90c06a", + "errorMessage": "Internal server error" + } + ] + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/relations/GetAllEntityRelations.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/relations/GetAllEntityRelations.json new file mode 100644 index 00000000..c26b0b1d --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/relations/GetAllEntityRelations.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/entities/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/relations/GetEntityRelationByName.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/relations/GetEntityRelationByName.json new file mode 100644 index 00000000..c7a18b9d --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/relations/GetEntityRelationByName.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/entities/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/timeline/PostTimelineEntity.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/timeline/PostTimelineEntity.json new file mode 100644 index 00000000..6f9eb731 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/timeline/PostTimelineEntity.json @@ -0,0 +1,69 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "parameters": { + "numberOfBucket": 4, + "startTime": "2019-04-25T00:00:00.000Z", + "endTime": "2019-05-26T00:00:00.000Z" + } + }, + "responses": { + "200": { + "body": { + "value": [ + { + "kind": "SecurityAlert", + "description": "The alert description", + "azureResourceId": "4467341f-fb73-4f99-a9b3-29473532cf5a_bf7c3a2f-b743-6410-3ff0-ec64b5995d50", + "productName": "Azure Sentinel", + "displayName": "Alert display name", + "severity": "Medium", + "endTimeUtc": "2020-08-29T23:31:28.02Z", + "startTimeUtc": "2020-08-28T23:32:28.01Z", + "timeGenerated": "2020-08-29T23:37:25.8136594Z", + "alertType": "4467341f-fb73-4f99-a9b3-29473532cf5a_c93bf33e-055e-4972-9e7d-f84fe3fb61ae" + }, + { + "kind": "Activity", + "queryId": "e0459780-ac9d-4b72-8bd4-fecf6b46a0a1", + "bucketStartTimeUTC": "2020-08-29T21:31:28.02Z", + "bucketEndTimeUTC": "2020-08-29T23:31:28.02Z", + "firstActivityTimeUTC": "2020-08-29T21:35:28.02Z", + "lastActivityTimeUTC": "2020-08-29T21:35:28.02Z", + "content": "he user has deleted the account 3 time(s)", + "title": "The user has deleted an account" + } + ], + "metaData": { + "totalCount": 6, + "aggregations": [ + { + "count": 4, + "kind": "Activity" + }, + { + "count": 2, + "kind": "SecurityAlert" + } + ], + "errors": [ + { + "kind": "Activity", + "queryId": "11067f9f-d6a7-4488-887f-0ba564268879", + "errorMessage": "syntax error" + }, + { + "kind": "SecurityAlert", + "errorMessage": "internal server error" + } + ] + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entityQueries/GetEntityQueries.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entityQueries/GetEntityQueries.json new file mode 100644 index 00000000..1d78fee1 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entityQueries/GetEntityQueries.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/37ca3555-c135-4a73-a65e-9c1d00323f5d", + "name": "37ca3555-c135-4a73-a65e-9c1d00323f5d", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "kind": "Expansion", + "properties": { + "queryTemplate": "let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count asc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')", + "inputFields": [ + "address" + ], + "outputEntityTypes": [ + "Account" + ], + "dataSources": [ + "AzureActivity" + ], + "inputEntityType": "IP", + "displayName": "Least active accounts on Azure from this IP" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/97a1d515-abf2-4231-9a35-985f9de0bb91", + "name": "97a1d515-abf2-4231-9a35-985f9de0bb91", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "kind": "Expansion", + "properties": { + "queryTemplate": "let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count desc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')", + "inputFields": [ + "address" + ], + "outputEntityTypes": [ + "Account" + ], + "dataSources": [ + "AzureActivity" + ], + "inputEntityType": "IP", + "displayName": "Most active accounts on Azure from this IP" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json new file mode 100644 index 00000000..08ccab6f --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "kind": "Expansion", + "properties": { + "queryTemplate": "let GetParentProcessesOnHost = (v_Host_HostName:string){\r\n SecurityEvent \r\n | where EventID == 4688 \r\n | where isnotempty(ParentProcessName)\r\n | where NewProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe' and ParentProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe'\r\n and NewProcessName!contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe' and ParentProcessName !contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe'\r\n and ParentProcessName !contains ':\\\\Windows\\\\CCM\\\\CcmExec.exe'\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\svchost.exe' and (NewProcessName !contains ':\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe' or NewProcessName !contains ':\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe'))\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\services.exe' and NewProcessName !contains ':\\\\Windows\\\\servicing\\\\TrustedInstaller.exe')\r\n | where toupper(Computer) contains v_Host_HostName or toupper(WorkstationName) contains v_Host_HostName\r\n | summarize min(TimeGenerated), max(TimeGenerated) by Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project min_TimeGenerated, max_TimeGenerated, Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project-rename Process_Host_UnstructuredName=Computer, Process_Account_UnstructuredName=Account, Process_CommandLine=CommandLine, Process_ProcessId=ProcessId, Process_ImageFile_FullPath=NewProcessName, Process_ParentProcess_ImageFile_FullPath=ParentProcessName\r\n | top 10 by min_TimeGenerated asc};\r\n GetParentProcessesOnHost(toupper(''))", + "inputFields": [ + "hostName" + ], + "outputEntityTypes": [ + "Process" + ], + "dataSources": [ + "SecurityEvent" + ], + "inputEntityType": "Host", + "displayName": "Parent processes running on host" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json new file mode 100644 index 00000000..d81fa959 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json @@ -0,0 +1,109 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incident": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "providerName": "Azure Sentinel", + "providerIncidentId": "3177", + "relatedAnalyticRuleIds": [], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [] + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "providerName": "Azure Sentinel", + "providerIncidentId": "3177", + "relatedAnalyticRuleIds": [], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [] + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/DeleteIncident.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/DeleteIncident.json new file mode 100644 index 00000000..84a5d11b --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/DeleteIncident.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetAllIncidentAlerts.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetAllIncidentAlerts.json new file mode 100644 index 00000000..1cb622e0 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetAllIncidentAlerts.json @@ -0,0 +1,51 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "name": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "SecurityAlert", + "properties": { + "systemAlertId": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "tactics": [], + "alertDisplayName": "myAlert", + "confidenceLevel": "Unknown", + "severity": "Low", + "vendorName": "Microsoft", + "productName": "Azure Security Center", + "alertType": "myAlert", + "processingEndTime": "2020-07-20T18:21:53.6158361Z", + "status": "New", + "endTimeUtc": "2020-07-20T18:21:53.6158361Z", + "startTimeUtc": "2020-07-20T18:21:53.6158361Z", + "timeGenerated": "2020-07-20T18:21:53.6158361Z", + "resourceIdentifiers": [ + { + "type": "LogAnalytics", + "workspaceId": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroup": "myRG" + } + ], + "additionalData": { + "AlertMessageEnqueueTime": "2020-07-20T18:21:57.304Z" + }, + "friendlyName": "myAlert" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetAllIncidentBookmarks.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetAllIncidentBookmarks.json new file mode 100644 index 00000000..e8d5421a --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetAllIncidentBookmarks.json @@ -0,0 +1,78 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/afbd324f-6c48-459c-8710-8d1e1cd03812", + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "Bookmark", + "properties": { + "displayName": "SecurityEvent - 868f40f4698d", + "created": "2020-06-17T15:34:01.4265524+00:00", + "updated": "2020-06-17T15:34:01.4265524+00:00", + "createdBy": { + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@microsoft.com", + "name": "user" + }, + "updatedBy": { + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@microsoft.com", + "name": "user" + }, + "eventTime": "2020-06-17T15:34:01.4265524+00:00", + "labels": [], + "query": "SecurityEvent\r\n| take 1\n", + "queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}", + "additionalData": { + "ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", + "EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "friendlyName": "SecurityEvent - 868f40f4698d" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/bbbd324f-6c48-459c-8710-8d1e1cd03812", + "name": "bbbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "Bookmark", + "properties": { + "displayName": "SecurityEvent - 868f40f4698d", + "created": "2020-06-17T15:34:01.4265524+00:00", + "updated": "2020-06-17T15:34:01.4265524+00:00", + "createdBy": { + "objectId": "303ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@microsoft.com", + "name": "user" + }, + "updatedBy": { + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@microsoft.com", + "name": "user" + }, + "eventTime": "2020-06-17T15:34:01.4265524+00:00", + "labels": [], + "query": "SecurityEvent\r\n| take 1\n", + "queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}", + "additionalData": { + "ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", + "EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "friendlyName": "SecurityEvent - 868f40f4698d" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidentById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidentById.json new file mode 100644 index 00000000..60d2581a --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidentById.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "InaccurateData", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "providerName": "Azure Sentinel", + "providerIncidentId": "3177", + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "InitialAccess", + "Persistence" + ] + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidents.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidents.json new file mode 100644 index 00000000..2a3f27a0 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidents.json @@ -0,0 +1,62 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "$orderby": "properties/createdTimeUtc desc", + "$top": 1 + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "providerName": "Azure Sentinel", + "providerIncidentId": "3177", + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "Persistence" + ] + } + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/CreateIncidentComment.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/CreateIncidentComment.json new file mode 100644 index 00000000..70c0f0bb --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/CreateIncidentComment.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "incidentComment": { + "properties": { + "message": "Some message" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "190057d0-0000-0d00-0000-5c622adb0000", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/DeleteIncidentComment.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/DeleteIncidentComment.json new file mode 100644 index 00000000..77d29e52 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/DeleteIncidentComment.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/GetAllIncidentComments.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/GetAllIncidentComments.json new file mode 100644 index 00000000..b94e350a --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/GetAllIncidentComments.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + } + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/GetIncidentCommentById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/GetIncidentCommentById.json new file mode 100644 index 00000000..54e77267 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/GetIncidentCommentById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/entities/GetAllIncidentEntities.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/entities/GetAllIncidentEntities.json new file mode 100644 index 00000000..723c7f13 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/entities/GetAllIncidentEntities.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "entities": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "Account", + "properties": { + "friendlyName": "administrator", + "accountName": "administrator", + "ntDomain": "domain" + } + } + ], + "metaData": [ + { + "entityKind": "Account", + "count": 1 + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/CreateIncidentRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/CreateIncidentRelation.json new file mode 100644 index 00000000..b0f4b0f6 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/CreateIncidentRelation.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "relation": { + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/DeleteIncidentRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/DeleteIncidentRelation.json new file mode 100644 index 00000000..49a82ea4 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/DeleteIncidentRelation.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/GetAllIncidentRelations.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/GetAllIncidentRelations.json new file mode 100644 index 00000000..47fb4993 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/GetAllIncidentRelations.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/9673a17d-8bc7-4ca6-88ee-38a4f3efc032", + "name": "9673a17d-8bc7-4ca6-88ee-38a4f3efc032", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "6f714025-dd7c-46aa-b5d0-b9857488d060", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/1dd267cd-8a1f-4f6f-b92c-da43ac8819af", + "relatedResourceName": "1dd267cd-8a1f-4f6f-b92c-da43ac8819af", + "relatedResourceType": "Microsoft.SecurityInsights/entities", + "relatedResourceKind": "SecurityAlert" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/GetIncidentRelationByName.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/GetIncidentRelationByName.json new file mode 100644 index 00000000..cf5b863b --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/GetIncidentRelationByName.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/DeleteOfficeConsents.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/DeleteOfficeConsents.json new file mode 100644 index 00000000..91d4447f --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/DeleteOfficeConsents.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/GetOfficeConsents.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/GetOfficeConsents.json new file mode 100644 index 00000000..02c01221 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/GetOfficeConsents.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/officeConsents/04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "name": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "type": "Microsoft.SecurityInsights/officeConsents", + "properties": { + "tenantId": "5460b3d2-1e7b-4757-ad54-c858c7e3f252", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/GetOfficeConsentsById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/GetOfficeConsentsById.json new file mode 100644 index 00000000..90004231 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/GetOfficeConsentsById.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/officeConsents/04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "name": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "type": "Microsoft.SecurityInsights/officeConsents", + "properties": { + "tenantId": "5460b3d2-1e7b-4757-ad54-c858c7e3f252", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/DeleteEyesOnSetting.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/DeleteEyesOnSetting.json new file mode 100644 index 00000000..345b4494 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/DeleteEyesOnSetting.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "settingsName": "EyesOn" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/GetAllSettings.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/GetAllSettings.json new file mode 100644 index 00000000..1149edfc --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/GetAllSettings.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/GetEyesOnSetting.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/GetEyesOnSetting.json new file mode 100644 index 00000000..0f31f01a --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/GetEyesOnSetting.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "settingsName": "EyesOn" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/UpdateEyesOnSetting.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/UpdateEyesOnSetting.json new file mode 100644 index 00000000..6da0f3ed --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/UpdateEyesOnSetting.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "settingsName": "EyesOn", + "settings": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "EyesOn", + "properties": {} + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json new file mode 100644 index 00000000..8fa8ec5f --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json @@ -0,0 +1,19 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceAppendTags": { + "threatIntelligenceTags": [ + "tag1", + "tag2" + ] + } + }, + "responses": { + "200": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json new file mode 100644 index 00000000..098d87df --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "lastUpdatedTimeUtc": "2020-09-01T19:44:44.117403Z", + "threatTypeMetrics": [ + { + "metricName": "compromised", + "metricValue": 20 + } + ], + "patternTypeMetrics": [ + { + "metricName": "url", + "metricValue": 20 + } + ], + "sourceMetrics": [ + { + "metricName": "Azure Sentinel", + "metricValue": 10315 + }, + { + "metricName": "zinga", + "metricValue": 2 + } + ] + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CreateThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CreateThreatIntelligence.json new file mode 100644 index 00000000..09b3d081 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CreateThreatIntelligence.json @@ -0,0 +1,101 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ThreatIntelligenceProperties": { + "kind": "indicator", + "properties": { + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "description": "debugging indicators", + "externalReferences": [], + "granularMarkings": [], + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "validFrom": "2020-04-15T17:44:00.114052Z", + "validUntil": "" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T20:20:38.6160949Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T20:20:38.6160949Z", + "createdByRef": "aztestConnectors@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json new file mode 100644 index 00000000..e9f6856c --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/GetThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/GetThreatIntelligence.json new file mode 100644 index 00000000..b207abfd --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/GetThreatIntelligence.json @@ -0,0 +1,77 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 90, + "created": "2020-04-15T20:11:57.9666134Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:15:11.0746926Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema 2", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + }, + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T19:51:17.1050923Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:15:11.074903Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json new file mode 100644 index 00000000..cefa9f4b --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T19:51:17.1050923Z", + "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:18:49.2259902Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://abc.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/QueryThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/QueryThreatIntelligence.json new file mode 100644 index 00000000..5b36dd94 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/QueryThreatIntelligence.json @@ -0,0 +1,108 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ThreatIntelligenceFilteringCriteria": { + "pageSize": 100, + "minConfidence": 25, + "maxConfidence": 80, + "minValidUntil": "2020-04-05T17:44:00.114052Z", + "maxValidUntil": "2020-04-25T17:44:00.114052Z", + "sources": [ + "Azure Sentinel" + ], + "sortBy": [ + { + "itemKey": "lastUpdatedTimeUtc", + "sortOrder": "descending" + } + ] + } + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 90, + "created": "2020-04-15T20:11:57.9666134Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:15:11.0746926Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema 2", + "description": "debugging indicators 2", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z", + "parsedPattern": [ + { + "patternTypeKey": "network-traffic", + "patternTypeValues": [ + { + "valueType": "0", + "value": "SSH-2.0-PuTTY_Release_0.64" + }, + { + "valueType": "1", + "value": "194.88.106.146" + } + ] + } + ] + } + }, + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T19:51:17.1050923Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:15:11.074903Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json new file mode 100644 index 00000000..e787f08b --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceReplaceTags": { + "etag": "\"0000262c-0000-0800-0000-5e9767060000\"", + "kind": "indicator", + "properties": { + "threatIntelligenceTags": [ + "patching tags" + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T19:51:17.1050923Z", + "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T19:56:08.828946Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://abc.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json new file mode 100644 index 00000000..0ccf1b9f --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json @@ -0,0 +1,102 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceProperties": { + "kind": "indicator", + "properties": { + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "description": "debugging indicators", + "externalReferences": [], + "granularMarkings": [], + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "validFrom": "2020-04-15T17:44:00.114052Z", + "validUntil": "" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T20:20:38.6160949Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T20:20:38.6160949Z", + "createdByRef": "aztestConnectors@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlist.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlist.json new file mode 100644 index 00000000..cf140d6b --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlist.json @@ -0,0 +1,86 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlist": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "High Value Assets Watchlist", + "source": "Local file", + "provider": "Microsoft", + "description": "Watchlist from CSV content", + "numberOfLinesToSkip": 1, + "rawContent": "This line will be skipped\nheader1,header2\nvalue1,value2", + "contentType": "text/csv" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlistItem.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlistItem.json new file mode 100644 index 00000000..294fb55d --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlistItem.json @@ -0,0 +1,92 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "watchlistItem": { + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "properties": { + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "isDeleted": false, + "created": "2020-11-15T04:58:56.0748363+00:00", + "updated": "2020-11-16T16:05:20+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "isDeleted": false, + "created": "2020-11-15T04:58:56.0748363+00:00", + "updated": "2020-11-16T16:05:20+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlist.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlist.json new file mode 100644 index 00000000..9ee1aed0 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlist.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlistItem.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlistItem.json new file mode 100644 index 00000000..dcdd676c --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlistItem.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistByAlias.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistByAlias.json new file mode 100644 index 00000000..f697357b --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistByAlias.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "isDeleted": false, + "labels": [ + "Tag1", + "Tag2" + ], + "defaultDuration": "P1279DT12H30M5S", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistItemById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistItemById.json new file mode 100644 index 00000000..97a74265 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistItemById.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "watchlistAlias": "highValueAsset", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistItemId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", + "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "isDeleted": false, + "created": "2021-02-04T12:27:32.3783333-08:00", + "updated": "2021-02-04T12:27:32.3783333-08:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Header-1": "v1_1", + "Header-2": "v1_2", + "Header-3": "v1_3", + "Header-4": "v1_4", + "Header-5": "v1_5" + }, + "entityMapping": {} + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistItems.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistItems.json new file mode 100644 index 00000000..65306acc --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistItems.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", + "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "isDeleted": false, + "created": "2021-02-04T12:27:32.3783333-08:00", + "updated": "2021-02-04T12:27:32.3783333-08:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Header-1": "v1_1", + "Header-2": "v1_2", + "Header-3": "v1_3", + "Header-4": "v1_4", + "Header-5": "v1_5" + }, + "entityMapping": {} + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlists.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlists.json new file mode 100644 index 00000000..b1020c26 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlists.json @@ -0,0 +1,51 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "isDeleted": false, + "labels": [ + "Tag1", + "Tag2" + ], + "defaultDuration": "P1279DT12H30M5S", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/AlertRules.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/AlertRules.json new file mode 100644 index 00000000..d4f0b725 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/AlertRules.json @@ -0,0 +1,1887 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2021-03-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules": { + "get": { + "x-ms-examples": { + "Get all alert rules.": { + "$ref": "./examples/alertRules/GetAllAlertRules.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Gets all alert rules.", + "operationId": "AlertRules_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRulesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}": { + "get": { + "x-ms-examples": { + "Get a Scheduled alert rule.": { + "$ref": "./examples/alertRules/GetScheduledAlertRule.json" + }, + "Get a Fusion alert rule.": { + "$ref": "./examples/alertRules/GetFusionAlertRule.json" + }, + "Get a MicrosoftSecurityIncidentCreation rule.": { + "$ref": "./examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Gets the alert rule.", + "operationId": "AlertRules_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a Scheduled alert rule.": { + "$ref": "./examples/alertRules/CreateScheduledAlertRule.json" + }, + "Creates or updates a Fusion alert rule.": { + "$ref": "./examples/alertRules/CreateFusionAlertRule.json" + }, + "Creates or updates a MicrosoftSecurityIncidentCreation rule.": { + "$ref": "./examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Creates or updates the alert rule.", + "operationId": "AlertRules_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/AlertRule" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an alert rule.": { + "$ref": "./examples/alertRules/DeleteAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Delete the alert rule.", + "operationId": "AlertRules_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions": { + "get": { + "x-ms-examples": { + "Get all actions of alert rule.": { + "$ref": "./examples/actions/GetAllActionsByAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Gets all actions of alert rule.", + "operationId": "Actions_ListByAlertRule", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ActionsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}": { + "get": { + "x-ms-examples": { + "Get an action of alert rule.": { + "$ref": "./examples/actions/GetActionOfAlertRuleById.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Gets the action of alert rule.", + "operationId": "Actions_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an action of alert rule.": { + "$ref": "./examples/actions/CreateActionOfAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Creates or updates the action of alert rule.", + "operationId": "Actions_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + }, + { + "$ref": "#/parameters/Action" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an action of alert rule.": { + "$ref": "./examples/actions/DeleteActionOfAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Delete the action of alert rule.", + "operationId": "Actions_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates": { + "get": { + "x-ms-examples": { + "Get all alert rule templates.": { + "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplates.json" + } + }, + "tags": [ + "Alert Rule Templates" + ], + "description": "Gets all alert rule templates.", + "operationId": "AlertRuleTemplates_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRuleTemplatesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}": { + "get": { + "x-ms-examples": { + "Get alert rule template by Id.": { + "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplateById.json" + } + }, + "tags": [ + "Alert Rule Templates" + ], + "description": "Gets the alert rule template.", + "operationId": "AlertRuleTemplates_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AlertRuleTemplateId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRuleTemplate" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "Action": { + "description": "The action", + "in": "body", + "name": "action", + "required": true, + "schema": { + "$ref": "#/definitions/ActionRequest" + }, + "x-ms-parameter-location": "method" + }, + "ActionId": { + "description": "Action ID", + "in": "path", + "name": "actionId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "AlertRule": { + "description": "The alert rule", + "in": "body", + "name": "alertRule", + "required": true, + "schema": { + "$ref": "#/definitions/AlertRule" + }, + "x-ms-parameter-location": "method" + }, + "AlertRuleTemplateId": { + "description": "Alert rule template ID", + "in": "path", + "name": "alertRuleTemplateId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "RuleId": { + "description": "Alert rule ID", + "in": "path", + "name": "ruleId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "AlertRule": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Alert rule.", + "properties": { + "kind": { + "$ref": "#/definitions/AlertRuleKindEnum", + "description": "The kind of the alert rule" + } + }, + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "AlertRuleKindEnum": { + "description": "The kind of the alert rule", + "enum": [ + "Scheduled", + "MicrosoftSecurityIncidentCreation", + "Fusion", + "MLBehaviorAnalytics", + "ThreatIntelligence" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertRuleKind", + "values": [ + { + "value": "Scheduled" + }, + { + "value": "MicrosoftSecurityIncidentCreation" + }, + { + "value": "Fusion" + }, + { + "value": "MLBehaviorAnalytics" + }, + { + "value": "ThreatIntelligence" + } + ] + } + }, + "AlertRuleTemplate": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/Resource" + } + ], + "description": "Alert rule template.", + "discriminator": "kind", + "type": "object", + "properties": { + "kind": { + "$ref": "#/definitions/AlertRuleKindEnum", + "description": "The kind of the alert rule" + } + }, + "required": [ + "kind" + ] + }, + "AlertRuleTemplateDataSource": { + "description": "alert rule template data sources", + "properties": { + "connectorId": { + "description": "The connector id that provides the following data types", + "type": "string" + }, + "dataTypes": { + "description": "The data types used by the alert rule template", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AlertRuleTemplatePropertiesBase": { + "description": "Base alert rule template property bag.", + "properties": { + "alertRulesCreatedByTemplateCount": { + "description": "the number of alert rules that were created by this template", + "type": "integer", + "format": "int32" + }, + "lastUpdatedDateUTC": { + "description": "The last time that this alert rule template has been updated.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "createdDateUTC": { + "description": "The time that this alert rule template has been added.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the alert rule template.", + "type": "string" + }, + "displayName": { + "description": "The display name for alert rule template.", + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data sources for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "type": "array" + }, + "status": { + "description": "The alert rule template status.", + "enum": [ + "Installed", + "Available", + "NotAvailable" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "TemplateStatus", + "values": [ + { + "description": "Alert rule template installed. and can not use more then once", + "value": "Installed" + }, + { + "description": "Alert rule template is available.", + "value": "Available" + }, + { + "description": "Alert rule template is not available", + "value": "NotAvailable" + } + ] + } + } + }, + "type": "object" + }, + "AlertRuleTemplatesList": { + "description": "List all the alert rule templates.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of alert rule templates.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of alert rule templates.", + "items": { + "$ref": "#/definitions/AlertRuleTemplate" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "AlertRuleTriggerOperator": { + "description": "The operation against the threshold that triggers alert rule.", + "enum": [ + "GreaterThan", + "LessThan", + "Equal", + "NotEqual" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "TriggerOperator" + } + }, + "AlertRulesList": { + "description": "List all the alert rules.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of alert rules.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of alert rules.", + "items": { + "$ref": "#/definitions/AlertRule" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "AlertSeverity": { + "description": "The severity of the alert", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertSeverity", + "values": [ + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "AttackTactic": { + "description": "The severity for alerts created by this alert rule.", + "enum": [ + "InitialAccess", + "Execution", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact", + "PreAttack" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AttackTactic" + } + }, + "MLBehaviorAnalyticsAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents MLBehaviorAnalytics alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/MLBehaviorAnalyticsAlertRuleProperties", + "description": "MLBehaviorAnalytics alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MLBehaviorAnalytics" + }, + "MLBehaviorAnalyticsAlertRuleProperties": { + "description": "MLBehaviorAnalytics alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "readOnly": true, + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert rule has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ], + "type": "object" + }, + "MLBehaviorAnalyticsAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents MLBehaviorAnalytics alert rule template.", + "properties": { + "properties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" + } + ], + "description": "MLBehaviorAnalytics alert rule template properties.", + "properties": { + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "tactics": { + "description": "The tactics of the alert rule template.", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "displayName", + "description", + "status", + "severity", + "alertRulesCreatedByTemplateCount" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MLBehaviorAnalytics" + }, + "FusionAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents Fusion alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/FusionAlertRuleProperties", + "description": "Fusion alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Fusion" + }, + "FusionAlertRuleProperties": { + "description": "Fusion alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "readOnly": true, + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ], + "type": "object" + }, + "FusionAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents Fusion alert rule template.", + "properties": { + "properties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" + } + ], + "description": "Fusion alert rule template properties", + "properties": { + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "tactics": { + "description": "The tactics of the alert rule template", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "type": "array" + } + }, + "required": [ + "displayName", + "description", + "status", + "severity", + "alertRulesCreatedByTemplateCount" + ], + "type": "object", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Fusion" + }, + "ThreatIntelligenceAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents Threat Intelligence alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ThreatIntelligenceAlertRuleProperties", + "description": "Threat Intelligence alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "ThreatIntelligenceAlertRuleProperties": { + "description": "Threat Intelligence alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "readOnly": true, + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ], + "type": "object" + }, + "ThreatIntelligenceAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents Threat Intelligence alert rule template.", + "properties": { + "properties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" + } + ], + "description": "Threat Intelligence alert rule template properties", + "properties": { + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "tactics": { + "description": "The tactics of the alert rule template", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "type": "array" + } + }, + "required": [ + "displayName", + "description", + "status", + "severity", + "alertRulesCreatedByTemplateCount" + ], + "type": "object", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "MicrosoftSecurityIncidentCreationAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents MicrosoftSecurityIncidentCreation rule.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleProperties", + "description": "MicrosoftSecurityIncidentCreation rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" + }, + "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties": { + "description": "MicrosoftSecurityIncidentCreation rule common property bag.", + "properties": { + "displayNamesFilter": { + "description": "the alerts' displayNames on which the cases will be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "displayNamesExcludeFilter": { + "description": "the alerts' displayNames on which the cases will not be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "productFilter": { + "description": "The alerts' productName on which the cases will be generated", + "enum": [ + "Microsoft Cloud App Security", + "Azure Security Center", + "Azure Advanced Threat Protection", + "Azure Active Directory Identity Protection", + "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", + "Microsoft Defender Advanced Threat Protection" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "MicrosoftSecurityProductName" + } + }, + "severitiesFilter": { + "description": "the alerts' severities on which the cases will be generated", + "items": { + "$ref": "#/definitions/AlertSeverity" + }, + "type": "array" + } + }, + "required": [ + "productFilter" + ], + "type": "object" + }, + "MicrosoftSecurityIncidentCreationAlertRuleProperties": { + "allOf": [ + { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleCommonProperties" + } + ], + "description": "MicrosoftSecurityIncidentCreation rule property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "displayName", + "enabled", + "productFilter" + ], + "type": "object" + }, + "MicrosoftSecurityIncidentCreationAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents MicrosoftSecurityIncidentCreation rule template.", + "properties": { + "properties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" + }, + { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleCommonProperties" + } + ], + "description": "MicrosoftSecurityIncidentCreation rule template properties", + "required": [ + "displayName", + "description", + "createdDateUTC", + "status", + "alertRulesCreatedByTemplateCount", + "productFilter" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" + }, + "ScheduledAlertRuleProperties": { + "allOf": [ + { + "$ref": "#/definitions/ScheduledAlertRuleCommonProperties" + } + ], + "description": "Scheduled alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert rule has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "suppressionDuration": { + "description": "The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.", + "format": "duration", + "type": "string" + }, + "suppressionEnabled": { + "description": "Determines whether the suppression for this alert rule is enabled or disabled.", + "type": "boolean" + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "type": "array" + }, + "incidentConfiguration": { + "$ref": "#/definitions/IncidentConfiguration", + "description": "The settings of the incidents that created from alerts triggered by this analytics rule" + } + }, + "required": [ + "displayName", + "enabled", + "severity", + "query", + "queryFrequency", + "queryPeriod", + "triggerOperator", + "triggerThreshold", + "suppressionEnabled", + "suppressionDuration" + ], + "type": "object" + }, + "ScheduledAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents scheduled alert rule template.", + "properties": { + "properties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" + }, + { + "$ref": "#/definitions/ScheduledAlertRuleCommonProperties" + } + ], + "description": "Scheduled alert rule template properties", + "properties": { + "tactics": { + "description": "The tactics of the alert rule template", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "type": "array" + } + }, + "required": [ + "displayName", + "description", + "status", + "alertRulesCreatedByTemplateCount", + "severity", + "query", + "queryFrequency", + "queryPeriod", + "triggerOperator", + "triggerThreshold" + ], + "type": "object", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Scheduled" + }, + "EventGroupingSettings": { + "description": "Event grouping settings property bag.", + "properties": { + "aggregationKind": { + "$ref": "#/definitions/EventGroupingAggregationKind" + } + }, + "type": "object" + }, + "EventGroupingAggregationKind": { + "description": "The event grouping aggregation kinds", + "enum": [ + "SingleAlert", + "AlertPerResult" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EventGroupingAggregationKind" + } + }, + "ScheduledAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents scheduled alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ScheduledAlertRuleProperties", + "description": "Scheduled alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Scheduled" + }, + "ScheduledAlertRuleCommonProperties": { + "description": "Scheduled alert rule template property bag.", + "properties": { + "query": { + "description": "The query that creates alerts for this rule.", + "type": "string" + }, + "queryFrequency": { + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run.", + "format": "duration", + "type": "string" + }, + "queryPeriod": { + "description": "The period (in ISO 8601 duration format) that this alert rule looks at.", + "format": "duration", + "type": "string" + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "triggerOperator": { + "$ref": "#/definitions/AlertRuleTriggerOperator", + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "description": "The threshold triggers this alert rule.", + "type": "integer", + "format": "int32" + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "customDetails": { + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "$ref": "#/definitions/EntityMappings", + "description": "Array of the entity mappings of the alert rule" + }, + "alertDetailsOverride": { + "type": "object", + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + } + }, + "type": "object" + }, + "EntityMappings": { + "description": "List of entity mappings of the alert rule", + "type": "array", + "items": { + "$ref": "#/definitions/EntityMapping" + } + }, + "EntityMapping": { + "description": "Single entity mapping for the alert rule", + "properties": { + "entityType": { + "$ref": "#/definitions/EntityMappingType" + }, + "fieldMappings": { + "description": "array of field mappings for the given entity mapping", + "type": "array", + "items": { + "$ref": "#/definitions/FieldMapping" + } + } + }, + "type": "object" + }, + "FieldMapping": { + "description": "A single field mapping of the mapped entity", + "properties": { + "identifier": { + "description": "the V3 identifier of the entity", + "type": "string" + }, + "columnName": { + "description": "the column name to be mapped to the identifier", + "type": "string" + } + }, + "type": "object" + }, + "AlertDetailsOverride": { + "description": "Settings for how to dynamically override alert static details", + "properties": { + "alertDisplayNameFormat": { + "description": "the format containing columns name(s) to override the alert name", + "type": "string" + }, + "alertDescriptionFormat": { + "description": "the format containing columns name(s) to override the alert description", + "type": "string" + }, + "alertTacticsColumnName": { + "description": "the column name to take the alert tactics from", + "type": "string" + }, + "alertSeverityColumnName": { + "description": "the column name to take the alert severity from", + "type": "string" + } + }, + "type": "object" + }, + "IncidentConfiguration": { + "description": "Incident Configuration property bag.", + "properties": { + "createIncident": { + "description": "Create incidents from alerts triggered by this analytics rule", + "type": "boolean" + }, + "groupingConfiguration": { + "$ref": "#/definitions/GroupingConfiguration", + "description": "Set how the alerts that are triggered by this analytics rule, are grouped into incidents" + } + }, + "type": "object", + "required": [ + "createIncident" + ] + }, + "GroupingConfiguration": { + "description": "Grouping configuration property bag.", + "properties": { + "enabled": { + "description": "Grouping enabled", + "type": "boolean" + }, + "reopenClosedIncident": { + "description": "Re-open closed matching incidents", + "type": "boolean" + }, + "lookbackDuration": { + "description": "Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)", + "format": "duration", + "type": "string" + }, + "matchingMethod": { + "description": "Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.", + "enum": [ + "AllEntities", + "AnyAlert", + "Selected" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "MatchingMethod", + "values": [ + { + "description": "Grouping alerts into a single incident if all the entities match", + "value": "AllEntities" + }, + { + "description": "Grouping any alerts triggered by this rule into a single incident", + "value": "AnyAlert" + }, + { + "description": "Grouping alerts into a single incident if the selected entities, custom details and alert details match", + "value": "Selected" + } + ] + } + }, + "groupByEntities": { + "description": "A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.", + "items": { + "$ref": "#/definitions/EntityMappingType" + }, + "type": "array" + }, + "groupByAlertDetails": { + "description": "A list of alert details to group by (when matchingMethod is Selected)", + "items": { + "description": "Alert detail", + "enum": [ + "DisplayName", + "Severity" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertDetail", + "values": [ + { + "description": "Alert display name", + "value": "DisplayName" + }, + { + "description": "Alert severity", + "value": "Severity" + } + ] + } + }, + "type": "array" + }, + "groupByCustomDetails": { + "description": "A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "enabled", + "reopenClosedIncident", + "lookbackDuration", + "matchingMethod" + ] + }, + "ActionRequest": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Action for alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ActionRequestProperties", + "description": "Action properties for put request", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "ActionPropertiesBase": { + "description": "Action property bag base.", + "properties": { + "logicAppResourceId": { + "description": "Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.", + "type": "string" + } + }, + "required": [ + "logicAppResourceId" + ], + "type": "object" + }, + "ActionRequestProperties": { + "allOf": [ + { + "$ref": "#/definitions/ActionPropertiesBase" + } + ], + "description": "Action property bag.", + "properties": { + "triggerUri": { + "description": "Logic App Callback URL for this specific workflow.", + "type": "string", + "x-ms-secret": true + } + }, + "required": [ + "triggerUri" + ], + "type": "object" + }, + "ActionResponse": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Action for alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ActionResponseProperties", + "description": "Action properties for get request", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "ActionResponseProperties": { + "allOf": [ + { + "$ref": "#/definitions/ActionPropertiesBase" + } + ], + "description": "Action property bag.", + "properties": { + "workflowId": { + "description": "The name of the logic app's workflow.", + "type": "string" + } + }, + "type": "object" + }, + "ActionsList": { + "description": "List all the actions.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of actions.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of actions.", + "items": { + "$ref": "#/definitions/ActionResponse" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "EntityMappingType": { + "description": "The V3 type of the mapped entity", + "enum": [ + "Account", + "Host", + "IP", + "Malware", + "File", + "Process", + "CloudApplication", + "DNS", + "AzureResource", + "FileHash", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "URL", + "Mailbox", + "MailCluster", + "MailMessage", + "SubmissionMail" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityMappingType", + "values": [ + { + "description": "User account entity type", + "value": "Account" + }, + { + "description": "Host entity type", + "value": "Host" + }, + { + "description": "IP address entity type", + "value": "IP" + }, + { + "description": "Malware entity type", + "value": "Malware" + }, + { + "description": "System file entity type", + "value": "File" + }, + { + "description": "Process entity type", + "value": "Process" + }, + { + "description": "Cloud app entity type", + "value": "CloudApplication" + }, + { + "description": "DNS entity type", + "value": "DNS" + }, + { + "description": "Azure resource entity type", + "value": "AzureResource" + }, + { + "description": "File-hash entity type", + "value": "FileHash" + }, + { + "description": "Registry key entity type", + "value": "RegistryKey" + }, + { + "description": "Registry value entity type", + "value": "RegistryValue" + }, + { + "description": "Security group entity type", + "value": "SecurityGroup" + }, + { + "description": "URL entity type", + "value": "URL" + }, + { + "description": "Mailbox entity type", + "value": "Mailbox" + }, + { + "description": "Mail cluster entity type", + "value": "MailCluster" + }, + { + "description": "Mail message entity type", + "value": "MailMessage" + }, + { + "description": "Submission mail entity type", + "value": "SubmissionMail" + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/EntityDefinitions.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/EntityDefinitions.json new file mode 100644 index 00000000..6eb99cab --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/EntityDefinitions.json @@ -0,0 +1,181 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2021-03-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": {}, + "definitions": { + "EntityInnerType": { + "description": "The type of the entity", + "enum": [ + "Account", + "Host", + "File", + "AzureResource", + "CloudApplication", + "DNS", + "FileHash", + "IP", + "Malware", + "Process", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "URL", + "IoTDevice", + "SecurityAlert", + "HuntingBookmark", + "MailCluster", + "MailMessage", + "Mailbox", + "SubmissionMail" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityType", + "values": [ + { + "description": "Entity represents account in the system.", + "value": "Account" + }, + { + "description": "Entity represents host in the system.", + "value": "Host" + }, + { + "description": "Entity represents file in the system.", + "value": "File" + }, + { + "description": "Entity represents azure resource in the system.", + "value": "AzureResource" + }, + { + "description": "Entity represents cloud application in the system.", + "value": "CloudApplication" + }, + { + "description": "Entity represents dns in the system.", + "value": "DNS" + }, + { + "description": "Entity represents file hash in the system.", + "value": "FileHash" + }, + { + "description": "Entity represents ip in the system.", + "value": "IP" + }, + { + "description": "Entity represents malware in the system.", + "value": "Malware" + }, + { + "description": "Entity represents process in the system.", + "value": "Process" + }, + { + "description": "Entity represents registry key in the system.", + "value": "RegistryKey" + }, + { + "description": "Entity represents registry value in the system.", + "value": "RegistryValue" + }, + { + "description": "Entity represents security group in the system.", + "value": "SecurityGroup" + }, + { + "description": "Entity represents url in the system.", + "value": "URL" + }, + { + "description": "Entity represents IoT device in the system.", + "value": "IoTDevice" + }, + { + "description": "Entity represents security alert in the system.", + "value": "SecurityAlert" + }, + { + "description": "Entity represents HuntingBookmark in the system.", + "value": "HuntingBookmark" + }, + { + "description": "Entity represents mail cluster in the system.", + "value": "MailCluster" + }, + { + "description": "Entity represents mail message in the system.", + "value": "MailMessage" + }, + { + "description": "Entity represents mailbox in the system.", + "value": "Mailbox" + }, + { + "description": "Entity represents submission mail in the system.", + "value": "SubmissionMail" + } + ] + } + }, + "EntityQueryKind": { + "description": "The kind of the entity query", + "enum": [ + "Expansion", + "Insight", + "Activity" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityQueryKind", + "values": [ + { + "value": "Expansion" + }, + { + "value": "Insight" + }, + { + "value": "Activity" + } + ] + } + } + }, + "parameters": {} +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/EntityQueries.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/EntityQueries.json new file mode 100644 index 00000000..80cd31cc --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/EntityQueries.json @@ -0,0 +1,518 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2021-03-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries": { + "get": { + "x-ms-examples": { + "Get all entity queries.": { + "$ref": "./examples/entityQueries/GetEntityQueries.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Gets all entity queries.", + "operationId": "EntityQueries_List", + "parameters": [ + { + "$ref": "#/parameters/EntityQueryKind" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQueryList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}": { + "get": { + "x-ms-examples": { + "Get an Expansion entity query.": { + "$ref": "./examples/entityQueries/GetExpansionEntityQueryById.json" + }, + "Get an Activity entity query.": { + "$ref": "./examples/entityQueries/GetActivityEntityQueryById.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Gets an entity query.", + "operationId": "EntityQueries_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityQueryId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQuery" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an Activity entity query.": { + "$ref": "./examples/entityQueries/CreateEntityQueryActivity.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Creates or updates the entity query.", + "operationId": "EntityQueries_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityQueryId" + }, + { + "$ref": "#/parameters/CustomEntityQuery" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQuery" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/EntityQuery" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an entity query.": { + "$ref": "./examples/entityQueries/DeleteEntityQuery.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Delete the entity query.", + "operationId": "EntityQueries_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityQueryId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "CustomEntityQueryKind": { + "description": "The kind of the entity query that supports put request.", + "enum": [ + "Activity" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "CustomEntityQueryKind", + "values": [ + { + "value": "Activity" + } + ] + } + }, + "EntityQueryList": { + "description": "List of all the entity queries.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of entity queries.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of entity queries.", + "items": { + "$ref": "#/definitions/EntityQuery" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "EntityQuery": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Specific entity query.", + "discriminator": "kind", + "properties": { + "kind": { + "$ref": "EntityDefinitions.json#/definitions/EntityQueryKind", + "description": "the entity query kind" + } + }, + "type": "object", + "required": [ + "kind" + ] + }, + "CustomEntityQuery": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Specific entity query that supports put requests.", + "discriminator": "kind", + "properties": { + "kind": { + "$ref": "#/definitions/CustomEntityQueryKind", + "description": "the entity query kind" + } + }, + "type": "object", + "required": [ + "kind" + ] + }, + "ExpansionEntityQuery": { + "description": "Represents Expansion entity query.", + "allOf": [ + { + "$ref": "#/definitions/EntityQuery" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ExpansionEntityQueriesProperties", + "description": "Expansion entity query properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Expansion" + }, + "ExpansionEntityQueriesProperties": { + "description": "Describes expansion entity query properties", + "properties": { + "dataSources": { + "description": "List of the data sources that are required to run the query", + "items": { + "description": "data source", + "type": "string" + }, + "type": "array" + }, + "displayName": { + "description": "The query display name", + "type": "string" + }, + "inputEntityType": { + "$ref": "EntityDefinitions.json#/definitions/EntityInnerType", + "description": "The type of the query's source entity" + }, + "inputFields": { + "description": "List of the fields of the source entity that are required to run the query", + "items": { + "description": "input field", + "type": "string" + }, + "type": "array" + }, + "outputEntityTypes": { + "description": "List of the desired output types to be constructed from the result", + "items": { + "$ref": "EntityDefinitions.json#/definitions/EntityInnerType", + "description": "output entity type" + }, + "type": "array" + }, + "queryTemplate": { + "description": "The template query string to be parsed and formatted", + "type": "string" + } + }, + "type": "object" + }, + "ActivityEntityQuery": { + "description": "Represents Activity entity query.", + "allOf": [ + { + "$ref": "#/definitions/EntityQuery" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ActivityEntityQueriesProperties", + "description": "Activity entity query properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Activity" + }, + "ActivityCustomEntityQuery": { + "description": "Represents Activity entity query.", + "allOf": [ + { + "$ref": "#/definitions/CustomEntityQuery" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ActivityEntityQueriesProperties", + "description": "Activity entity query properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Activity" + }, + "ActivityEntityQueriesProperties": { + "description": "Describes activity entity query properties", + "properties": { + "title": { + "description": "The entity query title", + "type": "string" + }, + "content": { + "description": "The entity query content to display in timeline", + "type": "string" + }, + "description": { + "description": "The entity query description", + "type": "string" + }, + "queryDefinitions": { + "description": "The Activity query definitions", + "properties": { + "query": { + "description": "The Activity query to run on a given entity", + "type": "string" + } + }, + "type": "object" + }, + "inputEntityType": { + "$ref": "EntityDefinitions.json#/definitions/EntityInnerType", + "description": "The type of the query's source entity" + }, + "requiredInputFieldsSets": { + "description": "List of the fields of the source entity that are required to run the query", + "items": { + "description": "Sub sets of the field of the source entity that are required to run the query", + "items": { + "description": "Required input field name", + "type": "string" + }, + "type": "array" + }, + "type": "array" + }, + "entitiesFilter": { + "description": "The query applied only to entities matching to all filters", + "type": "object", + "additionalProperties": { + "description": "Filter field name", + "items": { + "description": "Filter field values", + "type": "string" + }, + "type": "array" + } + }, + "templateName": { + "description": "The template id this activity was created from", + "type": "string" + }, + "enabled": { + "description": "Determines whether this activity is enabled or disabled.", + "type": "boolean" + }, + "createdTimeUtc": { + "description": "The time the activity was created", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "lastModifiedTimeUtc": { + "description": "The last time the activity was updated", + "format": "date-time", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + } + }, + "parameters": { + "EntityQueryId": { + "description": "entity query ID", + "in": "path", + "name": "entityQueryId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "EntityQueryKind": { + "description": "The entity query kind we want to fetch", + "in": "query", + "name": "kind", + "required": false, + "enum": [ + "Expansion", + "Activity" + ], + "type": "string", + "x-ms-parameter-location": "method" + }, + "CustomEntityQuery": { + "description": "The entity query we want to create or update", + "in": "body", + "name": "entityQuery", + "required": true, + "schema": { + "$ref": "#/definitions/CustomEntityQuery" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/Incidents.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/Incidents.json new file mode 100644 index 00000000..0098a0ab --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/Incidents.json @@ -0,0 +1,4206 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2021-03-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents": { + "get": { + "x-ms-examples": { + "Get all incidents.": { + "$ref": "./examples/incidents/GetIncidents.json" + } + }, + "tags": [ + "Incidents" + ], + "description": "Gets all incidents.", + "operationId": "Incidents_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}": { + "get": { + "x-ms-examples": { + "Get an incident.": { + "$ref": "./examples/incidents/GetIncidentById.json" + } + }, + "tags": [ + "Incidents" + ], + "description": "Gets an incident.", + "operationId": "Incidents_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an incident.": { + "$ref": "./examples/incidents/CreateIncident.json" + } + }, + "tags": [ + "Incidents" + ], + "description": "Creates or updates the incident.", + "operationId": "Incidents_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/Incident" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an incident.": { + "$ref": "./examples/incidents/DeleteIncident.json" + } + }, + "tags": [ + "Incidents" + ], + "description": "Delete the incident.", + "operationId": "Incidents_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/createTeam": { + "post": { + "x-ms-examples": { + "Creates incident teams group.": { + "$ref": "./examples/incidents/CreateTeam.json" + } + }, + "tags": [ + "IncidentTeam" + ], + "description": "Creates a Microsoft team to investigate the incident by sharing information and insights between participants.", + "operationId": "Incidents_CreateTeam", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/TeamProperties" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/TeamInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts": { + "post": { + "x-ms-examples": { + "Get all incident alerts.": { + "$ref": "./examples/incidents/GetAllIncidentAlerts.json" + } + }, + "tags": [ + "IncidentAlerts" + ], + "description": "Gets all incident alerts.", + "operationId": "Incidents_ListAlerts", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentAlertList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks": { + "post": { + "x-ms-examples": { + "Get all incident bookmarks.": { + "$ref": "./examples/incidents/GetAllIncidentBookmarks.json" + } + }, + "tags": [ + "IncidentBookmarks" + ], + "description": "Gets all incident bookmarks.", + "operationId": "Incidents_ListBookmarks", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentBookmarkList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments": { + "get": { + "x-ms-examples": { + "Get all incident comments.": { + "$ref": "./examples/incidents/comments/GetAllIncidentComments.json" + } + }, + "tags": [ + "IncidentComments" + ], + "description": "Gets all incident comments.", + "operationId": "IncidentComments_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentCommentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-odata": "#/definitions/IncidentComment", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}": { + "get": { + "x-ms-examples": { + "Get an incident comment.": { + "$ref": "./examples/incidents/comments/GetIncidentCommentById.json" + } + }, + "tags": [ + "IncidentComments" + ], + "description": "Gets an incident comment.", + "operationId": "IncidentComments_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an incident comment.": { + "$ref": "./examples/incidents/comments/CreateIncidentComment.json" + } + }, + "tags": [ + "IncidentComments" + ], + "description": "Creates or updates the incident comment.", + "operationId": "IncidentComments_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + }, + { + "$ref": "#/parameters/IncidentComment" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete the incident comment.": { + "$ref": "./examples/incidents/comments/DeleteIncidentComment.json" + } + }, + "tags": [ + "IncidentComments" + ], + "description": "Delete the incident comment.", + "operationId": "IncidentComments_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities": { + "post": { + "x-ms-examples": { + "Gets all incident related entities": { + "$ref": "./examples/incidents/entities/GetAllIncidentEntities.json" + } + }, + "tags": [ + "IncidentEntities" + ], + "description": "Gets all incident related entities.", + "operationId": "Incidents_ListEntities", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentEntitiesResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations": { + "get": { + "x-ms-examples": { + "Get all incident relations.": { + "$ref": "./examples/incidents/relations/GetAllIncidentRelations.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Gets all incident relations.", + "operationId": "IncidentRelations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/RelationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-odata": "#/definitions/Relation", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}": { + "get": { + "x-ms-examples": { + "Get an incident relation.": { + "$ref": "./examples/incidents/relations/GetIncidentRelationByName.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Gets an incident relation.", + "operationId": "IncidentRelations_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an incident relation.": { + "$ref": "./examples/incidents/relations/CreateIncidentRelation.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Creates or updates the incident relation.", + "operationId": "IncidentRelations_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/RelationName" + }, + { + "$ref": "#/parameters/Relation" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Relation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete the incident relation.": { + "$ref": "./examples/incidents/relations/DeleteIncidentRelation.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Delete the incident relation.", + "operationId": "IncidentRelations_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "AccountEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an account entity.", + "properties": { + "properties": { + "$ref": "#/definitions/AccountEntityProperties", + "description": "Account entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Account" + }, + "AccountEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Account entity property bag.", + "properties": { + "aadTenantId": { + "description": "The Azure Active Directory tenant id.", + "readOnly": true, + "type": "string" + }, + "aadUserId": { + "description": "The Azure Active Directory user id.", + "readOnly": true, + "type": "string" + }, + "accountName": { + "description": "The name of the account. This field should hold only the name without any domain added to it, i.e. administrator.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name of the account.", + "readOnly": true, + "type": "string" + }, + "hostEntityId": { + "description": "The Host entity id that contains the account in case it is a local account (not domain joined)", + "readOnly": true, + "type": "string" + }, + "isDomainJoined": { + "description": "Determines whether this is a domain account.", + "readOnly": true, + "type": "boolean" + }, + "ntDomain": { + "description": "The NetBIOS domain name as it appears in the alert format domain\\username. Examples: NT AUTHORITY.", + "readOnly": true, + "type": "string" + }, + "objectGuid": { + "description": "The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory.", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "puid": { + "description": "The Azure Active Directory Passport User ID.", + "readOnly": true, + "type": "string" + }, + "sid": { + "description": "The account security identifier, e.g. S-1-5-18.", + "readOnly": true, + "type": "string" + }, + "upnSuffix": { + "description": "The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com.", + "readOnly": true, + "type": "string" + }, + "dnsDomain": { + "description": "The fully qualified domain DNS name.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "ActivityTimelineItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "description": "Represents Activity timeline item.", + "properties": { + "queryId": { + "type": "string", + "description": "The activity query id." + }, + "bucketStartTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The grouping bucket start time." + }, + "bucketEndTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The grouping bucket end time." + }, + "firstActivityTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The time of the first activity in the grouping bucket." + }, + "lastActivityTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The time of the last activity in the grouping bucket." + }, + "content": { + "type": "string", + "description": "The activity timeline content." + }, + "title": { + "type": "string", + "description": "The activity timeline title." + } + }, + "required": [ + "queryId", + "bucketStartTimeUTC", + "bucketEndTimeUTC", + "firstActivityTimeUTC", + "lastActivityTimeUTC", + "content", + "title" + ], + "type": "object", + "x-ms-discriminator-value": "Activity" + }, + "AlertSeverity": { + "description": "The severity of the alert", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertSeverity", + "values": [ + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "AttackTactic": { + "description": "The severity for alerts created by this alert rule.", + "enum": [ + "InitialAccess", + "Execution", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact", + "PreAttack" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AttackTactic" + } + }, + "AzureResourceEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an azure resource entity.", + "properties": { + "properties": { + "$ref": "#/definitions/AzureResourceEntityProperties", + "description": "AzureResource entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureResource" + }, + "AzureResourceEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "AzureResource entity property bag.", + "properties": { + "resourceId": { + "description": "The azure resource id of the resource", + "readOnly": true, + "type": "string" + }, + "subscriptionId": { + "description": "The subscription id of the resource", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "BookmarkTimelineItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "description": "Represents bookmark timeline item.", + "properties": { + "azureResourceId": { + "type": "string", + "description": "The bookmark azure resource id." + }, + "displayName": { + "type": "string", + "description": "The bookmark display name." + }, + "notes": { + "type": "string", + "description": "The notes of the bookmark" + }, + "endTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The bookmark end time." + }, + "startTimeUtc": { + "format": "date-time", + "type": "string", + "description": "TThe bookmark start time." + }, + "eventTime": { + "format": "date-time", + "type": "string", + "description": "The bookmark event time." + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the bookmark", + "type": "object" + }, + "labels": { + "description": "List of labels relevant to this bookmark", + "items": { + "$ref": "#/definitions/Label" + }, + "type": "array" + } + }, + "required": [ + "azureResourceId" + ], + "type": "object", + "x-ms-discriminator-value": "Bookmark" + }, + "ClientInfo": { + "description": "Information on the client (user or application) that made some action", + "properties": { + "email": { + "description": "The email of the client.", + "type": "string" + }, + "name": { + "description": "The name of the client.", + "type": "string" + }, + "objectId": { + "description": "The object id of the client.", + "format": "uuid", + "type": "string" + }, + "userPrincipalName": { + "description": "The user principal name of the client.", + "type": "string" + } + }, + "type": "object" + }, + "CloudApplicationEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a cloud application entity.", + "properties": { + "properties": { + "$ref": "#/definitions/CloudApplicationEntityProperties", + "description": "CloudApplication entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "CloudApplication" + }, + "CloudApplicationEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "CloudApplication entity property bag.", + "properties": { + "appId": { + "description": "The technical identifier of the application.", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "appName": { + "description": "The name of the related cloud application.", + "readOnly": true, + "type": "string" + }, + "instanceName": { + "description": "The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "DnsEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a dns entity.", + "properties": { + "properties": { + "$ref": "#/definitions/DnsEntityProperties", + "description": "Dns entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "DnsResolution" + }, + "DnsEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Dns entity property bag.", + "properties": { + "dnsServerIpEntityId": { + "description": "An ip entity id for the dns server resolving the request", + "readOnly": true, + "type": "string" + }, + "domainName": { + "description": "The name of the dns record associated with the alert", + "readOnly": true, + "type": "string" + }, + "hostIpAddressEntityId": { + "description": "An ip entity id for the dns request client", + "readOnly": true, + "type": "string" + }, + "ipAddressEntityIds": { + "description": "Ip entity identifiers for the resolved ip address.", + "items": { + "description": "Ip entity id", + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "Entity": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/Resource" + } + ], + "properties": { + "kind": { + "$ref": "#/definitions/EntityInnerKind", + "description": "The kind of the entity." + } + }, + "description": "Specific entity.", + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "EntityCommonProperties": { + "description": "Entity common property bag.", + "properties": { + "additionalData": { + "additionalProperties": { + "type": "object" + }, + "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", + "readOnly": true, + "type": "object" + }, + "friendlyName": { + "description": "The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "EntityInnerKind": { + "description": "The kind of the entity", + "enum": [ + "Account", + "Host", + "File", + "AzureResource", + "CloudApplication", + "DnsResolution", + "FileHash", + "Ip", + "Malware", + "Process", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "Url", + "IoTDevice", + "SecurityAlert", + "Bookmark", + "Mailbox", + "MailCluster", + "MailMessage", + "SubmissionMail" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityKind", + "values": [ + { + "description": "Entity represents account in the system.", + "value": "Account" + }, + { + "description": "Entity represents host in the system.", + "value": "Host" + }, + { + "description": "Entity represents file in the system.", + "value": "File" + }, + { + "description": "Entity represents azure resource in the system.", + "value": "AzureResource" + }, + { + "description": "Entity represents cloud application in the system.", + "value": "CloudApplication" + }, + { + "description": "Entity represents dns resolution in the system.", + "value": "DnsResolution" + }, + { + "description": "Entity represents file hash in the system.", + "value": "FileHash" + }, + { + "description": "Entity represents ip in the system.", + "value": "Ip" + }, + { + "description": "Entity represents malware in the system.", + "value": "Malware" + }, + { + "description": "Entity represents process in the system.", + "value": "Process" + }, + { + "description": "Entity represents registry key in the system.", + "value": "RegistryKey" + }, + { + "description": "Entity represents registry value in the system.", + "value": "RegistryValue" + }, + { + "description": "Entity represents security group in the system.", + "value": "SecurityGroup" + }, + { + "description": "Entity represents url in the system.", + "value": "Url" + }, + { + "description": "Entity represents IoT device in the system.", + "value": "IoTDevice" + }, + { + "description": "Entity represents security alert in the system.", + "value": "SecurityAlert" + }, + { + "description": "Entity represents bookmark in the system.", + "value": "Bookmark" + }, + { + "description": "Entity represents mail cluster in the system.", + "value": "MailCluster" + }, + { + "description": "Entity represents mail message in the system.", + "value": "MailMessage" + }, + { + "description": "Entity represents mailbox in the system.", + "value": "Mailbox" + }, + { + "description": "Entity represents submission mail in the system.", + "value": "SubmissionMail" + } + ] + } + }, + "EntityTimelineItem": { + "description": "Entity timeline Item.", + "discriminator": "kind", + "type": "object", + "properties": { + "kind": { + "$ref": "#/definitions/EntityTimelineKind", + "description": "The entity query kind type." + } + }, + "required": [ + "kind" + ] + }, + "EntityTimelineKind": { + "description": "The entity query kind", + "enum": [ + "Activity", + "Bookmark", + "SecurityAlert" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityTimelineKind", + "values": [ + { + "description": "activity", + "value": "Activity" + }, + { + "description": "bookmarks", + "value": "Bookmark" + }, + { + "description": "security alerts", + "value": "SecurityAlert" + } + ] + } + }, + "FileEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a file entity.", + "properties": { + "properties": { + "$ref": "#/definitions/FileEntityProperties", + "description": "File entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "File" + }, + "FileEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "File entity property bag.", + "properties": { + "directory": { + "description": "The full path to the file.", + "readOnly": true, + "type": "string" + }, + "fileHashEntityIds": { + "description": "The file hash entity identifiers associated with this file", + "items": { + "description": "file hash id", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "fileName": { + "description": "The file name without path (some alerts might not include path).", + "readOnly": true, + "type": "string" + }, + "hostEntityId": { + "description": "The Host entity id which the file belongs to", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "FileHashEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a file hash entity.", + "properties": { + "properties": { + "$ref": "#/definitions/FileHashEntityProperties", + "description": "FileHash entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "FileHash" + }, + "FileHashEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "FileHash entity property bag.", + "properties": { + "algorithm": { + "description": "The hash algorithm type.", + "enum": [ + "Unknown", + "MD5", + "SHA1", + "SHA256", + "SHA256AC" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "FileHashAlgorithm", + "values": [ + { + "description": "Unknown hash algorithm", + "value": "Unknown" + }, + { + "description": "MD5 hash type", + "value": "MD5" + }, + { + "description": "SHA1 hash type", + "value": "SHA1" + }, + { + "description": "SHA256 hash type", + "value": "SHA256" + }, + { + "description": "SHA256 Authenticode hash type", + "value": "SHA256AC" + } + ] + } + }, + "hashValue": { + "description": "The file hash value.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "GeoLocation": { + "description": "The geo-location context attached to the ip entity", + "properties": { + "asn": { + "description": "Autonomous System Number", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "city": { + "description": "City name", + "readOnly": true, + "type": "string" + }, + "countryCode": { + "description": "The country code according to ISO 3166 format", + "readOnly": true, + "type": "string" + }, + "countryName": { + "description": "Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name", + "readOnly": true, + "type": "string" + }, + "latitude": { + "description": "The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code.", + "format": "double", + "readOnly": true, + "type": "number" + }, + "longitude": { + "description": "The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code.", + "format": "double", + "readOnly": true, + "type": "number" + }, + "state": { + "description": "State name", + "readOnly": true, + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "HostEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a host entity.", + "properties": { + "properties": { + "$ref": "#/definitions/HostEntityProperties", + "description": "Host entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Host" + }, + "HostEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Host entity property bag.", + "properties": { + "azureID": { + "description": "The azure resource id of the VM.", + "readOnly": true, + "type": "string" + }, + "dnsDomain": { + "description": "The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain", + "readOnly": true, + "type": "string" + }, + "hostName": { + "description": "The hostname without the domain suffix.", + "readOnly": true, + "type": "string" + }, + "isDomainJoined": { + "description": "Determines whether this host belongs to a domain.", + "readOnly": true, + "type": "boolean" + }, + "netBiosName": { + "description": "The host name (pre-windows2000).", + "readOnly": true, + "type": "string" + }, + "ntDomain": { + "description": "The NT domain that this host belongs to.", + "readOnly": true, + "type": "string" + }, + "omsAgentID": { + "description": "The OMS agent id, if the host has OMS agent installed.", + "readOnly": true, + "type": "string" + }, + "osFamily": { + "description": "The operating system type.", + "enum": [ + "Linux", + "Windows", + "Android", + "IOS", + "Unknown" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "OSFamily", + "values": [ + { + "description": "Host with Linux operating system.", + "value": "Linux" + }, + { + "description": "Host with Windows operating system.", + "value": "Windows" + }, + { + "description": "Host with Android operating system.", + "value": "Android" + }, + { + "description": "Host with IOS operating system.", + "value": "IOS" + }, + { + "description": "Host with Unknown operating system.", + "value": "Unknown" + } + ] + } + }, + "osVersion": { + "description": "A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "HuntingBookmark": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a Hunting bookmark entity.", + "properties": { + "properties": { + "$ref": "#/definitions/HuntingBookmarkProperties", + "description": "HuntingBookmark entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Bookmark" + }, + "HuntingBookmarkProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Describes bookmark properties", + "properties": { + "created": { + "description": "The time the bookmark was created", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the bookmark", + "type": "object" + }, + "displayName": { + "description": "The display name of the bookmark", + "type": "string" + }, + "eventTime": { + "description": "The time of the event", + "format": "date-time", + "type": "string" + }, + "labels": { + "description": "List of labels relevant to this bookmark", + "items": { + "$ref": "#/definitions/Label" + }, + "type": "array" + }, + "notes": { + "description": "The notes of the bookmark", + "type": "string" + }, + "query": { + "description": "The query of the bookmark.", + "type": "string" + }, + "queryResult": { + "description": "The query result of the bookmark.", + "type": "string" + }, + "updated": { + "description": "The last time the bookmark was updated", + "format": "date-time", + "type": "string" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the bookmark", + "type": "object" + }, + "incidentInfo": { + "$ref": "#/definitions/IncidentInfo", + "description": "Describes an incident that relates to bookmark", + "type": "object" + } + }, + "required": [ + "displayName", + "query" + ], + "type": "object" + }, + "Incident": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents an incident in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/IncidentProperties", + "description": "Incident properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "IncidentAdditionalData": { + "description": "Incident additional data property bag.", + "properties": { + "alertsCount": { + "description": "The number of alerts in the incident", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "bookmarksCount": { + "description": "The number of bookmarks in the incident", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "commentsCount": { + "description": "The number of comments in the incident", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "alertProductNames": { + "description": "List of product names of alerts in the incident", + "items": { + "description": "Alert product name", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "tactics": { + "description": "The tactics associated with incident", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "IncidentAlertList": { + "description": "List of incident alerts.", + "properties": { + "value": { + "description": "Array of incident alerts.", + "type": "array", + "items": { + "$ref": "#/definitions/SecurityAlert" + } + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "IncidentBookmarkList": { + "description": "List of incident bookmarks.", + "properties": { + "value": { + "description": "Array of incident bookmarks.", + "type": "array", + "items": { + "$ref": "#/definitions/HuntingBookmark" + } + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "IncidentComment": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents an incident comment", + "properties": { + "properties": { + "$ref": "#/definitions/IncidentCommentProperties", + "description": "Incident comment properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "IncidentCommentList": { + "description": "List of incident comments.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of comments.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of comments.", + "items": { + "$ref": "#/definitions/IncidentComment" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "IncidentCommentProperties": { + "description": "Incident comment property bag.", + "properties": { + "createdTimeUtc": { + "description": "The time the comment was created", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "lastModifiedTimeUtc": { + "description": "The time the comment was updated", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "message": { + "description": "The comment message", + "type": "string" + }, + "author": { + "$ref": "#/definitions/ClientInfo", + "description": "Describes the client that created the comment", + "readOnly": true, + "type": "object" + } + }, + "required": [ + "message" + ], + "type": "object" + }, + "IncidentEntitiesResponse": { + "description": "The incident related entities response.", + "properties": { + "entities": { + "description": "Array of the incident related entities.", + "type": "array", + "items": { + "$ref": "#/definitions/Entity" + } + }, + "metaData": { + "description": "The metadata from the incident related entities results.", + "type": "array", + "items": { + "$ref": "#/definitions/IncidentEntitiesResultsMetadata" + } + } + }, + "type": "object" + }, + "IncidentEntitiesResultsMetadata": { + "description": "Information of a specific aggregation in the incident related entities result.", + "properties": { + "count": { + "description": "Total number of aggregations of the given kind in the incident related entities result.", + "type": "integer", + "format": "int32" + }, + "entityKind": { + "$ref": "#/definitions/EntityInnerKind", + "description": "The kind of the aggregated entity." + } + }, + "required": [ + "entityKind", + "count" + ], + "type": "object" + }, + "IncidentInfo": { + "description": "Describes related incident information for the bookmark", + "properties": { + "incidentId": { + "description": "Incident Id", + "type": "string" + }, + "severity": { + "description": "The severity of the incident", + "enum": [ + "Critical", + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "CaseSeverity", + "values": [ + { + "description": "Critical severity", + "value": "Critical" + }, + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "teamInformation": { + "$ref": "#/definitions/TeamInformation", + "description": "Describes a team for the incident", + "type": "object" + }, + "title": { + "description": "The title of the incident", + "type": "string" + }, + "relationName": { + "description": "Relation Name", + "type": "string" + } + }, + "type": "object" + }, + "IncidentLabel": { + "description": "Represents an incident label", + "properties": { + "labelName": { + "description": "The name of the label", + "type": "string" + }, + "labelType": { + "description": "The type of the label", + "enum": [ + "User", + "System" + ], + "type": "string", + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentLabelType", + "values": [ + { + "description": "Label manually created by a user", + "value": "User" + }, + { + "description": "Label automatically created by the system", + "value": "System" + } + ] + } + } + }, + "required": [ + "labelName" + ], + "type": "object" + }, + "IncidentList": { + "description": "List all the incidents.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of incidents.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of incidents.", + "items": { + "$ref": "#/definitions/Incident" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "IncidentOwnerInfo": { + "description": "Information on the user an incident is assigned to", + "properties": { + "email": { + "description": "The email of the user the incident is assigned to.", + "type": "string" + }, + "assignedTo": { + "description": "The name of the user the incident is assigned to.", + "type": "string" + }, + "objectId": { + "description": "The object id of the user the incident is assigned to.", + "format": "uuid", + "type": "string" + }, + "userPrincipalName": { + "description": "The user principal name of the user the incident is assigned to.", + "type": "string" + }, + "ownerType": { + "readOnly": true, + "description": "The type of the owner the incident is assigned to.", + "type": "string", + "enum": [ + "Unknown", + "User", + "Group" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "OwnerType", + "values": [ + { + "description": "The incident owner type is unknown", + "value": "Unknown" + }, + { + "description": "The incident owner type is an AAD user", + "value": "User" + }, + { + "description": "The incident owner type is an AAD group", + "value": "Group" + } + ] + } + } + }, + "type": "object" + }, + "IncidentProperties": { + "description": "Describes incident properties", + "properties": { + "additionalData": { + "$ref": "#/definitions/IncidentAdditionalData", + "description": "Additional data on the incident", + "readOnly": true, + "type": "object" + }, + "classification": { + "description": "The reason the incident was closed", + "enum": [ + "Undetermined", + "TruePositive", + "BenignPositive", + "FalsePositive" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentClassification", + "values": [ + { + "description": "Incident classification was undetermined", + "value": "Undetermined" + }, + { + "description": "Incident was true positive", + "value": "TruePositive" + }, + { + "description": "Incident was benign positive", + "value": "BenignPositive" + }, + { + "description": "Incident was false positive", + "value": "FalsePositive" + } + ] + } + }, + "classificationComment": { + "description": "Describes the reason the incident was closed", + "type": "string" + }, + "classificationReason": { + "description": "The classification reason the incident was closed with", + "enum": [ + "SuspiciousActivity", + "SuspiciousButExpected", + "IncorrectAlertLogic", + "InaccurateData" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentClassificationReason", + "values": [ + { + "description": "Classification reason was suspicious activity", + "value": "SuspiciousActivity" + }, + { + "description": "Classification reason was suspicious but expected", + "value": "SuspiciousButExpected" + }, + { + "description": "Classification reason was incorrect alert logic", + "value": "IncorrectAlertLogic" + }, + { + "description": "Classification reason was inaccurate data", + "value": "InaccurateData" + } + ] + } + }, + "createdTimeUtc": { + "description": "The time the incident was created", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the incident", + "type": "string" + }, + "firstActivityTimeUtc": { + "description": "The time of the first activity in the incident", + "format": "date-time", + "type": "string" + }, + "incidentUrl": { + "description": "The deep-link url to the incident in Azure portal", + "readOnly": true, + "type": "string" + }, + "incidentNumber": { + "description": "A sequential number", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "labels": { + "description": "List of labels relevant to this incident", + "items": { + "$ref": "#/definitions/IncidentLabel" + }, + "type": "array" + }, + "providerName": { + "description": "The name of the source provider that generated the incident", + "type": "string" + }, + "providerIncidentId": { + "description": "The incident ID assigned by the incident provider", + "type": "string" + }, + "lastActivityTimeUtc": { + "description": "The time of the last activity in the incident", + "format": "date-time", + "type": "string" + }, + "lastModifiedTimeUtc": { + "description": "The last time the incident was updated", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "owner": { + "$ref": "#/definitions/IncidentOwnerInfo", + "description": "Describes a user that the incident is assigned to", + "type": "object" + }, + "relatedAnalyticRuleIds": { + "description": "List of resource ids of Analytic rules related to the incident", + "items": { + "description": "Related Analytic rule resource id", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "severity": { + "description": "The severity of the incident", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentSeverity", + "values": [ + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "status": { + "description": "The status of the incident", + "enum": [ + "New", + "Active", + "Closed" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentStatus", + "values": [ + { + "description": "An active incident which isn't being handled currently", + "value": "New" + }, + { + "description": "An active incident which is being handled", + "value": "Active" + }, + { + "description": "A non-active incident", + "value": "Closed" + } + ] + } + }, + "title": { + "description": "The title of the incident", + "type": "string" + } + }, + "required": [ + "title", + "severity", + "status" + ], + "type": "object" + }, + "IoTDeviceEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an IoT device entity.", + "properties": { + "properties": { + "$ref": "#/definitions/IoTDeviceEntityProperties", + "description": "IoTDevice entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "IoTDevice" + }, + "IoTDeviceEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "IoTDevice entity property bag.", + "properties": { + "deviceId": { + "description": "The ID of the IoT Device in the IoT Hub", + "readOnly": true, + "type": "string" + }, + "deviceName": { + "description": "The friendly name of the device", + "readOnly": true, + "type": "string" + }, + "source": { + "description": "The source of the device", + "readOnly": true, + "type": "string" + }, + "iotSecurityAgentId": { + "description": "The ID of the security agent running on the device", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "deviceType": { + "description": "The type of the device", + "readOnly": true, + "type": "string" + }, + "vendor": { + "description": "The vendor of the device", + "readOnly": true, + "type": "string" + }, + "edgeId": { + "description": "The ID of the edge device", + "readOnly": true, + "type": "string" + }, + "macAddress": { + "description": "The MAC address of the device", + "readOnly": true, + "type": "string" + }, + "model": { + "description": "The model of the device", + "readOnly": true, + "type": "string" + }, + "serialNumber": { + "description": "The serial number of the device", + "readOnly": true, + "type": "string" + }, + "firmwareVersion": { + "description": "The firmware version of the device", + "readOnly": true, + "type": "string" + }, + "operatingSystem": { + "description": "The operating system of the device", + "readOnly": true, + "type": "string" + }, + "iotHubEntityId": { + "description": "The AzureResource entity id of the IoT Hub", + "readOnly": true, + "type": "string" + }, + "hostEntityId": { + "description": "The Host entity id of this device", + "readOnly": true, + "type": "string" + }, + "ipAddressEntityId": { + "description": "The IP entity if of this device", + "readOnly": true, + "type": "string" + }, + "threatIntelligence": { + "description": "A list of TI contexts attached to the IoTDevice entity.", + "items": { + "$ref": "#/definitions/ThreatIntelligence" + }, + "readOnly": true, + "type": "array" + }, + "protocols": { + "description": "A list of protocols of the IoTDevice entity.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "IpEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an ip entity.", + "properties": { + "properties": { + "$ref": "#/definitions/IpEntityProperties", + "description": "Ip entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Ip" + }, + "IpEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Ip entity property bag.", + "properties": { + "address": { + "description": "The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)", + "readOnly": true, + "type": "string" + }, + "location": { + "$ref": "#/definitions/GeoLocation", + "description": "The geo-location context attached to the ip entity" + }, + "threatIntelligence": { + "description": "A list of TI contexts attached to the ip entity.", + "items": { + "$ref": "#/definitions/ThreatIntelligence" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "Label": { + "description": "Label that will be used to tag and filter on.", + "type": "string" + }, + "MailboxEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a mailbox entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailboxEntityProperties", + "description": "Mailbox entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Mailbox" + }, + "MailboxEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Mailbox entity property bag.", + "properties": { + "mailboxPrimaryAddress": { + "description": "The mailbox's primary address", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The mailbox's display name", + "readOnly": true, + "type": "string" + }, + "upn": { + "description": "The mailbox's UPN", + "readOnly": true, + "type": "string" + }, + "externalDirectoryObjectId": { + "description": "The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox object on office side", + "format": "uuid", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "MailClusterEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a mail cluster entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailClusterEntityProperties", + "description": "Mail cluster entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MailCluster" + }, + "MailClusterEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Mail cluster entity property bag.", + "properties": { + "networkMessageIds": { + "description": "The mail message IDs that are part of the mail cluster", + "items": { + "description": "A mail message ID", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "countByDeliveryStatus": { + "description": "Count of mail messages by DeliveryStatus string representation", + "readOnly": true, + "type": "object" + }, + "countByThreatType": { + "description": "Count of mail messages by ThreatType string representation", + "readOnly": true, + "type": "object" + }, + "countByProtectionStatus": { + "description": "Count of mail messages by ProtectionStatus string representation", + "readOnly": true, + "type": "object" + }, + "threats": { + "description": "The threats of mail messages that are part of the mail cluster", + "items": { + "description": "A threat", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "query": { + "description": "The query that was used to identify the messages of the mail cluster", + "readOnly": true, + "type": "string" + }, + "queryTime": { + "description": "The query time", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "mailCount": { + "description": "The number of mail messages that are part of the mail cluster", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "isVolumeAnomaly": { + "description": "Is this a volume anomaly mail cluster", + "readOnly": true, + "type": "boolean" + }, + "source": { + "description": "The source of the mail cluster (default is 'O365 ATP')", + "readOnly": true, + "type": "string" + }, + "clusterSourceIdentifier": { + "description": "The id of the cluster source", + "readOnly": true, + "type": "string" + }, + "clusterSourceType": { + "description": "The type of the cluster source", + "readOnly": true, + "type": "string" + }, + "clusterQueryStartTime": { + "description": "The cluster query start time", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "clusterQueryEndTime": { + "description": "The cluster query end time", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "clusterGroup": { + "description": "The cluster group", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "MailMessageEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a mail message entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailMessageEntityProperties", + "description": "Mail message entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MailMessage" + }, + "MailMessageEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Mail message entity property bag.", + "properties": { + "fileEntityIds": { + "description": "The File entity ids of this mail message's attachments", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "recipient": { + "description": "The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and each copy has one recipient", + "readOnly": true, + "type": "string" + }, + "urls": { + "description": "The Urls contained in this mail message", + "items": { + "description": "A Url contained in this mail message", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "threats": { + "description": "The threats of this mail message", + "items": { + "description": "A threat of the mail message", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "p1Sender": { + "description": "The p1 sender's email address", + "readOnly": true, + "type": "string" + }, + "p1SenderDisplayName": { + "description": "The p1 sender's display name", + "readOnly": true, + "type": "string" + }, + "p1SenderDomain": { + "description": "The p1 sender's domain", + "readOnly": true, + "type": "string" + }, + "senderIP": { + "description": "The sender's IP address", + "readOnly": true, + "type": "string" + }, + "p2Sender": { + "description": "The p2 sender's email address", + "readOnly": true, + "type": "string" + }, + "p2SenderDisplayName": { + "description": "The p2 sender's display name", + "readOnly": true, + "type": "string" + }, + "p2SenderDomain": { + "description": "The p2 sender's domain", + "readOnly": true, + "type": "string" + }, + "receiveDate": { + "description": "The receive date of this message", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "networkMessageId": { + "description": "The network message id of this mail message", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "internetMessageId": { + "description": "The internet message id of this mail message", + "readOnly": true, + "type": "string" + }, + "subject": { + "description": "The subject of this mail message", + "readOnly": true, + "type": "string" + }, + "language": { + "description": "The language of this mail message", + "readOnly": true, + "type": "string" + }, + "threatDetectionMethods": { + "description": "The threat detection methods", + "items": { + "description": "A threat detection method", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "bodyFingerprintBin1": { + "description": "The bodyFingerprintBin1", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin2": { + "description": "The bodyFingerprintBin2", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin3": { + "description": "The bodyFingerprintBin3", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin4": { + "description": "The bodyFingerprintBin4", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin5": { + "description": "The bodyFingerprintBin5", + "type": "integer", + "format": "int32" + }, + "antispamDirection": { + "description": "The directionality of this mail message", + "enum": [ + "Unknown", + "Inbound", + "Outbound", + "Intraorg" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AntispamMailDirection", + "values": [ + { + "description": "Unknown", + "value": "Unknown" + }, + { + "description": "Inbound", + "value": "Inbound" + }, + { + "description": "Outbound", + "value": "Outbound" + }, + { + "description": "Intraorg", + "value": "Intraorg" + } + ] + } + }, + "deliveryAction": { + "description": "The delivery action of this mail message like Delivered, Blocked, Replaced etc", + "enum": [ + "Unknown", + "DeliveredAsSpam", + "Delivered", + "Blocked", + "Replaced" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "DeliveryAction", + "values": [ + { + "description": "Unknown", + "value": "Unknown" + }, + { + "description": "DeliveredAsSpam", + "value": "DeliveredAsSpam" + }, + { + "description": "Delivered", + "value": "Delivered" + }, + { + "description": "Blocked", + "value": "Blocked" + }, + { + "description": "Replaced", + "value": "Replaced" + } + ] + } + }, + "deliveryLocation": { + "description": "The delivery location of this mail message like Inbox, JunkFolder etc", + "enum": [ + "Unknown", + "Inbox", + "JunkFolder", + "DeletedFolder", + "Quarantine", + "External", + "Failed", + "Dropped", + "Forwarded" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "DeliveryLocation", + "values": [ + { + "description": "Unknown", + "value": "Unknown" + }, + { + "description": "Inbox", + "value": "Inbox" + }, + { + "description": "JunkFolder", + "value": "JunkFolder" + }, + { + "description": "DeletedFolder", + "value": "DeletedFolder" + }, + { + "description": "Quarantine", + "value": "Quarantine" + }, + { + "description": "External", + "value": "External" + }, + { + "description": "Failed", + "value": "Failed" + }, + { + "description": "Dropped", + "value": "Dropped" + }, + { + "description": "Forwarded", + "value": "Forwarded" + } + ] + } + } + }, + "type": "object" + }, + "MalwareEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a malware entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MalwareEntityProperties", + "description": "File entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Malware" + }, + "MalwareEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Malware entity property bag.", + "properties": { + "category": { + "description": "The malware category by the vendor, e.g. Trojan", + "readOnly": true, + "type": "string" + }, + "fileEntityIds": { + "description": "List of linked file entity identifiers on which the malware was found", + "items": { + "description": "file entity id", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "malwareName": { + "description": "The malware name by the vendor, e.g. Win32/Toga!rfn", + "readOnly": true, + "type": "string" + }, + "processEntityIds": { + "description": "List of linked process entity identifiers on which the malware was found.", + "items": { + "description": "process entity id", + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "ProcessEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a process entity.", + "properties": { + "properties": { + "$ref": "#/definitions/ProcessEntityProperties", + "description": "Process entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Process" + }, + "ProcessEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Process entity property bag.", + "properties": { + "accountEntityId": { + "description": "The account entity id running the processes.", + "readOnly": true, + "type": "string" + }, + "commandLine": { + "description": "The command line used to create the process", + "readOnly": true, + "type": "string" + }, + "creationTimeUtc": { + "description": "The time when the process started to run", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "elevationToken": { + "description": "The elevation token associated with the process.", + "enum": [ + "Default", + "Full", + "Limited" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "ElevationToken", + "values": [ + { + "description": "Default elevation token", + "value": "Default" + }, + { + "description": "Full elevation token", + "value": "Full" + }, + { + "description": "Limited elevation token", + "value": "Limited" + } + ] + } + }, + "hostEntityId": { + "description": "The host entity id on which the process was running", + "readOnly": true, + "type": "string" + }, + "hostLogonSessionEntityId": { + "description": "The session entity id in which the process was running", + "readOnly": true, + "type": "string" + }, + "imageFileEntityId": { + "description": "Image file entity id", + "readOnly": true, + "type": "string" + }, + "parentProcessEntityId": { + "description": "The parent process entity id.", + "readOnly": true, + "type": "string" + }, + "processId": { + "description": "The process ID", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "RegistryKeyEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a registry key entity.", + "properties": { + "properties": { + "$ref": "#/definitions/RegistryKeyEntityProperties", + "description": "RegistryKey entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "RegistryKey" + }, + "RegistryKeyEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "RegistryKey entity property bag.", + "properties": { + "hive": { + "description": "the hive that holds the registry key.", + "enum": [ + "HKEY_LOCAL_MACHINE", + "HKEY_CLASSES_ROOT", + "HKEY_CURRENT_CONFIG", + "HKEY_USERS", + "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "HKEY_PERFORMANCE_DATA", + "HKEY_PERFORMANCE_NLSTEXT", + "HKEY_PERFORMANCE_TEXT", + "HKEY_A", + "HKEY_CURRENT_USER" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "RegistryHive", + "values": [ + { + "description": "HKEY_LOCAL_MACHINE", + "value": "HKEY_LOCAL_MACHINE" + }, + { + "description": "HKEY_CLASSES_ROOT", + "value": "HKEY_CLASSES_ROOT" + }, + { + "description": "HKEY_CURRENT_CONFIG", + "value": "HKEY_CURRENT_CONFIG" + }, + { + "description": "HKEY_USERS", + "value": "HKEY_USERS" + }, + { + "description": "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "value": "HKEY_CURRENT_USER_LOCAL_SETTINGS" + }, + { + "description": "HKEY_PERFORMANCE_DATA", + "value": "HKEY_PERFORMANCE_DATA" + }, + { + "description": "HKEY_PERFORMANCE_NLSTEXT", + "value": "HKEY_PERFORMANCE_NLSTEXT" + }, + { + "description": "HKEY_PERFORMANCE_TEXT", + "value": "HKEY_PERFORMANCE_TEXT" + }, + { + "description": "HKEY_A", + "value": "HKEY_A" + }, + { + "description": "HKEY_CURRENT_USER", + "value": "HKEY_CURRENT_USER" + } + ] + } + }, + "key": { + "description": "The registry key path.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "RegistryValueEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a registry value entity.", + "properties": { + "properties": { + "$ref": "#/definitions/RegistryValueEntityProperties", + "description": "RegistryKey entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "RegistryValue" + }, + "RegistryValueEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "RegistryValue entity property bag.", + "properties": { + "keyEntityId": { + "description": "The registry key entity id.", + "readOnly": true, + "type": "string" + }, + "valueData": { + "description": "String formatted representation of the value data.", + "readOnly": true, + "type": "string" + }, + "valueName": { + "description": "The registry value name.", + "readOnly": true, + "type": "string" + }, + "valueType": { + "description": "Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry.", + "enum": [ + "None", + "Unknown", + "String", + "ExpandString", + "Binary", + "DWord", + "MultiString", + "QWord" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "RegistryValueKind", + "values": [ + { + "description": "None", + "value": "None" + }, + { + "description": "Unknown value type", + "value": "Unknown" + }, + { + "description": "String value type", + "value": "String" + }, + { + "description": "ExpandString value type", + "value": "ExpandString" + }, + { + "description": "Binary value type", + "value": "Binary" + }, + { + "description": "DWord value type", + "value": "DWord" + }, + { + "description": "MultiString value type", + "value": "MultiString" + }, + { + "description": "QWord value type", + "value": "QWord" + } + ] + } + } + }, + "type": "object" + }, + "Relation": { + "type": "object", + "description": "Represents a relation between two resources", + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/RelationProperties", + "description": "Relation properties", + "x-ms-client-flatten": true + } + } + }, + "RelationList": { + "description": "List of relations.", + "properties": { + "nextLink": { + "readOnly": true, + "description": "URL to fetch the next set of relations.", + "type": "string" + }, + "value": { + "description": "Array of relations.", + "type": "array", + "items": { + "$ref": "#/definitions/Relation" + } + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "RelationProperties": { + "description": "Relation property bag.", + "properties": { + "relatedResourceId": { + "description": "The resource ID of the related resource", + "type": "string" + }, + "relatedResourceName": { + "description": "The name of the related resource", + "readOnly": true, + "type": "string" + }, + "relatedResourceType": { + "description": "The resource type of the related resource", + "readOnly": true, + "type": "string" + }, + "relatedResourceKind": { + "description": "The resource kind of the related resource", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "relatedResourceId" + ], + "type": "object" + }, + "SecurityAlert": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a security alert entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SecurityAlertProperties", + "description": "SecurityAlert entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SecurityAlert" + }, + "SecurityAlertProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "SecurityAlert entity property bag.", + "properties": { + "alertDisplayName": { + "description": "The display name of the alert.", + "readOnly": true, + "type": "string" + }, + "alertType": { + "description": "The type name of the alert.", + "readOnly": true, + "type": "string" + }, + "compromisedEntity": { + "description": "Display name of the main entity being reported on.", + "readOnly": true, + "type": "string" + }, + "confidenceLevel": { + "description": "The confidence level of this alert.", + "enum": [ + "Unknown", + "Low", + "High" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ConfidenceLevel", + "values": [ + { + "description": "Unknown confidence, the is the default value", + "value": "Unknown" + }, + { + "description": "Low confidence, meaning we have some doubts this is indeed malicious or part of an attack", + "value": "Low" + }, + { + "description": "High confidence that the alert is true positive malicious", + "value": "High" + } + ] + } + }, + "confidenceReasons": { + "description": "The confidence reasons", + "items": { + "description": "confidence reason item", + "properties": { + "reason": { + "description": "The reason's description", + "readOnly": true, + "type": "string" + }, + "reasonType": { + "description": "The type (category) of the reason", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "readOnly": true, + "type": "array" + }, + "confidenceScore": { + "description": "The confidence score of the alert.", + "format": "double", + "readOnly": true, + "type": "number" + }, + "confidenceScoreStatus": { + "description": "The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final.", + "enum": [ + "NotApplicable", + "InProcess", + "NotFinal", + "Final" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ConfidenceScoreStatus", + "values": [ + { + "description": "Score will not be calculated for this alert as it is not supported by virtual analyst", + "value": "NotApplicable" + }, + { + "description": "No score was set yet and calculation is in progress", + "value": "InProcess" + }, + { + "description": "Score is calculated and shown as part of the alert, but may be updated again at a later time following the processing of additional data", + "value": "NotFinal" + }, + { + "description": "Final score was calculated and available", + "value": "Final" + } + ] + } + }, + "description": { + "description": "Alert description.", + "readOnly": true, + "type": "string" + }, + "endTimeUtc": { + "description": "The impact end time of the alert (the time of the last event contributing to the alert).", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "intent": { + "description": "Holds the alert intent stage(s) mapping for this alert.", + "enum": [ + "Unknown", + "Probing", + "Exploitation", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Execution", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "KillChainIntent", + "values": [ + { + "description": "The default value.", + "value": "Unknown" + }, + { + "description": "Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in.", + "value": "Probing" + }, + { + "description": "Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage.", + "value": "Exploitation" + }, + { + "description": "Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access.", + "value": "Persistence" + }, + { + "description": "Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege.", + "value": "PrivilegeEscalation" + }, + { + "description": "Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. ", + "value": "DefenseEvasion" + }, + { + "description": "Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment.", + "value": "CredentialAccess" + }, + { + "description": "Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must orient themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase.", + "value": "Discovery" + }, + { + "description": "Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect.", + "value": "LateralMovement" + }, + { + "description": "The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network.", + "value": "Execution" + }, + { + "description": "Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", + "value": "Collection" + }, + { + "description": "Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", + "value": "Exfiltration" + }, + { + "description": "The command and control tactic represents how adversaries communicate with systems under their control within a target network.", + "value": "CommandAndControl" + }, + { + "description": "The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others.", + "value": "Impact" + } + ] + } + }, + "providerAlertId": { + "description": "The identifier of the alert inside the product which generated the alert.", + "readOnly": true, + "type": "string" + }, + "processingEndTime": { + "description": "The time the alert was made available for consumption.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "productComponentName": { + "description": "The name of a component inside the product which generated the alert.", + "readOnly": true, + "type": "string" + }, + "productName": { + "description": "The name of the product which published this alert.", + "readOnly": true, + "type": "string" + }, + "productVersion": { + "description": "The version of the product generating the alert.", + "readOnly": true, + "type": "string" + }, + "remediationSteps": { + "description": "Manual action items to take to remediate the alert.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity of the alert" + }, + "startTimeUtc": { + "description": "The impact start time of the alert (the time of the first event contributing to the alert).", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "status": { + "description": "The lifecycle status of the alert.", + "enum": [ + "Unknown", + "New", + "Resolved", + "Dismissed", + "InProgress" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertStatus", + "values": [ + { + "description": "Unknown value", + "value": "Unknown" + }, + { + "description": "New alert", + "value": "New" + }, + { + "description": "Alert closed after handling", + "value": "Resolved" + }, + { + "description": "Alert dismissed as false positive", + "value": "Dismissed" + }, + { + "description": "Alert is being handled", + "value": "InProgress" + } + ] + } + }, + "systemAlertId": { + "description": "Holds the product identifier of the alert for the product.", + "readOnly": true, + "type": "string" + }, + "tactics": { + "description": "The tactics of the alert", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + }, + "timeGenerated": { + "description": "The time the alert was generated.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "vendorName": { + "description": "The name of the vendor that raise the alert.", + "readOnly": true, + "type": "string" + }, + "alertLink": { + "description": "The uri link of the alert.", + "readOnly": true, + "type": "string" + }, + "resourceIdentifiers": { + "description": "The list of resource identifiers of the alert.", + "items": { + "type": "object" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "SecurityAlertTimelineItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "description": "Represents security alert timeline item.", + "properties": { + "azureResourceId": { + "type": "string", + "description": "The alert azure resource id." + }, + "productName": { + "type": "string", + "description": "The alert product name." + }, + "description": { + "type": "string", + "description": "The alert description." + }, + "displayName": { + "type": "string", + "description": "The alert name." + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The alert severity." + }, + "endTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The alert end time." + }, + "startTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The alert start time." + }, + "timeGenerated": { + "format": "date-time", + "type": "string", + "description": "The alert generated time." + }, + "alertType": { + "type": "string", + "description": "The name of the alert type." + } + }, + "required": [ + "azureResourceId", + "displayName", + "severity", + "endTimeUtc", + "startTimeUtc", + "timeGenerated", + "alertType" + ], + "type": "object", + "x-ms-discriminator-value": "SecurityAlert" + }, + "SecurityGroupEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a security group entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SecurityGroupEntityProperties", + "description": "SecurityGroup entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SecurityGroup" + }, + "SecurityGroupEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "SecurityGroup entity property bag.", + "properties": { + "distinguishedName": { + "description": "The group distinguished name", + "readOnly": true, + "type": "string" + }, + "objectGuid": { + "description": "A single-value attribute that is the unique identifier for the object, assigned by active directory.", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "sid": { + "description": "The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "SubmissionMailEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a submission mail entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SubmissionMailEntityProperties", + "description": "Submission mail entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SubmissionMail" + }, + "SubmissionMailEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Submission mail entity property bag.", + "properties": { + "networkMessageId": { + "description": "The network message id of email to which submission belongs", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "submissionId": { + "description": "The submission id", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "submitter": { + "description": "The submitter", + "readOnly": true, + "type": "string" + }, + "submissionDate": { + "description": "The submission date", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "timestamp": { + "description": "The Time stamp when the message is received (Mail)", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "recipient": { + "description": "The recipient of the mail", + "readOnly": true, + "type": "string" + }, + "sender": { + "description": "The sender of the mail", + "readOnly": true, + "type": "string" + }, + "senderIp": { + "description": "The sender's IP", + "readOnly": true, + "type": "string" + }, + "subject": { + "description": "The subject of submission mail", + "readOnly": true, + "type": "string" + }, + "reportType": { + "description": "The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "TeamInformation": { + "description": "Describes team information", + "properties": { + "teamId": { + "description": "Team ID", + "readOnly": true, + "type": "string" + }, + "primaryChannelUrl": { + "description": "The primary channel URL of the team", + "readOnly": true, + "type": "string" + }, + "teamCreationTimeUtc": { + "description": "The time the team was created", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "The name of the team", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the team", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "TeamProperties": { + "description": "Describes team properties", + "properties": { + "teamName": { + "description": "The name of the team", + "type": "string" + }, + "teamDescription": { + "description": "The description of the team", + "type": "string" + }, + "memberIds": { + "description": "List of member IDs to add to the team", + "items": { + "description": "A single-value attribute that is the unique identifier for the user, assigned by active directory.", + "format": "uuid", + "type": "string" + }, + "type": "array" + }, + "groupIds": { + "description": "List of group IDs to add their members to the team", + "items": { + "description": "A single-value attribute that is the unique identifier for the group, assigned by active directory.", + "format": "uuid", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "teamName" + ], + "type": "object" + }, + "ThreatIntelligence": { + "description": "ThreatIntelligence property bag.", + "properties": { + "confidence": { + "description": "Confidence (must be between 0 and 1)", + "format": "double", + "readOnly": true, + "type": "number" + }, + "providerName": { + "description": "Name of the provider from whom this Threat Intelligence information was received", + "readOnly": true, + "type": "string" + }, + "reportLink": { + "description": "Report link", + "readOnly": true, + "type": "string" + }, + "threatDescription": { + "description": "Threat description (free text)", + "readOnly": true, + "type": "string" + }, + "threatName": { + "description": "Threat name (e.g. \"Jedobot malware\")", + "readOnly": true, + "type": "string" + }, + "threatType": { + "description": "Threat type (e.g. \"Botnet\")", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "UrlEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a url entity.", + "properties": { + "properties": { + "$ref": "#/definitions/UrlEntityProperties", + "description": "Url entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Url" + }, + "UrlEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Url entity property bag.", + "properties": { + "url": { + "description": "A full URL the entity points to", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "UserInfo": { + "description": "User information that made some action", + "properties": { + "email": { + "description": "The email of the user.", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "The name of the user.", + "readOnly": true, + "type": "string" + }, + "objectId": { + "description": "The object id of the user.", + "format": "uuid", + "type": "string", + "x-nullable": true + } + }, + "type": "object" + } + }, + "parameters": { + "Incident": { + "description": "The incident", + "in": "body", + "name": "incident", + "required": true, + "schema": { + "$ref": "#/definitions/Incident" + }, + "x-ms-parameter-location": "method" + }, + "IncidentComment": { + "description": "The incident comment", + "in": "body", + "name": "incidentComment", + "required": true, + "schema": { + "$ref": "#/definitions/IncidentComment" + }, + "x-ms-parameter-location": "method" + }, + "IncidentCommentId": { + "description": "Incident comment ID", + "in": "path", + "name": "incidentCommentId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "IncidentId": { + "description": "Incident ID", + "in": "path", + "name": "incidentId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "Relation": { + "name": "relation", + "in": "body", + "description": "The relation model", + "required": true, + "schema": { + "$ref": "#/definitions/Relation" + }, + "x-ms-parameter-location": "method" + }, + "RelationName": { + "name": "relationName", + "in": "path", + "required": true, + "type": "string", + "description": "Relation Name", + "x-ms-parameter-location": "method" + }, + "TeamProperties": { + "description": "Team properties", + "in": "body", + "name": "teamProperties", + "required": true, + "schema": { + "$ref": "#/definitions/TeamProperties" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/Metadata.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/Metadata.json new file mode 100644 index 00000000..b9779463 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/Metadata.json @@ -0,0 +1,742 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2021-03-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata": { + "get": { + "x-ms-examples": { + "Get all metadata.": { + "$ref": "./examples/metadata/GetAllMetadata.json" + }, + "Get all metadata with OData filter/orderby/skip/top": { + "$ref": "./examples/metadata/GetAllMetadataOData.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "List of all metadata", + "operationId": "Metadata_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataSkip" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/MetadataList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}": { + "get": { + "x-ms-examples": { + "Get single metadata by name": { + "$ref": "./examples/metadata/GetMetadata.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "Get a Metadata.", + "operationId": "Metadata_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/MetadataName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete metadata.": { + "$ref": "./examples/metadata/DeleteMetadata.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "Delete a Metadata.", + "operationId": "Metadata_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/MetadataName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create/update full metadata.": { + "$ref": "./examples/metadata/PutMetadata.json" + }, + "Create/update minimal metadata.": { + "$ref": "./examples/metadata/PutMetadataMinimal.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "Create a Metadata.", + "operationId": "Metadata_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/MetadataName" + }, + { + "$ref": "#/parameters/Metadata" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "patch": { + "x-ms-examples": { + "Update metadata.": { + "$ref": "./examples/metadata/PatchMetadata.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "Update an existing Metadata.", + "operationId": "Metadata_Update", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/MetadataName" + }, + { + "$ref": "#/parameters/MetadataPatch" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "MetadataList": { + "description": "List of all the metadata.", + "type": "object", + "properties": { + "value": { + "description": "Array of metadata.", + "items": { + "$ref": "#/definitions/MetadataModel" + }, + "type": "array" + }, + "nextLink": { + "description": "URL to fetch the next page of metadata.", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "value" + ] + }, + "MetadataModel": { + "type": "object", + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Metadata resource definition.", + "properties": { + "properties": { + "$ref": "#/definitions/metadataProperties", + "description": "Metadata properties", + "x-ms-client-flatten": true + } + } + }, + "metadataPatch": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Metadata patch request body.", + "type": "object", + "properties": { + "properties": { + "$ref": "#/definitions/metadataPropertiesPatch", + "description": "Metadata patch request body", + "x-ms-client-flatten": true + } + } + }, + "metadataContentId": { + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Can be optionally set for user created content to define dependencies. If an active content item is made from a template, both will have the same contentId.", + "type": "string" + }, + "metadataParentId": { + "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)", + "type": "string" + }, + "metadataVersion": { + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks", + "type": "string" + }, + "metadataKind": { + "type": "string", + "description": "The kind of content the metadata is for.", + "enum": [ + "DataConnector", + "DataType", + "Workbook", + "WorkbookTemplate", + "Playbook", + "PlaybookTemplate", + "AnalyticsRuleTemplate", + "AnalyticsRule", + "HuntingQuery", + "InvestigationQuery", + "Parser", + "Watchlist", + "WatchlistTemplate", + "Solution" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "kind", + "values": [ + { + "value": "DataConnector" + }, + { + "value": "DataType" + }, + { + "value": "Workbook" + }, + { + "value": "WorkbookTemplate" + }, + { + "value": "Playbook" + }, + { + "value": "PlaybookTemplate" + }, + { + "value": "AnalyticsRuleTemplate" + }, + { + "value": "AnalyticsRule" + }, + { + "value": "HuntingQuery" + }, + { + "value": "InvestigationQuery" + }, + { + "value": "Parser" + }, + { + "value": "Watchlist" + }, + { + "value": "WatchlistTemplate" + }, + { + "value": "Solution" + } + ] + } + }, + "metadataSource": { + "description": "The original source of the content item, where it comes from.", + "type": "object", + "required": [ + "kind" + ], + "properties": { + "kind": { + "description": "Source type of the content", + "type": "string", + "enum": [ + "LocalWorkspace", + "Community", + "Solution", + "SourceRepository" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "sourceKind", + "values": [ + { + "value": "LocalWorkspace" + }, + { + "value": "Community" + }, + { + "value": "Solution" + }, + { + "value": "SourceRepository" + } + ] + } + }, + "name": { + "description": "Name of the content source. The repo name, solution name, LA workspace name etc.", + "type": "string" + }, + "sourceId": { + "description": "ID of the content source. The solution ID, workspace ID, etc", + "type": "string" + } + } + }, + "metadataAuthor": { + "type": "object", + "description": "Publisher or creator of the content item.", + "properties": { + "name": { + "description": "Name of the author. Company or person.", + "type": "string" + }, + "email": { + "description": "Email of author contact", + "type": "string" + }, + "link": { + "description": "Link for author/vendor page", + "type": "string" + } + } + }, + "metadataSupport": { + "type": "object", + "description": "Support information for the content item.", + "required": [ + "tier" + ], + "properties": { + "tier": { + "description": "Type of support for content item", + "type": "string", + "enum": [ + "Microsoft", + "Partner", + "Community" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "supportTier", + "values": [ + { + "value": "Microsoft" + }, + { + "value": "Partner" + }, + { + "value": "Community" + } + ] + } + }, + "name": { + "description": "Name of the support contact. Company or person.", + "type": "string" + }, + "email": { + "description": "Email of support contact", + "type": "string" + }, + "link": { + "description": "Link for support help, like to support page to open a ticket etc.", + "type": "string" + } + } + }, + "metadataDependencies": { + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.", + "type": "object", + "properties": { + "contentId": { + "description": "Id of the content item we depend on", + "$ref": "#/definitions/metadataContentId" + }, + "kind": { + "description": "Type of the content item we depend on", + "$ref": "#/definitions/metadataKind" + }, + "version": { + "description": "Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.", + "$ref": "#/definitions/metadataVersion" + }, + "name": { + "description": "Name of the content item", + "type": "string" + }, + "operator": { + "description": "Operator used for list of dependencies in criteria array.", + "type": "string", + "enum": [ + "AND", + "OR" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "operator", + "values": [ + { + "value": "AND" + }, + { + "value": "OR" + } + ] + } + }, + "criteria": { + "description": "This is the list of dependencies we must fulfill, according to the AND/OR operator", + "type": "array", + "items": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + } + } + } + }, + "metadataProperties": { + "description": "Metadata property bag.", + "required": [ + "parentId", + "kind" + ], + "type": "object", + "properties": { + "contentId": { + "$ref": "#/definitions/metadataContentId", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "parentId": { + "$ref": "#/definitions/metadataParentId", + "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)" + }, + "version": { + "$ref": "#/definitions/metadataVersion", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "kind": { + "$ref": "#/definitions/metadataKind", + "description": "The kind of content the metadata is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the metadata - type, name, contact information" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + } + } + }, + "metadataPropertiesPatch": { + "description": "Metadata property bag for patch requests. This is the same as the MetadataProperties, but with nothing required", + "type": "object", + "properties": { + "contentId": { + "$ref": "#/definitions/metadataContentId", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "parentId": { + "$ref": "#/definitions/metadataParentId", + "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)" + }, + "version": { + "$ref": "#/definitions/metadataVersion", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "kind": { + "$ref": "#/definitions/metadataKind", + "description": "The kind of content the metadata is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the metadata - type, name, contact information" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + } + } + } + }, + "parameters": { + "Metadata": { + "description": "Metadata resource.", + "in": "body", + "name": "metadata", + "required": true, + "schema": { + "$ref": "#/definitions/MetadataModel" + }, + "x-ms-parameter-location": "method" + }, + "MetadataPatch": { + "description": "Partial metadata request.", + "in": "body", + "name": "metadataPatch", + "required": true, + "schema": { + "$ref": "#/definitions/metadataPatch" + }, + "x-ms-parameter-location": "method" + }, + "MetadataName": { + "description": "The Metadata name.", + "in": "path", + "name": "metadataName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SubscriptionId": { + "description": "Azure subscription ID", + "in": "path", + "name": "subscriptionId", + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", + "required": true, + "type": "string" + }, + "ResourceGroupName": { + "description": "The name of the resource group within the user's subscription. The name is case insensitive.", + "in": "path", + "maxLength": 90, + "minLength": 1, + "name": "resourceGroupName", + "pattern": "^[-\\w\\._\\(\\)]+$", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "WorkspaceName": { + "description": "The name of the workspace.", + "in": "path", + "name": "workspaceName", + "maxLength": 90, + "minLength": 1, + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "OperationalInsightsResourceProvider": { + "description": "The namespace of workspaces resource provider- Microsoft.OperationalInsights.", + "in": "path", + "name": "operationalInsightsResourceProvider", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/OnboardingStates.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/OnboardingStates.json new file mode 100644 index 00000000..78bc61a7 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/OnboardingStates.json @@ -0,0 +1,333 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2021-03-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}": { + "get": { + "x-ms-examples": { + "Get Sentinel onboarding state": { + "$ref": "./examples/onboardingStates/GetSentinelOnboardingState.json" + } + }, + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Get Sentinel onboarding state", + "operationId": "SentinelOnboardingStates_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SentinelOnboardingStateName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + }, + "default": { + "description": "Error in getting the Sentinel onboarding state", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create Sentinel onboarding state": { + "$ref": "./examples/onboardingStates/CreateSentinelOnboardingState.json" + } + }, + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Create Sentinel onboarding state", + "operationId": "SentinelOnboardingStates_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SentinelOnboardingStateName" + }, + { + "$ref": "#/parameters/SentinelOnboardingStateParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + }, + "default": { + "description": "Error in creating the Sentinel onboarding state", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete Sentinel onboarding state": { + "$ref": "./examples/onboardingStates/DeleteSentinelOnboardingState.json" + } + }, + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Delete Sentinel onboarding state", + "operationId": "SentinelOnboardingStates_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SentinelOnboardingStateName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error in deleting the Sentinel onboarding state", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates": { + "get": { + "x-ms-examples": { + "Get all Sentinel onboarding states": { + "$ref": "./examples/onboardingStates/GetAllSentinelOnboardingStates.json" + } + }, + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Gets all Sentinel onboarding states", + "operationId": "SentinelOnboardingStates_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SentinelOnboardingStatesList" + } + }, + "default": { + "description": "Error in listing the Sentinel onboarding states", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "SentinelOnboardingStateProperties": { + "description": "The Sentinel onboarding state properties", + "type": "object", + "properties": { + "customerManagedKey": { + "description": "Flag that indicates the status of the CMK setting", + "type": "boolean" + } + } + }, + "SentinelOnboardingState": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Sentinel onboarding state", + "properties": { + "properties": { + "$ref": "#/definitions/SentinelOnboardingStateProperties", + "description": "The Sentinel onboarding state object", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "SentinelOnboardingStatesList": { + "description": "List of the Sentinel onboarding states", + "properties": { + "value": { + "description": "Array of Sentinel onboarding states", + "items": { + "$ref": "#/definitions/SentinelOnboardingState" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + } + }, + "parameters": { + "SubscriptionId": { + "description": "Azure subscription ID", + "in": "path", + "name": "subscriptionId", + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", + "required": true, + "type": "string" + }, + "ResourceGroupName": { + "description": "The name of the resource group within the user's subscription. The name is case insensitive.", + "in": "path", + "maxLength": 90, + "minLength": 1, + "name": "resourceGroupName", + "pattern": "^[-\\w\\._\\(\\)]+$", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "WorkspaceName": { + "description": "The name of the workspace.", + "in": "path", + "name": "workspaceName", + "maxLength": 90, + "minLength": 1, + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "OperationalInsightsResourceProvider": { + "description": "The namespace of workspaces resource provider- Microsoft.OperationalInsights.", + "in": "path", + "name": "operationalInsightsResourceProvider", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SentinelOnboardingStateName": { + "description": "The Sentinel onboarding state name. Supports - default", + "in": "path", + "name": "sentinelOnboardingStateName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SentinelOnboardingStateParameter": { + "description": "The Sentinel onboarding state parameter", + "in": "body", + "name": "sentinelOnboardingStateParameter", + "required": false, + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/Settings.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/Settings.json new file mode 100644 index 00000000..3e2a7e3e --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/Settings.json @@ -0,0 +1,481 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2021-03-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings": { + "get": { + "x-ms-examples": { + "Get all settings.": { + "$ref": "./examples/settings/GetAllSettings.json" + } + }, + "tags": [ + "Settings" + ], + "description": "List of all the settings", + "operationId": "ProductSettings_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SettingList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}": { + "get": { + "x-ms-examples": { + "Get EyesOn settings.": { + "$ref": "./examples/settings/GetEyesOnSetting.json" + } + }, + "tags": [ + "Settings" + ], + "description": "Gets a setting.", + "operationId": "ProductSettings_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Settings" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete EyesOn settings.": { + "$ref": "./examples/settings/DeleteEyesOnSetting.json" + } + }, + "tags": [ + "Settings" + ], + "description": "Delete setting of the product.", + "operationId": "ProductSettings_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Update EyesOn settings.": { + "$ref": "./examples/settings/UpdateEyesOnSetting.json" + } + }, + "tags": [ + "Settings" + ], + "description": "Updates setting.", + "operationId": "ProductSettings_Update", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsName" + }, + { + "$ref": "#/parameters/Settings" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Settings" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "SettingList": { + "description": "List of all the settings.", + "properties": { + "value": { + "description": "Array of settings.", + "items": { + "$ref": "#/definitions/Settings" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "Settings": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "The Setting.", + "properties": { + "kind": { + "description": "The kind of the setting", + "enum": [ + "Anomalies", + "EyesOn", + "EntityAnalytics", + "Ueba" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "SettingKind" + } + } + }, + "required": [ + "kind" + ], + "discriminator": "kind", + "type": "object" + }, + "Anomalies": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/AnomaliesSettingsProperties", + "description": "Anomalies properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Anomalies" + }, + "AnomaliesSettingsProperties": { + "description": "Anomalies property bag.", + "properties": { + "isEnabled": { + "description": "Determines whether the setting is enable or disabled.", + "readOnly": true, + "type": "boolean" + } + }, + "type": "object" + }, + "EyesOn": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/EyesOnSettingsProperties", + "description": "EyesOn properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "EyesOn" + }, + "EyesOnSettingsProperties": { + "description": "EyesOn property bag.", + "properties": { + "isEnabled": { + "description": "Determines whether the setting is enable or disabled.", + "readOnly": true, + "type": "boolean" + } + }, + "type": "object" + }, + "EntityAnalytics": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/EntityAnalyticsProperties", + "description": "EntityAnalytics properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "EntityAnalytics" + }, + "EntityAnalyticsProperties": { + "description": "EntityAnalytics property bag.", + "properties": { + "isEnabled": { + "description": "Determines whether the setting is enable or disabled.", + "readOnly": true, + "type": "boolean" + } + }, + "type": "object" + }, + "Ueba": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/UebaProperties", + "description": "Ueba properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Ueba" + }, + "UebaProperties": { + "description": "Ueba property bag.", + "type": "object", + "properties": { + "dataSources": { + "description": "The relevant data sources that enriched by ueba", + "items": { + "$ref": "#/definitions/UebaDataSources" + }, + "type": "array" + } + } + }, + "UebaDataSources": { + "description": "The data source that enriched by ueba.", + "enum": [ + "AuditLogs", + "AzureActivity", + "SecurityEvent", + "SigninLogs" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "UebaDataSources" + } + }, + "Sku": { + "description": "The pricing tier of the solution", + "properties": { + "name": { + "description": "The kind of the tier", + "enum": [ + "PerGB", + "CapacityReservation" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "SkuKind" + } + }, + "capacityReservationLevel": { + "description": "The amount of reservation level", + "type": "integer", + "format": "int32" + } + }, + "type": "object" + } + }, + "parameters": { + "Settings": { + "description": "The setting", + "in": "body", + "name": "settings", + "required": true, + "schema": { + "$ref": "#/definitions/Settings" + }, + "x-ms-parameter-location": "method" + }, + "SettingsName": { + "description": "The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba", + "in": "path", + "name": "settingsName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SubscriptionId": { + "description": "Azure subscription ID", + "in": "path", + "name": "subscriptionId", + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", + "required": true, + "type": "string" + }, + "ResourceGroupName": { + "description": "The name of the resource group within the user's subscription. The name is case insensitive.", + "in": "path", + "maxLength": 90, + "minLength": 1, + "name": "resourceGroupName", + "pattern": "^[-\\w\\._\\(\\)]+$", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "WorkspaceName": { + "description": "The name of the workspace.", + "in": "path", + "name": "workspaceName", + "maxLength": 90, + "minLength": 1, + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "OperationalInsightsResourceProvider": { + "description": "The namespace of workspaces resource provider- Microsoft.OperationalInsights.", + "in": "path", + "name": "operationalInsightsResourceProvider", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/SourceControls.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/SourceControls.json new file mode 100644 index 00000000..fa56c4d5 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/SourceControls.json @@ -0,0 +1,514 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2021-03-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories": { + "post": { + "x-ms-examples": { + "Get repository list.": { + "$ref": "./examples/repositories/GetRepositories.json" + } + }, + "tags": [ + "Repositories" + ], + "description": "Gets a list of repositories metadata.", + "operationId": "SourceControl_listRepositories", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RepoTypeParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/RepoList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols": { + "get": { + "x-ms-examples": { + "Get all source controls.": { + "$ref": "./examples/sourcecontrols/GetSourceControls.json" + } + }, + "tags": [ + "SourceControls" + ], + "description": "Gets all source controls, without source control items.", + "operationId": "SourceControls_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SourceControlList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}": { + "get": { + "x-ms-examples": { + "Get a source control.": { + "$ref": "./examples/sourcecontrols/GetSourceControlById.json" + } + }, + "tags": [ + "SourceControls" + ], + "description": "Gets a source control byt its identifier.", + "operationId": "SourceControls_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SourceControlIdParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SourceControl" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a source control.": { + "$ref": "./examples/sourcecontrols/DeleteSourceControl.json" + } + }, + "tags": [ + "SourceControls" + ], + "description": "Delete a source control.", + "operationId": "SourceControls_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SourceControlIdParameter" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates a source control.": { + "$ref": "./examples/sourcecontrols/CreateSourceControl.json" + } + }, + "tags": [ + "SourceControls" + ], + "description": "Creates a source control.", + "operationId": "SourceControls_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SourceControlIdParameter" + }, + { + "$ref": "#/parameters/SourceControl" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SourceControl" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/SourceControl" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "RepoList": { + "description": "List all the source controls.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of repositories.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of repositories.", + "items": { + "$ref": "#/definitions/Repo" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "Repo": { + "description": "Represents a repository.", + "properties": { + "repoUrl": { + "description": "The url to access the repository.", + "type": "string" + }, + "fullName": { + "description": "The name of the repository.", + "type": "string" + }, + "branches": { + "description": "Array of branches.", + "items": { + "description": "name of branch.", + "type": "string" + }, + "type": "array" + } + }, + "x-ms-azure-resource": false, + "type": "object" + }, + "SourceControlList": { + "description": "List all the source controls.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of source controls.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of source controls.", + "items": { + "$ref": "#/definitions/SourceControl" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "SourceControl": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a SourceControl in Azure Security Insights.", + "properties": { + "properties": { + "description": "source control properties", + "$ref": "#/definitions/SourceControlProperties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "SourceControlProperties": { + "description": "Describes source control properties", + "properties": { + "sourceControlId": { + "description": "The id (a Guid) of the source control", + "type": "string" + }, + "displayName": { + "description": "The display name of the source control", + "type": "string" + }, + "description": { + "description": "A description of the source control", + "type": "string" + }, + "repoType": { + "$ref": "#/definitions/RepoType", + "description": "The repository type of the source control", + "type": "string" + }, + "contentTypes": { + "description": "Array of source control content types.", + "items": { + "$ref": "#/definitions/ContentType" + }, + "type": "array" + }, + "repository": { + "description": "Repository metadata.", + "$ref": "#/definitions/Repository" + } + }, + "required": [ + "displayName", + "repoType", + "contentTypes", + "repository" + ], + "type": "object" + }, + "Repository": { + "type": "object", + "description": "metadata of a repository.", + "properties": { + "url": { + "description": "Url of repository.", + "type": "string" + }, + "branch": { + "description": "Branch name of repository.", + "type": "string" + }, + "pathMapping": { + "description": "Dictionary of source control content type and path mapping.", + "items": { + "$ref": "#/definitions/ContentPathMap" + }, + "type": "array" + } + } + }, + "ContentPathMap": { + "description": "The mapping of content type to a repo path.", + "properties": { + "contentType": { + "$ref": "#/definitions/ContentType", + "description": "Content type.", + "type": "string" + }, + "path": { + "description": "The path to the content.", + "type": "string" + } + }, + "type": "object" + }, + "ContentType": { + "description": "The content type of a source control path.", + "enum": [ + "AnalyticRule", + "Workbook" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ContentType", + "values": [ + { + "value": "AnalyticRule" + }, + { + "value": "Workbook" + } + ] + } + }, + "RepoType": { + "description": "The type of repository.", + "enum": [ + "Github", + "DevOps" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "RepoType", + "values": [ + { + "value": "Github" + }, + { + "value": "DevOps" + } + ] + } + } + }, + "parameters": { + "RepoTypeParameter": { + "description": "The repo type.", + "in": "body", + "name": "repoType", + "required": true, + "schema": { + "$ref": "#/definitions/RepoType" + }, + "x-ms-parameter-location": "method" + }, + "SourceControlIdParameter": { + "description": "Source control Id", + "in": "path", + "name": "sourceControlId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SourceControl": { + "description": "The SourceControl", + "in": "body", + "name": "sourceControl", + "required": true, + "schema": { + "$ref": "#/definitions/SourceControl" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/Watchlists.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/Watchlists.json new file mode 100644 index 00000000..dee70680 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/Watchlists.json @@ -0,0 +1,752 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2021-03-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists": { + "get": { + "x-ms-examples": { + "Get all watchlists.": { + "$ref": "./examples/watchlists/GetWatchlists.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Gets all watchlists, without watchlist items.", + "operationId": "Watchlists_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}": { + "get": { + "x-ms-examples": { + "Get a watchlist.": { + "$ref": "./examples/watchlists/GetWatchlistByAlias.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Gets a watchlist, without its watchlist items.", + "operationId": "Watchlists_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Watchlist" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a watchlist.": { + "$ref": "./examples/watchlists/DeleteWatchlist.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Delete a watchlist.", + "operationId": "Watchlists_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a watchlist.": { + "$ref": "./examples/watchlists/CreateWatchlist.json" + }, + "Creates or updates a watchlist and bulk creates watchlist items.": { + "$ref": "./examples/watchlists/CreateWatchlistAndWatchlistItems.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Creates or updates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its items, we should call this endpoint with rawContent and contentType properties.", + "operationId": "Watchlists_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/Watchlist" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Watchlist" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Watchlist" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems": { + "get": { + "x-ms-examples": { + "Get all watchlist Items.": { + "$ref": "./examples/watchlists/GetWatchlistItems.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Gets all watchlist Items.", + "operationId": "WatchlistItems_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistItemList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}": { + "get": { + "x-ms-examples": { + "Get a watchlist item.": { + "$ref": "./examples/watchlists/GetWatchlistItemById.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Gets a watchlist, without its watchlist items.", + "operationId": "WatchlistItems_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a watchlist Item.": { + "$ref": "./examples/watchlists/DeleteWatchlistItem.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Delete a watchlist item.", + "operationId": "WatchlistItems_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a watchlist item.": { + "$ref": "./examples/watchlists/CreateWatchlistItem.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Creates or updates a watchlist item.", + "operationId": "WatchlistItems_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + }, + { + "$ref": "#/parameters/WatchlistItem" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "WatchlistList": { + "description": "List all the watchlists.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of watchlists.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of watchlist.", + "items": { + "$ref": "#/definitions/Watchlist" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "Watchlist": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Watchlist in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/WatchlistProperties", + "description": "Watchlist properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WatchlistProperties": { + "description": "Describes watchlist properties", + "properties": { + "watchlistId": { + "description": "The id (a Guid) of the watchlist", + "type": "string" + }, + "displayName": { + "description": "The display name of the watchlist", + "type": "string" + }, + "provider": { + "description": "The provider of the watchlist", + "type": "string" + }, + "source": { + "description": "The source of the watchlist", + "enum": [ + "Local file", + "Remote storage" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "source" + } + }, + "created": { + "description": "The time the watchlist was created", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The last time the watchlist was updated", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the watchlist", + "type": "object" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the watchlist", + "type": "object" + }, + "description": { + "description": "A description of the watchlist", + "type": "string" + }, + "watchlistType": { + "description": "The type of the watchlist", + "type": "string" + }, + "watchlistAlias": { + "description": "The alias of the watchlist", + "type": "string" + }, + "isDeleted": { + "description": "A flag that indicates if the watchlist is deleted or not", + "type": "boolean" + }, + "labels": { + "description": "List of labels relevant to this watchlist", + "items": { + "$ref": "#/definitions/Label" + }, + "type": "array" + }, + "defaultDuration": { + "description": "The default duration of a watchlist (in ISO 8601 duration format)", + "format": "duration", + "type": "string" + }, + "tenantId": { + "description": "The tenantId where the watchlist belongs to", + "type": "string" + }, + "numberOfLinesToSkip": { + "description": "The number of lines in a csv/tsv content to skip before the header", + "type": "integer", + "format": "int32" + }, + "rawContent": { + "description": "The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint", + "type": "string" + }, + "itemsSearchKey": { + "description": "The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.", + "type": "string" + }, + "contentType": { + "description": "The content type of the raw content. Example : text/csv or text/tsv ", + "type": "string" + }, + "uploadStatus": { + "description": "The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted", + "type": "string" + }, + "watchlistItemsCount": { + "description": "The number of Watchlist Items in the Watchlist", + "type": "integer", + "format": "int32" + } + }, + "required": [ + "displayName", + "source", + "provider", + "itemsSearchKey" + ], + "type": "object" + }, + "WatchlistItemList": { + "description": "List all the watchlist items.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of watchlist item.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of watchlist items.", + "items": { + "$ref": "#/definitions/WatchlistItem" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "WatchlistItem": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Watchlist item in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/WatchlistItemProperties", + "description": "Watchlist Item properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WatchlistItemProperties": { + "description": "Describes watchlist item properties", + "properties": { + "watchlistItemType": { + "description": "The type of the watchlist item", + "type": "string" + }, + "watchlistItemId": { + "description": "The id (a Guid) of the watchlist item", + "type": "string" + }, + "tenantId": { + "description": "The tenantId to which the watchlist item belongs to", + "type": "string" + }, + "isDeleted": { + "description": "A flag that indicates if the watchlist item is deleted or not", + "type": "boolean" + }, + "created": { + "description": "The time the watchlist item was created", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The last time the watchlist item was updated", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the watchlist item", + "type": "object" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the watchlist item", + "type": "object" + }, + "itemsKeyValue": { + "description": "key-value pairs for a watchlist item", + "type": "object" + }, + "entityMapping": { + "description": "key-value pairs for a watchlist item entity mapping", + "type": "object" + } + }, + "required": [ + "itemsKeyValue" + ], + "type": "object" + }, + "UserInfo": { + "description": "User information that made some action", + "properties": { + "email": { + "description": "The email of the user.", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "The name of the user.", + "readOnly": true, + "type": "string" + }, + "objectId": { + "description": "The object id of the user.", + "format": "uuid", + "type": "string", + "x-nullable": true + } + }, + "type": "object" + }, + "Label": { + "description": "Label that will be used to tag and filter on.", + "type": "string" + } + }, + "parameters": { + "WatchlistAlias": { + "description": "Watchlist Alias", + "in": "path", + "name": "watchlistAlias", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "Watchlist": { + "description": "The watchlist", + "in": "body", + "name": "watchlist", + "required": true, + "schema": { + "$ref": "#/definitions/Watchlist" + }, + "x-ms-parameter-location": "method" + }, + "WatchlistItem": { + "description": "The watchlist item", + "in": "body", + "name": "watchlistItem", + "required": true, + "schema": { + "$ref": "#/definitions/WatchlistItem" + }, + "x-ms-parameter-location": "method" + }, + "WatchlistItemId": { + "description": "Watchlist Item Id (GUID)", + "in": "path", + "name": "watchlistItemId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/dataConnectors.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/dataConnectors.json new file mode 100644 index 00000000..16e30dd9 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/dataConnectors.json @@ -0,0 +1,1575 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2021-03-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors": { + "get": { + "x-ms-examples": { + "Get all data connectors.": { + "$ref": "./examples/dataConnectors/GetDataConnectors.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Gets all data connectors.", + "operationId": "DataConnectors_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/DataConnectorList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}": { + "get": { + "x-ms-examples": { + "Get an Office365 data connector.": { + "$ref": "./examples/dataConnectors/GetOfficeDataConnetorById.json" + }, + "Get a TI data connector": { + "$ref": "./examples/dataConnectors/GetThreatIntelligenceById.json" + }, + "Get a TI Taxii data connector.": { + "$ref": "./examples/dataConnectors/GetThreatIntelligenceTaxiiById.json" + }, + "Get a MCAS data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json" + }, + "Get a ASC data connector": { + "$ref": "./examples/dataConnectors/GetAzureSecurityCenterById.json" + }, + "Get an AAD data connector": { + "$ref": "./examples/dataConnectors/GetAzureActiveDirectoryById.json" + }, + "Get an AwsCloudTrail data connector": { + "$ref": "./examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json" + }, + "Get an AATP data connector": { + "$ref": "./examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json" + }, + "Get a MDATP data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json" + }, + "Get a Office ATP data connector": { + "$ref": "./examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json" + }, + "Get a Dynamics365 data connector": { + "$ref": "./examples/dataConnectors/GetDynamics365DataConnectorById.json" + }, + "Get a MicrosoftThreatProtection data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftThreatProtectionById.json" + }, + "Get a MicrosoftThreatIntelligence data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json" + }, + "Get a GenericUI data connector": { + "$ref": "./examples/dataConnectors/GetGenericUI.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Gets a data connector.", + "operationId": "DataConnectors_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an Office365 data connector": { + "$ref": "./examples/dataConnectors/CreateOfficeDataConnetor.json" + }, + "Creates or updates a Threat Intelligence Taxii data connector.": { + "$ref": "./examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json" + }, + "Creates or updates an Threat Intelligence Platform data connector": { + "$ref": "./examples/dataConnectors/CreateThreatIntelligenceDataConnector.json" + }, + "Creates or updates a Dynamics365 data connector.": { + "$ref": "./examples/dataConnectors/CreateDynamics365DataConnetor.json" + }, + "Creates or updates a GenericUI data connector": { + "$ref": "./examples/dataConnectors/CreateGenericUI.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Creates or updates the data connector.", + "operationId": "DataConnectors_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + }, + { + "$ref": "#/parameters/DataConnector" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an Office365 data connector": { + "$ref": "./examples/dataConnectors/DeleteOfficeDataConnetor.json" + }, + "Delete a GenericUI data connector": { + "$ref": "./examples/dataConnectors/DeleteGenericUI.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Delete the data connector.", + "operationId": "DataConnectors_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "AADDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents AAD (Azure Active Directory) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AADDataConnectorProperties", + "description": "AAD (Azure Active Directory) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureActiveDirectory" + }, + "AADDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "AAD (Azure Active Directory) data connector properties.", + "type": "object" + }, + "AlertsDataTypeOfDataConnector": { + "description": "Alerts data type for data connectors.", + "properties": { + "alerts": { + "$ref": "#/definitions/DataConnectorDataTypeCommon", + "description": "Alerts data type connection.", + "type": "object" + } + }, + "type": "object", + "required": [ + "alerts" + ] + }, + "MSTIDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Microsoft Threat Intelligence data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MSTIDataConnectorProperties", + "description": "Microsoft Threat Intelligence data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftThreatIntelligence" + }, + "MSTIDataConnectorDataTypes": { + "description": "The available data types for Microsoft Threat Intelligence Platforms data connector.", + "properties": { + "bingSafetyPhishingURL": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "properties": { + "lookbackPeriod": { + "description": "lookback period", + "type": "string" + } + }, + "description": "Data type for Microsoft Threat Intelligence Platforms data connector.", + "type": "object", + "required": [ + "lookbackPeriod" + ] + }, + "microsoftEmergingThreatFeed": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "properties": { + "lookbackPeriod": { + "description": "lookback period", + "type": "string" + } + }, + "description": "Data type for Microsoft Threat Intelligence Platforms data connector.", + "type": "object", + "required": [ + "lookbackPeriod" + ] + } + }, + "type": "object", + "required": [ + "bingSafetyPhishingURL", + "microsoftEmergingThreatFeed" + ] + }, + "MSTIDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Microsoft Threat Intelligence data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MSTIDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "MTPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents MTP (Microsoft Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MTPDataConnectorProperties", + "description": "MTP (Microsoft Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftThreatProtection" + }, + "MTPDataConnectorDataTypes": { + "description": "The available data types for Microsoft Threat Protection Platforms data connector.", + "properties": { + "incidents": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Data type for Microsoft Threat Protection Platforms data connector.", + "type": "object" + } + }, + "type": "object", + "required": [ + "incidents" + ] + }, + "MTPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MTP (Microsoft Threat Protection) data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MTPDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "AATPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents AATP (Azure Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AATPDataConnectorProperties", + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureAdvancedThreatProtection" + }, + "AATPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "type": "object" + }, + "ASCDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents ASC (Azure Security Center) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/ASCDataConnectorProperties", + "description": "ASC (Azure Security Center) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureSecurityCenter" + }, + "ASCDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "ASC (Azure Security Center) data connector properties.", + "properties": { + "subscriptionId": { + "description": "The subscription id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object" + }, + "AwsCloudTrailDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Amazon Web Services CloudTrail data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorProperties", + "description": "Amazon Web Services CloudTrail data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AmazonWebServicesCloudTrail" + }, + "AwsCloudTrailDataConnectorDataTypes": { + "description": "The available data types for Amazon Web Services CloudTrail data connector.", + "properties": { + "logs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Logs data type.", + "type": "object" + } + }, + "type": "object", + "required": [ + "logs" + ] + }, + "AwsCloudTrailDataConnectorProperties": { + "description": "Amazon Web Services CloudTrail data connector properties.", + "properties": { + "awsRoleArn": { + "description": "The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "dataTypes" + ] + }, + "DataConnector": { + "description": "Data connector", + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "discriminator": "kind", + "required": [ + "kind" + ], + "properties": { + "kind": { + "$ref": "#/definitions/DataConnectorKind", + "description": "The data connector kind" + } + }, + "type": "object" + }, + "DataConnectorDataTypeCommon": { + "description": "Common field for data type in data connectors.", + "properties": { + "state": { + "description": "Describe whether this data type connection is enabled or not.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataTypeState" + } + } + }, + "type": "object", + "required": [ + "state" + ] + }, + "DataConnectorWithAlertsProperties": { + "description": "Data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "type": "object" + }, + "DataConnectorKind": { + "description": "The kind of the data connector", + "enum": [ + "AzureActiveDirectory", + "AzureSecurityCenter", + "MicrosoftCloudAppSecurity", + "ThreatIntelligence", + "ThreatIntelligenceTaxii", + "Office365", + "OfficeATP", + "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", + "Dynamics365", + "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", + "GenericUI" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataConnectorKind", + "values": [ + { + "value": "AzureActiveDirectory" + }, + { + "value": "AzureSecurityCenter" + }, + { + "value": "MicrosoftCloudAppSecurity" + }, + { + "value": "ThreatIntelligence" + }, + { + "value": "ThreatIntelligenceTaxii" + }, + { + "value": "Office365" + }, + { + "value": "OfficeATP" + }, + { + "value": "AmazonWebServicesCloudTrail" + }, + { + "value": "AzureAdvancedThreatProtection" + }, + { + "value": "MicrosoftDefenderAdvancedThreatProtection" + }, + { + "value": "Dynamics365" + }, + { + "value": "MicrosoftThreatProtection" + }, + { + "value": "MicrosoftThreatIntelligence" + }, + { + "value": "GenericUI" + } + ] + } + }, + "DataConnectorList": { + "description": "List all the data connectors.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of data connectors.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of data connectors.", + "items": { + "$ref": "#/definitions/DataConnector" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "DataConnectorTenantId": { + "description": "Properties data connector on tenant level.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object", + "required": [ + "tenantId" + ] + }, + "MCASDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents MCAS (Microsoft Cloud App Security) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MCASDataConnectorProperties", + "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftCloudAppSecurity" + }, + "MCASDataConnectorDataTypes": { + "allOf": [ + { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector" + } + ], + "description": "The available data types for MCAS (Microsoft Cloud App Security) data connector.", + "properties": { + "discoveryLogs": { + "$ref": "#/definitions/DataConnectorDataTypeCommon", + "description": "Discovery log data type connection." + } + }, + "type": "object" + }, + "MCASDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MCASDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "Dynamics365DataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Dynamics365 data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/Dynamics365DataConnectorProperties", + "description": "Dynamics365 data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Dynamics365" + }, + "Dynamics365DataConnectorDataTypes": { + "description": "The available data types for Dynamics365 data connector.", + "properties": { + "dynamics365CdsActivities": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Common Data Service data type connection.", + "type": "object" + } + }, + "type": "object", + "required": [ + "dynamics365CdsActivities" + ] + }, + "Dynamics365DataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Dynamics365 data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/Dynamics365DataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "OfficeATPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents OfficeATP (Office 365 Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeATPDataConnectorProperties", + "description": "OfficeATP (Office 365 Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficeATP" + }, + "OfficeATPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "OfficeATP (Office 365 Advanced Threat Protection) data connector properties.", + "type": "object" + }, + "MDATPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MDATPDataConnectorProperties", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection" + }, + "MDATPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "type": "object" + }, + "OfficeDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents office data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeDataConnectorProperties", + "description": "Office data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Office365" + }, + "OfficeDataConnectorDataTypes": { + "description": "The available data types for office data connector.", + "properties": { + "exchange": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Exchange data type connection.", + "type": "object" + }, + "sharePoint": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "SharePoint data type connection.", + "type": "object" + }, + "teams": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Teams data type connection.", + "type": "object" + } + }, + "required": [ + "exchange", + "sharePoint", + "teams" + ], + "type": "object" + }, + "OfficeDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Office data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/OfficeDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "TIDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents threat intelligence data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/TIDataConnectorProperties", + "description": "TI (Threat Intelligence) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "TIDataConnectorDataTypes": { + "description": "The available data types for TI (Threat Intelligence) data connector.", + "properties": { + "indicators": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Data type for indicators connection.", + "type": "object" + } + }, + "type": "object", + "required": [ + "indicators" + ] + }, + "TIDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "TI (Threat Intelligence) data connector properties.", + "properties": { + "tipLookbackPeriod": { + "description": "The lookback period for the feed to be imported.", + "format": "date-time", + "type": "string", + "x-nullable": true + }, + "dataTypes": { + "$ref": "#/definitions/TIDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "dataTypes" + ] + }, + "TiTaxiiDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server", + "properties": { + "properties": { + "$ref": "#/definitions/TiTaxiiDataConnectorProperties", + "description": "Threat intelligence TAXII data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligenceTaxii" + }, + "TiTaxiiDataConnectorDataTypes": { + "description": "The available data types for Threat Intelligence TAXII data connector.", + "properties": { + "taxiiClient": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Data type for TAXII connector.", + "type": "object" + } + }, + "type": "object", + "required": [ + "taxiiClient" + ] + }, + "TiTaxiiDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Threat Intelligence TAXII data connector properties.", + "properties": { + "workspaceId": { + "description": "The workspace id.", + "type": "string" + }, + "friendlyName": { + "description": "The friendly name for the TAXII server.", + "type": "string" + }, + "taxiiServer": { + "description": "The API root for the TAXII server.", + "type": "string" + }, + "collectionId": { + "description": "The collection id of the TAXII server.", + "type": "string" + }, + "userName": { + "description": "The userName for the TAXII server.", + "type": "string" + }, + "password": { + "description": "The password for the TAXII server.", + "type": "string" + }, + "taxiiLookbackPeriod": { + "description": "The lookback period for the TAXII server.", + "format": "date-time", + "type": "string", + "x-nullable": true + }, + "pollingFrequency": { + "description": "The polling frequency for the TAXII server.", + "type": "string", + "x-nullable": true, + "enum": [ + "OnceAMinute", + "OnceAnHour", + "OnceADay" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "PollingFrequency", + "values": [ + { + "description": "Once a minute", + "value": "OnceAMinute" + }, + { + "description": "Once an hour", + "value": "OnceAnHour" + }, + { + "description": "Once a day", + "value": "OnceADay" + } + ] + } + }, + "dataTypes": { + "$ref": "#/definitions/TiTaxiiDataConnectorDataTypes", + "description": "The available data types for Threat Intelligence TAXII data connector." + } + }, + "required": [ + "dataTypes", + "pollingFrequency" + ], + "type": "object" + }, + "CodelessUiDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Codeless UI data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/CodelessParameters", + "description": "Codeless UI data connector properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "GenericUI" + }, + "CodelessParameters": { + "description": "Represents Codeless UI data connector", + "type": "object", + "properties": { + "connectorUiConfig": { + "$ref": "#/definitions/CodelessUiConnectorConfigProperties", + "description": "Config to describe the instructions blade" + } + } + }, + "CodelessUiConnectorConfigProperties": { + "description": "Config to describe the instructions blade", + "type": "object", + "properties": { + "title": { + "description": "Connector blade title", + "type": "string" + }, + "publisher": { + "description": "Connector publisher name", + "type": "string" + }, + "descriptionMarkdown": { + "description": "Connector description", + "type": "string" + }, + "customImage": { + "description": "An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery", + "type": "string" + }, + "graphQueriesTableName": { + "description": "Name of the table the connector will insert the data to", + "type": "string" + }, + "graphQueries": { + "description": "The graph query to show the current data status", + "items": { + "allOf": [ + { + "$ref": "#/definitions/GraphQueries" + } + ] + }, + "type": "array" + }, + "sampleQueries": { + "description": "The sample queries for the connector", + "items": { + "allOf": [ + { + "$ref": "#/definitions/SampleQueries" + } + ] + }, + "type": "array" + }, + "dataTypes": { + "description": "Data types to check for last data received", + "items": { + "allOf": [ + { + "$ref": "#/definitions/LastDataReceivedDataType" + } + ] + }, + "type": "array" + }, + "connectivityCriteria": { + "description": "Define the way the connector check connectivity", + "items": { + "allOf": [ + { + "$ref": "#/definitions/ConnectivityCriteria" + } + ] + }, + "type": "array" + }, + "availability": { + "description": "Connector Availability Status", + "$ref": "#/definitions/Availability" + }, + "permissions": { + "description": "Permissions required for the connector", + "$ref": "#/definitions/Permissions" + }, + "instructionSteps": { + "description": "Instruction steps to enable the connector", + "items": { + "allOf": [ + { + "$ref": "#/definitions/InstructionSteps" + } + ] + }, + "type": "array" + } + }, + "required": [ + "title", + "publisher", + "descriptionMarkdown", + "graphQueriesTableName", + "graphQueries", + "sampleQueries", + "dataTypes", + "connectivityCriteria", + "availability", + "permissions", + "instructionSteps" + ] + }, + "LastDataReceivedDataType": { + "description": "Data type for last data received", + "type": "object", + "properties": { + "name": { + "description": "Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder", + "type": "string" + }, + "lastDataReceivedQuery": { + "description": "Query for indicate last data received", + "type": "string" + } + } + }, + "Permissions": { + "description": "Permissions required for the connector", + "type": "object", + "properties": { + "resourceProvider": { + "description": "Resource provider permissions required for the connector", + "items": { + "allOf": [ + { + "$ref": "#/definitions/ResourceProvider" + } + ] + }, + "type": "array" + }, + "customs": { + "description": "Customs permissions required for the connector", + "items": { + "allOf": [ + { + "$ref": "#/definitions/Customs" + } + ] + }, + "type": "array" + } + } + }, + "Customs": { + "description": "Customs permissions required for the connector", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/CustomsPermission" + } + ] + }, + "CustomsPermission": { + "description": "Customs permissions required for the connector", + "type": "object", + "properties": { + "name": { + "description": "Customs permissions name", + "type": "string" + }, + "description": { + "description": "Customs permissions description", + "type": "string" + } + } + }, + "ResourceProvider": { + "description": "Resource provider permissions required for the connector", + "type": "object", + "properties": { + "provider": { + "description": "Provider name", + "enum": [ + "Microsoft.OperationalInsights/solutions", + "Microsoft.OperationalInsights/workspaces", + "Microsoft.OperationalInsights/workspaces/datasources", + "microsoft.aadiam/diagnosticSettings", + "Microsoft.OperationalInsights/workspaces/sharedKeys", + "Microsoft.Authorization/policyAssignments" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ProviderName" + } + }, + "permissionsDisplayText": { + "description": "Permission description text", + "type": "string" + }, + "providerDisplayName": { + "description": "Permission provider display name", + "type": "string" + }, + "scope": { + "description": "Permission provider scope", + "enum": [ + "ResourceGroup", + "Subscription", + "Workspace" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "PermissionProviderScope" + } + }, + "requiredPermissions": { + "description": "Required permissions for the connector", + "$ref": "#/definitions/RequiredPermissions" + } + } + }, + "InstructionSteps": { + "description": "Instruction steps to enable the connector", + "type": "object", + "properties": { + "title": { + "description": "Instruction step title", + "type": "string" + }, + "description": { + "description": "Instruction step description", + "type": "string" + }, + "instructions": { + "description": "Instruction step details", + "items": { + "allOf": [ + { + "$ref": "#/definitions/ConnectorInstructionModelBase" + } + ] + }, + "type": "array" + } + } + }, + "ConnectorInstructionModelBase": { + "description": "Instruction step details", + "type": "object", + "properties": { + "parameters": { + "type": "object", + "description": "The parameters for the setting" + }, + "type": { + "description": "The kind of the setting", + "enum": [ + "CopyableLabel", + "InstructionStepsGroup", + "InfoMessage" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "SettingType" + } + } + }, + "required": [ + "type" + ] + }, + "RequiredPermissions": { + "description": "Required permissions for the connector", + "type": "object", + "properties": { + "action": { + "description": "action permission", + "type": "boolean" + }, + "write": { + "description": "write permission", + "type": "boolean" + }, + "read": { + "description": "read permission", + "type": "boolean" + }, + "delete": { + "description": "delete permission", + "type": "boolean" + } + } + }, + "Availability": { + "description": "Connector Availability Status", + "type": "object", + "properties": { + "status": { + "description": "The connector Availability Status", + "format": "int32", + "type": "integer", + "enum": [ + 1 + ], + "x-ms-enum": { + "name": "AvailabilityStatus", + "values": [ + { + "value": 1, + "description": "Available" + } + ] + } + }, + "isPreview": { + "description": "Set connector as preview", + "type": "boolean" + } + } + }, + "ConnectivityCriteria": { + "description": "Setting for the connector check connectivity", + "type": "object", + "properties": { + "type": { + "description": "type of connectivity", + "enum": [ + "IsConnectedQuery" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ConnectivityType" + } + }, + "value": { + "description": "Queries for checking connectivity", + "type": "array", + "items": { + "description": "checking connectivity query", + "type": "string" + } + } + } + }, + "SampleQueries": { + "description": "The sample queries for the connector", + "type": "object", + "properties": { + "description": { + "description": "The sample query description", + "type": "string" + }, + "query": { + "description": "the sample query", + "type": "string" + } + } + }, + "GraphQueries": { + "type": "object", + "description": "The graph query to show the current data status", + "properties": { + "metricName": { + "description": "the metric that the query is checking", + "type": "string" + }, + "legend": { + "description": "The legend for the graph", + "type": "string" + }, + "baseQuery": { + "description": "The base query for the graph", + "type": "string" + } + } + } + }, + "parameters": { + "ResourceGroupName": { + "description": "The name of the resource group within the user's subscription. The name is case insensitive.", + "in": "path", + "maxLength": 90, + "minLength": 1, + "name": "resourceGroupName", + "pattern": "^[-\\w\\._\\(\\)]+$", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SubscriptionId": { + "description": "Azure subscription ID", + "in": "path", + "name": "subscriptionId", + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", + "required": true, + "type": "string" + }, + "DataConnector": { + "description": "The data connector", + "in": "body", + "name": "dataConnector", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnector" + }, + "x-ms-parameter-location": "method" + }, + "DataConnectorId": { + "description": "Connector ID", + "in": "path", + "name": "dataConnectorId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/CreateActionOfAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/CreateActionOfAlertRule.json new file mode 100644 index 00000000..70983078 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/CreateActionOfAlertRule.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "action": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "triggerUri": "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/DeleteActionOfAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/DeleteActionOfAlertRule.json new file mode 100644 index 00000000..af1bd0d0 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/DeleteActionOfAlertRule.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/GetActionOfAlertRuleById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/GetActionOfAlertRuleById.json new file mode 100644 index 00000000..4501f69a --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/GetActionOfAlertRuleById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/GetAllActionsByAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/GetAllActionsByAlertRule.json new file mode 100644 index 00000000..f6e415ce --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/GetAllActionsByAlertRule.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json new file mode 100644 index 00000000..3104c570 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "alertRuleTemplateId": "65360bb0-8986-4ade-a89d-af3cf44d28aa" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Scheduled", + "properties": { + "severity": "Low", + "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", + "queryFrequency": "P1D", + "queryPeriod": "P1D", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "displayName": "Changes to Amazon VPC settings", + "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "tactics": [ + "PrivilegeEscalation", + "LateralMovement" + ], + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "createdDateUTC": "2019-02-27T00:00:00Z", + "status": "Available", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "alertRulesCreatedByTemplateCount": 0 + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json new file mode 100644 index 00000000..f974891b --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json @@ -0,0 +1,85 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Scheduled", + "properties": { + "severity": "Low", + "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", + "queryFrequency": "P1D", + "queryPeriod": "P1D", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "displayName": "Changes to Amazon VPC settings", + "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", + "tactics": [ + "PrivilegeEscalation", + "LateralMovement" + ], + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "createdDateUTC": "2019-02-27T00:00:00Z", + "status": "Available", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "alertRulesCreatedByTemplateCount": 0 + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/f71aba3d-28fb-450b-b192-4e76a83015c8", + "name": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Place holder: Fusion uses graph powered machine learning algorithms to correlate between millions of lower fidelity anomalous activities from different products such as Azure AD Identity Protection, and Microsoft Cloud App Security, to combine them into a manageable number of interesting security cases.\n", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "createdDateUTC": "2019-07-25T00:00:00Z", + "status": "Available", + "severity": "High", + "alertRulesCreatedByTemplateCount": 0 + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/b3cfc7c0-092c-481c-a55b-34a3979758cb", + "name": "b3cfc7c0-092c-481c-a55b-34a3979758cb", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "displayName": "Create incidents based on Microsoft Cloud App Security alerts", + "description": "Create incidents based on all alerts generated in Microsoft Cloud App Security", + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "createdDateUTC": "2019-07-16T00:00:00Z", + "status": "Available", + "alertRulesCreatedByTemplateCount": 0 + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateFusionAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateFusionAlertRule.json new file mode 100644 index 00000000..b07ed1bd --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateFusionAlertRule.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "myFirstFusionRule", + "alertRule": { + "kind": "Fusion", + "etag": "3d00c3ca-0000-0100-0000-5d42d5010000", + "properties": { + "enabled": true, + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json new file mode 100644 index 00000000..2115f91f --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "microsoftSecurityIncidentCreationRuleExample", + "alertRule": { + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "displayName": "testing displayname", + "enabled": true + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateScheduledAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateScheduledAlertRule.json new file mode 100644 index 00000000..1d10486d --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateScheduledAlertRule.json @@ -0,0 +1,240 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "alertRule": { + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"01005144-0000-0d00-0000-6058632c0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertTacticsColumnName": null, + "alertSeverityColumnName": null + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"01007444-0000-0d00-0000-605863a70000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2021-03-01T13:15:30Z", + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertTacticsColumnName": null, + "alertSeverityColumnName": null + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/DeleteAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/DeleteAlertRule.json new file mode 100644 index 00000000..f86985a8 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/DeleteAlertRule.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetAllAlertRules.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetAllAlertRules.json new file mode 100644 index 00000000..5b60a159 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetAllAlertRules.json @@ -0,0 +1,133 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertTacticsColumnName": null, + "alertSeverityColumnName": null + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"25005c11-0000-0d00-0000-5d6cc0e20000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "severity": "High", + "enabled": false, + "lastModifiedUtc": "2019-09-02T07:12:34.9065092Z" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetFusionAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetFusionAlertRule.json new file mode 100644 index 00000000..b98ea0d7 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetFusionAlertRule.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "ruleId": "myFirstFusionRule" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json new file mode 100644 index 00000000..cadcb475 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "ruleId": "microsoftSecurityIncidentCreationRuleExample" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetScheduledAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetScheduledAlertRule.json new file mode 100644 index 00000000..f92241e9 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetScheduledAlertRule.json @@ -0,0 +1,92 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertTacticsColumnName": null, + "alertSeverityColumnName": null + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json new file mode 100644 index 00000000..e93f2f48 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "dataConnector": { + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateGenericUI.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateGenericUI.json new file mode 100644 index 00000000..a99de411 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateGenericUI.json @@ -0,0 +1,438 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "dataConnector": { + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json new file mode 100644 index 00000000..4f3e9abe --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json @@ -0,0 +1,76 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json new file mode 100644 index 00000000..e80e83a2 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "ThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json new file mode 100644 index 00000000..32042fc3 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json @@ -0,0 +1,82 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "collectionId": "135", + "workspaceId": "dd124572-4962-4495-9bd2-9dade12314b4", + "friendlyName": "testTaxii", + "userName": "--", + "password": "--", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "collectionId": "135", + "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871", + "friendlyName": "testTaxii", + "userName": null, + "password": null, + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "collectionId": "135", + "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871", + "friendlyName": "testTaxii", + "userName": null, + "password": null, + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/DeleteGenericUI.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/DeleteGenericUI.json new file mode 100644 index 00000000..5e8dda49 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/DeleteGenericUI.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json new file mode 100644 index 00000000..499e3c81 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json new file mode 100644 index 00000000..1fcae507 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json new file mode 100644 index 00000000..965eabf0 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureActiveDirectory", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json new file mode 100644 index 00000000..3c45b6a7 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "07e42cb3-e658-4e90-801c-efa0f29d3d44" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json new file mode 100644 index 00000000..79aecf3b --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureSecurityCenter", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetDataConnectors.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetDataConnectors.json new file mode 100644 index 00000000..b76e74db --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetDataConnectors.json @@ -0,0 +1,341 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureSecurityCenter", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "name": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligenceTaxii", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "workspaceId": "8b014a77-4695-4ef4-96bb-6623afb121a2", + "friendlyName": "My TI Taxii Connector", + "taxiiServer": "https://mytaxiiserver.com/taxiing/v2/api", + "collectionId": "e0b1f32d-1188-48f7-a7a3-de71924e4b5e", + "userName": "", + "password": "", + "pollingFrequency": "OnceAMinute", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureActiveDirectory", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftCloudAppSecurity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficeATP", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "customImage": "The image connector content", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json new file mode 100644 index 00000000..b56379df --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetGenericUI.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetGenericUI.json new file mode 100644 index 00000000..8fde364a --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetGenericUI.json @@ -0,0 +1,157 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "customImage": "The image connector content", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json new file mode 100644 index 00000000..1ceb73dd --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "b96d014d-b5c2-4a01-9aba-a8058f629d42" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftCloudAppSecurity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json new file mode 100644 index 00000000..b057f538 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json new file mode 100644 index 00000000..8ef8b6f8 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "bingSafetyPhishingURL": { + "state": "Enabled", + "lookbackPeriod": "example ??" + }, + "microsoftEmergingThreatFeed": { + "state": "Enabled", + "lookbackPeriod": "example" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json new file mode 100644 index 00000000..5b5bf817 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "incidents": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json new file mode 100644 index 00000000..5688997c --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "3d3e955e-33eb-401d-89a7-251c81ddd660" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficeATP", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json new file mode 100644 index 00000000..25bfdbd3 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json new file mode 100644 index 00000000..9671cc9a --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json new file mode 100644 index 00000000..f3a8ae0f --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "c39bb458-02a7-4b3f-b0c8-71a1d2692652" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "name": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligenceTaxii", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "workspaceId": "8b014a77-4695-4ef4-96bb-6623afb121a2", + "friendlyName": "My TI Taxii Connector", + "taxiiServer": "https://mytaxiiserver.com/taxiing/v2/api", + "collectionId": "e0b1f32d-1188-48f7-a7a3-de71924e4b5e", + "userName": "", + "password": "", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/CreateEntityQueryActivity.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/CreateEntityQueryActivity.json new file mode 100644 index 00000000..e4cf9a4e --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/CreateEntityQueryActivity.json @@ -0,0 +1,134 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "entityQuery": { + "kind": "Activity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "enabled": true, + "templateName": null + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "kind": "Activity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "enabled": true, + "templateName": null, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "kind": "Activity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "enabled": true, + "templateName": null, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/DeleteEntityQuery.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/DeleteEntityQuery.json new file mode 100644 index 00000000..0a7f73c3 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/DeleteEntityQuery.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetActivityEntityQueryById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetActivityEntityQueryById.json new file mode 100644 index 00000000..e1c3cee8 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetActivityEntityQueryById.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "kind": "Activity", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "enabled": true, + "templateName": null, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetEntityQueries.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetEntityQueries.json new file mode 100644 index 00000000..0a2e2376 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetEntityQueries.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "kind": "Expansion", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/37ca3555-c135-4a73-a65e-9c1d00323f5d", + "name": "37ca3555-c135-4a73-a65e-9c1d00323f5d", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "kind": "Expansion", + "properties": { + "queryTemplate": "let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count asc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')", + "inputFields": [ + "address" + ], + "outputEntityTypes": [ + "Account" + ], + "dataSources": [ + "AzureActivity" + ], + "inputEntityType": "IP", + "displayName": "Least active accounts on Azure from this IP" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/97a1d515-abf2-4231-9a35-985f9de0bb91", + "name": "97a1d515-abf2-4231-9a35-985f9de0bb91", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "kind": "Expansion", + "properties": { + "queryTemplate": "let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count desc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')", + "inputFields": [ + "address" + ], + "outputEntityTypes": [ + "Account" + ], + "dataSources": [ + "AzureActivity" + ], + "inputEntityType": "IP", + "displayName": "Most active accounts on Azure from this IP" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json new file mode 100644 index 00000000..f33d16ea --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "kind": "Expansion", + "properties": { + "queryTemplate": "let GetParentProcessesOnHost = (v_Host_HostName:string){\r\n SecurityEvent \r\n | where EventID == 4688 \r\n | where isnotempty(ParentProcessName)\r\n | where NewProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe' and ParentProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe'\r\n and NewProcessName!contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe' and ParentProcessName !contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe'\r\n and ParentProcessName !contains ':\\\\Windows\\\\CCM\\\\CcmExec.exe'\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\svchost.exe' and (NewProcessName !contains ':\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe' or NewProcessName !contains ':\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe'))\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\services.exe' and NewProcessName !contains ':\\\\Windows\\\\servicing\\\\TrustedInstaller.exe')\r\n | where toupper(Computer) contains v_Host_HostName or toupper(WorkstationName) contains v_Host_HostName\r\n | summarize min(TimeGenerated), max(TimeGenerated) by Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project min_TimeGenerated, max_TimeGenerated, Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project-rename Process_Host_UnstructuredName=Computer, Process_Account_UnstructuredName=Account, Process_CommandLine=CommandLine, Process_ProcessId=ProcessId, Process_ImageFile_FullPath=NewProcessName, Process_ParentProcess_ImageFile_FullPath=ParentProcessName\r\n | top 10 by min_TimeGenerated asc};\r\n GetParentProcessesOnHost(toupper(''))", + "inputFields": [ + "hostName" + ], + "outputEntityTypes": [ + "Process" + ], + "dataSources": [ + "SecurityEvent" + ], + "inputEntityType": "Host", + "displayName": "Parent processes running on host" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/CreateIncident.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/CreateIncident.json new file mode 100644 index 00000000..f7af0efc --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/CreateIncident.json @@ -0,0 +1,110 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incident": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe", + "ownerType": "User" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "providerName": "Azure Sentinel", + "providerIncidentId": "3177", + "relatedAnalyticRuleIds": [], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [] + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "providerName": "Azure Sentinel", + "providerIncidentId": "3177", + "relatedAnalyticRuleIds": [], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [] + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/CreateTeam.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/CreateTeam.json new file mode 100644 index 00000000..b3ce2c63 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/CreateTeam.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "9023f5b5-df22-4313-8fbf-b4b75af8a6d9", + "resourceGroupName": "ambawolvese5resourcegroup", + "workspaceName": "AmbaE5WestCentralUS", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600", + "teamProperties": { + "teamName": "Team name", + "teamDescription": "Team description" + } + }, + "responses": { + "200": { + "body": { + "teamId": "99978838-9bda-4ad4-8f93-4cf7ebc50ca5", + "primaryChannelUrl": "https://teams.microsoft.com/l/team/19:80bf3b25485b4067b7d2dc4eec9e1578%40thread.tacv2/conversations?groupId=99978838-9bda-4ad4-8f93-4cf7ebc50ca5&tenantId=5b5a146c-eba8-46af-96f8-e31b50d15a3f", + "teamCreationTimeUtc": "2021-03-15T17:08:21.9954238+02:00", + "name": "Team name", + "description": "Team description" + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/DeleteIncident.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/DeleteIncident.json new file mode 100644 index 00000000..cea1f39e --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/DeleteIncident.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetAllIncidentAlerts.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetAllIncidentAlerts.json new file mode 100644 index 00000000..e5ee9a39 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetAllIncidentAlerts.json @@ -0,0 +1,51 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "name": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "SecurityAlert", + "properties": { + "systemAlertId": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "tactics": [], + "alertDisplayName": "myAlert", + "confidenceLevel": "Unknown", + "severity": "Low", + "vendorName": "Microsoft", + "productName": "Azure Security Center", + "alertType": "myAlert", + "processingEndTime": "2020-07-20T18:21:53.6158361Z", + "status": "New", + "endTimeUtc": "2020-07-20T18:21:53.6158361Z", + "startTimeUtc": "2020-07-20T18:21:53.6158361Z", + "timeGenerated": "2020-07-20T18:21:53.6158361Z", + "resourceIdentifiers": [ + { + "type": "LogAnalytics", + "workspaceId": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroup": "myRG" + } + ], + "additionalData": { + "AlertMessageEnqueueTime": "2020-07-20T18:21:57.304Z" + }, + "friendlyName": "myAlert" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetAllIncidentBookmarks.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetAllIncidentBookmarks.json new file mode 100644 index 00000000..25c40737 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetAllIncidentBookmarks.json @@ -0,0 +1,78 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/afbd324f-6c48-459c-8710-8d1e1cd03812", + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "Bookmark", + "properties": { + "displayName": "SecurityEvent - 868f40f4698d", + "created": "2020-06-17T15:34:01.4265524+00:00", + "updated": "2020-06-17T15:34:01.4265524+00:00", + "createdBy": { + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@microsoft.com", + "name": "user" + }, + "updatedBy": { + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@microsoft.com", + "name": "user" + }, + "eventTime": "2020-06-17T15:34:01.4265524+00:00", + "labels": [], + "query": "SecurityEvent\r\n| take 1\n", + "queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}", + "additionalData": { + "ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", + "EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "friendlyName": "SecurityEvent - 868f40f4698d" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/bbbd324f-6c48-459c-8710-8d1e1cd03812", + "name": "bbbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "Bookmark", + "properties": { + "displayName": "SecurityEvent - 868f40f4698d", + "created": "2020-06-17T15:34:01.4265524+00:00", + "updated": "2020-06-17T15:34:01.4265524+00:00", + "createdBy": { + "objectId": "303ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@microsoft.com", + "name": "user" + }, + "updatedBy": { + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@microsoft.com", + "name": "user" + }, + "eventTime": "2020-06-17T15:34:01.4265524+00:00", + "labels": [], + "query": "SecurityEvent\r\n| take 1\n", + "queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}", + "additionalData": { + "ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", + "EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "friendlyName": "SecurityEvent - 868f40f4698d" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetIncidentById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetIncidentById.json new file mode 100644 index 00000000..8b24a8a6 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetIncidentById.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe", + "ownerType": "User" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "InaccurateData", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "providerName": "Azure Sentinel", + "providerIncidentId": "3177", + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "InitialAccess", + "Persistence" + ] + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetIncidents.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetIncidents.json new file mode 100644 index 00000000..7c10cba0 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetIncidents.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "$orderby": "properties/createdTimeUtc desc", + "$top": 1 + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe", + "ownerType": "User" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "providerName": "Azure Sentinel", + "providerIncidentId": "3177", + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "Persistence" + ] + } + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/CreateIncidentComment.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/CreateIncidentComment.json new file mode 100644 index 00000000..be5b4a51 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/CreateIncidentComment.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "incidentComment": { + "properties": { + "message": "Some message" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "190057d0-0000-0d00-0000-5c622adb0000", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/DeleteIncidentComment.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/DeleteIncidentComment.json new file mode 100644 index 00000000..77aadc8b --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/DeleteIncidentComment.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2023-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/GetAllIncidentComments.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/GetAllIncidentComments.json new file mode 100644 index 00000000..c3c1ab85 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/GetAllIncidentComments.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + } + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/GetIncidentCommentById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/GetIncidentCommentById.json new file mode 100644 index 00000000..f92cba74 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/GetIncidentCommentById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/entities/GetAllIncidentEntities.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/entities/GetAllIncidentEntities.json new file mode 100644 index 00000000..ad0641a2 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/entities/GetAllIncidentEntities.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "entities": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "Account", + "properties": { + "friendlyName": "administrator", + "accountName": "administrator", + "ntDomain": "domain" + } + } + ], + "metaData": [ + { + "entityKind": "Account", + "count": 1 + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/CreateIncidentRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/CreateIncidentRelation.json new file mode 100644 index 00000000..434bdf33 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/CreateIncidentRelation.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "relation": { + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/DeleteIncidentRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/DeleteIncidentRelation.json new file mode 100644 index 00000000..c172e23e --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/DeleteIncidentRelation.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/GetAllIncidentRelations.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/GetAllIncidentRelations.json new file mode 100644 index 00000000..c6e50f67 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/GetAllIncidentRelations.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/9673a17d-8bc7-4ca6-88ee-38a4f3efc032", + "name": "9673a17d-8bc7-4ca6-88ee-38a4f3efc032", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "6f714025-dd7c-46aa-b5d0-b9857488d060", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/1dd267cd-8a1f-4f6f-b92c-da43ac8819af", + "relatedResourceName": "1dd267cd-8a1f-4f6f-b92c-da43ac8819af", + "relatedResourceType": "Microsoft.SecurityInsights/entities", + "relatedResourceKind": "SecurityAlert" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/GetIncidentRelationByName.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/GetIncidentRelationByName.json new file mode 100644 index 00000000..5f5d3d34 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/GetIncidentRelationByName.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/DeleteMetadata.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/DeleteMetadata.json new file mode 100644 index 00000000..6aa14153 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/DeleteMetadata.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "metadataName": "metadataName" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetAllMetadata.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetAllMetadata.json new file mode 100644 index 00000000..22cf619d --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetAllMetadata.json @@ -0,0 +1,65 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1", + "name": "metadataName1", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + }, + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2", + "name": "metadataName2", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "f5160682-0e10-4e23-8fcf-df3df49c5522", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + }, + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName3", + "name": "metadataName3", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "f593501d-ec01-4057-8146-a1de35c461ef", + "version": "1.0.0.0", + "kind": "Workbook", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/workbookName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetAllMetadataOData.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetAllMetadataOData.json new file mode 100644 index 00000000..7eb696f2 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetAllMetadataOData.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ODataFilter": "properties/kind eq 'AnalyticsRule'", + "ODataOrderBy": "properties/parentId desc", + "ODataSkip": "2", + "ODataTop": "2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1", + "name": "metadataName1", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName1", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + }, + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2", + "name": "metadataName2", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "f5160682-0e10-4e23-8fcf-df3df49c5522", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetMetadata.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetMetadata.json new file mode 100644 index 00000000..5753c829 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetMetadata.json @@ -0,0 +1,72 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "2e1dc338-d04d-4443-b721-037eff4fdcac", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "metadataName": "metadataName" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PatchMetadata.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PatchMetadata.json new file mode 100644 index 00000000..f9efe722 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PatchMetadata.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "metadataName": "metadataName", + "metadataPatch": { + "properties": { + "author": { + "name": "User Name", + "email": "email@microsoft.com" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "author": { + "name": "User Name", + "email": "email@microsoft.com" + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PutMetadata.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PutMetadata.json new file mode 100644 index 00000000..a6bbd138 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PutMetadata.json @@ -0,0 +1,188 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "metadataName": "metadataName", + "metadata": { + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector", + "name": "Microsoft Defender for Endpoint" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + } + } + } + }, + "responses": { + "201": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + } + } + } + }, + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PutMetadataMinimal.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PutMetadataMinimal.json new file mode 100644 index 00000000..ecb3ffd0 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PutMetadataMinimal.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "metadataName": "metadataName", + "metadata": { + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + }, + "responses": { + "201": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + }, + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json new file mode 100644 index 00000000..eade28e2 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "sentinelOnboardingStateName": "default", + "sentinelOnboardingStateParameter": { + "properties": { + "customerManagedKey": false + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json new file mode 100644 index 00000000..f35e9c9c --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "sentinelOnboardingStateName": "default" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json new file mode 100644 index 00000000..18ce172d --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json new file mode 100644 index 00000000..723a842a --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "sentinelOnboardingStateName": "default" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/repositories/GetRepositories.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/repositories/GetRepositories.json new file mode 100644 index 00000000..5f29c4f3 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/repositories/GetRepositories.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "repoType": "Github", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "repoUrl": "https://api.github.com/repos/user/reponame", + "fullName": "reponame", + "branches": [ + "master", + "develop" + ] + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/DeleteEyesOnSetting.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/DeleteEyesOnSetting.json new file mode 100644 index 00000000..9120c9f8 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/DeleteEyesOnSetting.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "settingsName": "EyesOn" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/GetAllSettings.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/GetAllSettings.json new file mode 100644 index 00000000..98fbfb45 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/GetAllSettings.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/GetEyesOnSetting.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/GetEyesOnSetting.json new file mode 100644 index 00000000..b4b8e56e --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/GetEyesOnSetting.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "settingsName": "EyesOn" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/UpdateEyesOnSetting.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/UpdateEyesOnSetting.json new file mode 100644 index 00000000..57289b7f --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/UpdateEyesOnSetting.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "settingsName": "EyesOn", + "settings": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "EyesOn", + "properties": {} + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/CreateSourceControl.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/CreateSourceControl.json new file mode 100644 index 00000000..006c6dba --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/CreateSourceControl.json @@ -0,0 +1,118 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "sourceControl": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My Source Control", + "description": "This is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "pathMapping": [ + { + "contentType": "AnalyticRules", + "path": "path/to/rules" + }, + { + "contentType": "Workbook", + "path": "path/to/workbooks" + } + ] + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "pathMapping": [ + { + "contentType": "AnalyticRules", + "path": "path/to/rules" + }, + { + "contentType": "Workbook", + "path": "path/to/workbooks" + } + ] + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "pathMapping": [ + { + "contentType": "AnalyticRules", + "path": "path/to/rules" + }, + { + "contentType": "Workbook", + "path": "path/to/workbooks" + } + ] + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/DeleteSourceControl.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/DeleteSourceControl.json new file mode 100644 index 00000000..45c070ae --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/DeleteSourceControl.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/GetSourceControlById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/GetSourceControlById.json new file mode 100644 index 00000000..f23a1875 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/GetSourceControlById.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "pathMapping": [ + { + "contentType": "AnalyticRules", + "path": "path/to/rules" + }, + { + "contentType": "Workbook", + "path": "path/to/workbooks" + } + ] + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/GetSourceControls.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/GetSourceControls.json new file mode 100644 index 00000000..fe9547ec --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/GetSourceControls.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "pathMapping": [ + { + "contentType": "AnalyticRules", + "path": "path/to/rules" + }, + { + "contentType": "Workbook", + "path": "path/to/workbooks" + } + ] + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlist.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlist.json new file mode 100644 index 00000000..baa0dc9d --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlist.json @@ -0,0 +1,86 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlist": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "High Value Assets Watchlist", + "source": "Local file", + "provider": "Microsoft", + "description": "Watchlist from CSV content", + "itemsSearchKey": "header1" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json new file mode 100644 index 00000000..d852b0ff --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json @@ -0,0 +1,89 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlist": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "High Value Assets Watchlist", + "source": "Local file", + "provider": "Microsoft", + "description": "Watchlist from CSV content", + "numberOfLinesToSkip": 1, + "rawContent": "This line will be skipped\nheader1,header2\nvalue1,value2", + "itemsSearchKey": "header1", + "contentType": "text/csv" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlistItem.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlistItem.json new file mode 100644 index 00000000..e83eab48 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlistItem.json @@ -0,0 +1,92 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "watchlistItem": { + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "properties": { + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "isDeleted": false, + "created": "2020-11-15T04:58:56.0748363+00:00", + "updated": "2020-11-16T16:05:20+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "isDeleted": false, + "created": "2020-11-15T04:58:56.0748363+00:00", + "updated": "2020-11-16T16:05:20+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/DeleteWatchlist.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/DeleteWatchlist.json new file mode 100644 index 00000000..eebf3d55 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/DeleteWatchlist.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/DeleteWatchlistItem.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/DeleteWatchlistItem.json new file mode 100644 index 00000000..a645a5ae --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/DeleteWatchlistItem.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistByAlias.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistByAlias.json new file mode 100644 index 00000000..401ffa61 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistByAlias.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "labels": [ + "Tag1", + "Tag2" + ], + "defaultDuration": "P1279DT12H30M5S", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistItemById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistItemById.json new file mode 100644 index 00000000..e189c471 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistItemById.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "watchlistAlias": "highValueAsset", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistItemId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", + "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "isDeleted": false, + "created": "2021-02-04T12:27:32.3783333-08:00", + "updated": "2021-02-04T12:27:32.3783333-08:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Header-1": "v1_1", + "Header-2": "v1_2", + "Header-3": "v1_3", + "Header-4": "v1_4", + "Header-5": "v1_5" + }, + "entityMapping": {} + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistItems.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistItems.json new file mode 100644 index 00000000..35b6c846 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistItems.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", + "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "isDeleted": false, + "created": "2021-02-04T12:27:32.3783333-08:00", + "updated": "2021-02-04T12:27:32.3783333-08:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Header-1": "v1_1", + "Header-2": "v1_2", + "Header-3": "v1_3", + "Header-4": "v1_4", + "Header-5": "v1_5" + }, + "entityMapping": {} + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlists.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlists.json new file mode 100644 index 00000000..2d7b8c05 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlists.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2021-03-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "labels": [ + "Tag1", + "Tag2" + ], + "defaultDuration": "P1279DT12H30M5S", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/operations.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/operations.json new file mode 100644 index 00000000..376edf33 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/operations.json @@ -0,0 +1,129 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2021-03-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/providers/Microsoft.SecurityInsights/operations": { + "get": { + "operationId": "Operations_List", + "description": "Lists all operations available Azure Security Insights Resource Provider.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "OK. Successfully retrieved operations list.", + "schema": { + "$ref": "#/definitions/OperationsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/1.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "OperationsList": { + "description": "Lists the operations available in the SecurityInsights RP.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of operations.", + "type": "string", + "readOnly": true + }, + "value": { + "description": "Array of operations", + "items": { + "$ref": "#/definitions/Operation" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "Operation": { + "description": "Operation provided by provider", + "properties": { + "display": { + "description": "Properties of the operation", + "properties": { + "description": { + "description": "Description of the operation", + "type": "string" + }, + "operation": { + "description": "Operation name", + "type": "string" + }, + "provider": { + "description": "Provider name", + "type": "string" + }, + "resource": { + "description": "Resource name", + "type": "string" + } + }, + "type": "object" + }, + "name": { + "description": "Name of the operation", + "type": "string" + }, + "origin": { + "description": "The origin of the operation", + "type": "string" + } + }, + "type": "object" + } + }, + "parameters": {} +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json new file mode 100644 index 00000000..ed000a74 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json @@ -0,0 +1,1431 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2020-01-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules": { + "get": { + "x-ms-examples": { + "Get all alert rules.": { + "$ref": "./examples/alertRules/GetAllAlertRules.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Gets all alert rules.", + "operationId": "AlertRules_List", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/AlertRulesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}": { + "get": { + "x-ms-examples": { + "Get a Scheduled alert rule.": { + "$ref": "./examples/alertRules/GetScheduledAlertRule.json" + }, + "Get a Fusion alert rule.": { + "$ref": "./examples/alertRules/GetFusionAlertRule.json" + }, + "Get a MicrosoftSecurityIncidentCreation rule.": { + "$ref": "./examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Gets the alert rule.", + "operationId": "AlertRules_Get", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a Scheduled alert rule.": { + "$ref": "./examples/alertRules/CreateScheduledAlertRule.json" + }, + "Creates or updates a Fusion alert rule.": { + "$ref": "./examples/alertRules/CreateFusionAlertRule.json" + }, + "Creates or updates a MicrosoftSecurityIncidentCreation rule.": { + "$ref": "./examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Creates or updates the alert rule.", + "operationId": "AlertRules_CreateOrUpdate", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/AlertRule" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an alert rule.": { + "$ref": "./examples/alertRules/DeleteAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Delete the alert rule.", + "operationId": "AlertRules_Delete", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions": { + "get": { + "x-ms-examples": { + "Get all actions of alert rule.": { + "$ref": "./examples/actions/GetAllActionsByAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Gets all actions of alert rule.", + "operationId": "Actions_ListByAlertRule", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/ActionsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}": { + "get": { + "x-ms-examples": { + "Get an action of alert rule.": { + "$ref": "./examples/actions/GetActionOfAlertRuleById.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Gets the action of alert rule.", + "operationId": "Actions_Get", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an action of alert rule.": { + "$ref": "./examples/actions/CreateActionOfAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Creates or updates the action of alert rule.", + "operationId": "Actions_CreateOrUpdate", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + }, + { + "$ref": "#/parameters/Action" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an action of alert rule.": { + "$ref": "./examples/actions/DeleteActionOfAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Delete the action of alert rule.", + "operationId": "Actions_Delete", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates": { + "get": { + "x-ms-examples": { + "Get all alert rule templates.": { + "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplates.json" + } + }, + "tags": [ + "Alert Rule Templates" + ], + "description": "Gets all alert rule templates.", + "operationId": "AlertRuleTemplates_List", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/AlertRuleTemplatesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}": { + "get": { + "x-ms-examples": { + "Get alert rule template by Id.": { + "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplateById.json" + } + }, + "tags": [ + "Alert Rule Templates" + ], + "description": "Gets the alert rule template.", + "operationId": "AlertRuleTemplates_Get", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AlertRuleTemplateId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/AlertRuleTemplate" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "ActionsList": { + "description": "List all the actions.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of actions.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of actions.", + "items": { + "$ref": "#/definitions/ActionResponse" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "ActionRequest": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/ResourceWithEtag" + } + ], + "description": "Action for alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ActionRequestProperties", + "description": "Action properties for put request", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "ActionRequestProperties": { + "allOf": [ + { + "$ref": "#/definitions/ActionPropertiesBase" + } + ], + "description": "Action property bag.", + "properties": { + "triggerUri": { + "description": "Logic App Callback URL for this specific workflow.", + "type": "string" + } + }, + "required": [ + "triggerUri" + ], + "type": "object" + }, + "ActionResponse": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/Resource" + } + ], + "description": "Action for alert rule.", + "properties": { + "etag": { + "description": "Etag of the action.", + "type": "string" + }, + "properties": { + "$ref": "#/definitions/ActionResponseProperties", + "description": "Action properties for get request", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "ActionResponseProperties": { + "allOf": [ + { + "$ref": "#/definitions/ActionPropertiesBase" + } + ], + "description": "Action property bag.", + "properties": { + "workflowId": { + "description": "The name of the logic app's workflow.", + "type": "string" + } + }, + "type": "object" + }, + "ActionPropertiesBase": { + "description": "Action property bag base.", + "properties": { + "logicAppResourceId": { + "description": "Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.", + "type": "string" + } + }, + "required": [ + "logicAppResourceId" + ], + "type": "object" + }, + "AlertRule": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/ResourceWithEtag" + } + ], + "description": "Alert rule.", + "discriminator": "kind", + "required": [ + "kind" + ], + "properties": { + "kind": { + "$ref": "#/definitions/AlertRuleKind", + "description": "The alert rule kind" + } + }, + "type": "object" + }, + "AlertRuleKind": { + "description": "The kind of the alert rule", + "enum": [ + "Scheduled", + "MicrosoftSecurityIncidentCreation", + "Fusion" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertRuleKind", + "values": [ + { + "value": "Scheduled" + }, + { + "value": "MicrosoftSecurityIncidentCreation" + }, + { + "value": "Fusion" + } + ] + } + }, + "AlertRuleTemplate": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/Resource" + } + ], + "description": "Alert rule template.", + "discriminator": "kind", + "required": [ + "kind" + ], + "properties": { + "kind": { + "$ref": "#/definitions/AlertRuleKind", + "description": "The alert rule kind", + "type": "string" + } + }, + "type": "object" + }, + "AlertRuleTemplateDataSource": { + "description": "alert rule template data sources", + "properties": { + "connectorId": { + "description": "The connector id that provides the following data types", + "type": "string" + }, + "dataTypes": { + "description": "The data types used by the alert rule template", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AlertRuleTemplateStatus": { + "description": "The alert rule template status.", + "enum": [ + "Installed", + "Available", + "NotAvailable" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "TemplateStatus", + "values": [ + { + "description": "Alert rule template installed. and can not use more then once", + "value": "Installed" + }, + { + "description": "Alert rule template is available.", + "value": "Available" + }, + { + "description": "Alert rule template is not available", + "value": "NotAvailable" + } + ] + } + }, + "AlertRuleTriggerOperator": { + "description": "The operation against the threshold that triggers alert rule.", + "enum": [ + "GreaterThan", + "LessThan", + "Equal", + "NotEqual" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "TriggerOperator" + } + }, + "AlertRulesList": { + "description": "List all the alert rules.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of alert rules.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of alert rules.", + "items": { + "$ref": "#/definitions/AlertRule" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "AlertRuleTemplatesList": { + "description": "List all the alert rule templates.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of alert rule templates.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of alert rule templates.", + "items": { + "$ref": "#/definitions/AlertRuleTemplate" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "AlertSeverity": { + "description": "The severity of the alert", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertSeverity", + "values": [ + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "AttackTactic": { + "description": "The severity for alerts created by this alert rule.", + "enum": [ + "InitialAccess", + "Execution", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AttackTactic" + } + }, + "FusionAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents Fusion alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/FusionAlertRuleProperties", + "description": "Fusion alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Fusion" + }, + "FusionAlertRuleProperties": { + "description": "Fusion alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "readOnly": true, + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ], + "type": "object" + }, + "FusionAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents Fusion alert rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/FusionAlertRuleTemplateProperties", + "description": "Fusion alert rule template properties", + "required": [ + "displayName", + "description", + "status", + "severity", + "alertRulesCreatedByTemplateCount" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Fusion" + }, + "FusionAlertRuleTemplateProperties": { + "description": "Represents Fusion alert rule template properties", + "properties": { + "alertRulesCreatedByTemplateCount": { + "description": "the number of alert rules that were created by this template", + "format": "int32", + "type": "integer" + }, + "createdDateUTC": { + "description": "The time that this alert rule template has been added.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the alert rule template.", + "type": "string" + }, + "displayName": { + "description": "The display name for alert rule template.", + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data connectors for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "type": "array" + }, + "status": { + "$ref": "#/definitions/AlertRuleTemplateStatus", + "description": "The alert rule template status.", + "type": "string" + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "tactics": { + "description": "The tactics of the alert rule template", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "type": "array" + } + }, + "type": "object" + }, + "MicrosoftSecurityIncidentCreationAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents MicrosoftSecurityIncidentCreation rule.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleProperties", + "description": "MicrosoftSecurityIncidentCreation rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" + }, + "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties": { + "description": "MicrosoftSecurityIncidentCreation rule common property bag.", + "properties": { + "displayNamesFilter": { + "description": "the alerts' displayNames on which the cases will be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "displayNamesExcludeFilter": { + "description": "the alerts' displayNames on which the cases will not be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "productFilter": { + "$ref": "#/definitions/MicrosoftSecurityProductName", + "description": "The alerts' productName on which the cases will be generated" + }, + "severitiesFilter": { + "description": "the alerts' severities on which the cases will be generated", + "items": { + "$ref": "#/definitions/AlertSeverity" + }, + "type": "array" + } + }, + "required": [ + "productFilter" + ], + "type": "object" + }, + "MicrosoftSecurityIncidentCreationAlertRuleProperties": { + "allOf": [ + { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleCommonProperties" + } + ], + "description": "MicrosoftSecurityIncidentCreation rule property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "displayName", + "enabled", + "productFilter" + ], + "type": "object" + }, + "MicrosoftSecurityIncidentCreationAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents MicrosoftSecurityIncidentCreation rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties", + "description": "MicrosoftSecurityIncidentCreation rule template properties", + "required": [ + "displayName", + "description", + "createdDateUTC", + "status", + "alertRulesCreatedByTemplateCount", + "productFilter" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" + }, + "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties": { + "description": "MicrosoftSecurityIncidentCreation rule template properties", + "properties": { + "alertRulesCreatedByTemplateCount": { + "description": "the number of alert rules that were created by this template", + "format": "int32", + "type": "integer" + }, + "createdDateUTC": { + "description": "The time that this alert rule template has been added.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the alert rule template.", + "type": "string" + }, + "displayName": { + "description": "The display name for alert rule template.", + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data connectors for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "type": "array" + }, + "status": { + "$ref": "#/definitions/AlertRuleTemplateStatus", + "description": "The alert rule template status.", + "type": "string" + }, + "displayNamesFilter": { + "description": "the alerts' displayNames on which the cases will be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "displayNamesExcludeFilter": { + "description": "the alerts' displayNames on which the cases will not be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "productFilter": { + "$ref": "#/definitions/MicrosoftSecurityProductName", + "description": "The alerts' productName on which the cases will be generated" + }, + "severitiesFilter": { + "description": "the alerts' severities on which the cases will be generated", + "items": { + "$ref": "#/definitions/AlertSeverity" + }, + "type": "array" + } + }, + "required": [ + "productFilter" + ], + "type": "object" + }, + "MicrosoftSecurityProductName": { + "description": "The alerts' productName on which the cases will be generated", + "enum": [ + "Microsoft Cloud App Security", + "Azure Security Center", + "Azure Advanced Threat Protection", + "Azure Active Directory Identity Protection", + "Azure Security Center for IoT" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "MicrosoftSecurityProductName" + } + }, + "ScheduledAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents scheduled alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ScheduledAlertRuleProperties", + "description": "Scheduled alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Scheduled" + }, + "ScheduledAlertRuleCommonProperties": { + "description": "Schedule alert rule template property bag.", + "properties": { + "query": { + "description": "The query that creates alerts for this rule.", + "type": "string" + }, + "queryFrequency": { + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run.", + "format": "duration", + "type": "string" + }, + "queryPeriod": { + "description": "The period (in ISO 8601 duration format) that this alert rule looks at.", + "format": "duration", + "type": "string" + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "triggerOperator": { + "$ref": "#/definitions/AlertRuleTriggerOperator", + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "description": "The threshold triggers this alert rule.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "ScheduledAlertRuleProperties": { + "allOf": [ + { + "$ref": "#/definitions/ScheduledAlertRuleCommonProperties" + } + ], + "description": "Scheduled alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert rule has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "suppressionDuration": { + "description": "The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.", + "format": "duration", + "type": "string" + }, + "suppressionEnabled": { + "description": "Determines whether the suppression for this alert rule is enabled or disabled.", + "type": "boolean" + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "type": "array" + } + }, + "required": [ + "displayName", + "enabled", + "severity", + "query", + "queryFrequency", + "queryPeriod", + "triggerOperator", + "triggerThreshold", + "suppressionEnabled", + "suppressionDuration" + ], + "type": "object" + }, + "ScheduledAlertRuleTemplateProperties": { + "description": "Scheduled alert rule template properties", + "properties": { + "alertRulesCreatedByTemplateCount": { + "description": "the number of alert rules that were created by this template", + "format": "int32", + "type": "integer" + }, + "createdDateUTC": { + "description": "The time that this alert rule template has been added.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the alert rule template.", + "type": "string" + }, + "displayName": { + "description": "The display name for alert rule template.", + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data connectors for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "type": "array" + }, + "status": { + "$ref": "#/definitions/AlertRuleTemplateStatus", + "description": "The alert rule template status.", + "type": "string" + }, + "query": { + "description": "The query that creates alerts for this rule.", + "type": "string" + }, + "queryFrequency": { + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run.", + "format": "duration", + "type": "string" + }, + "queryPeriod": { + "description": "The period (in ISO 8601 duration format) that this alert rule looks at.", + "format": "duration", + "type": "string" + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity for alerts created by this alert rule." + }, + "triggerOperator": { + "$ref": "#/definitions/AlertRuleTriggerOperator", + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "description": "The threshold triggers this alert rule.", + "format": "int32", + "type": "integer" + }, + "tactics": { + "description": "The tactics of the alert rule template", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "type": "array" + } + }, + "type": "object" + }, + "ScheduledAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents scheduled alert rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/ScheduledAlertRuleTemplateProperties", + "description": "Scheduled alert rule template properties", + "required": [ + "displayName", + "description", + "status", + "alertRulesCreatedByTemplateCount", + "severity", + "query", + "queryFrequency", + "queryPeriod", + "triggerOperator", + "triggerThreshold" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Scheduled" + } + }, + "parameters": { + "Action": { + "description": "The action", + "in": "body", + "name": "action", + "required": true, + "schema": { + "$ref": "#/definitions/ActionRequest" + }, + "x-ms-parameter-location": "method" + }, + "ActionId": { + "description": "Action ID", + "in": "path", + "name": "actionId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "AlertRule": { + "description": "The alert rule", + "in": "body", + "name": "alertRule", + "required": true, + "schema": { + "$ref": "#/definitions/AlertRule" + }, + "x-ms-parameter-location": "method" + }, + "AlertRuleTemplateId": { + "description": "Alert rule template ID", + "in": "path", + "name": "alertRuleTemplateId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "RuleId": { + "description": "Alert rule ID", + "in": "path", + "name": "ruleId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json new file mode 100644 index 00000000..a3581ff5 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json @@ -0,0 +1,439 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2020-01-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks": { + "get": { + "x-ms-examples": { + "Get all bookmarks.": { + "$ref": "./examples/bookmarks/GetBookmarks.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Gets all bookmarks.", + "operationId": "Bookmarks_List", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/BookmarkList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}": { + "get": { + "x-ms-examples": { + "Get a bookmark.": { + "$ref": "./examples/bookmarks/GetBookmarkById.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Gets a bookmark.", + "operationId": "Bookmarks_Get", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a bookmark.": { + "$ref": "./examples/bookmarks/CreateBookmark.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Creates or updates the bookmark.", + "operationId": "Bookmarks_CreateOrUpdate", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "#/parameters/Bookmark" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a bookmark.": { + "$ref": "./examples/bookmarks/DeleteBookmark.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Delete the bookmark.", + "operationId": "Bookmarks_Delete", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "Bookmark": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a bookmark in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/BookmarkProperties", + "description": "Bookmark properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "BookmarkList": { + "description": "List all the bookmarks.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of cases.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of bookmarks.", + "items": { + "$ref": "#/definitions/Bookmark" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "BookmarkProperties": { + "description": "Describes bookmark properties", + "properties": { + "created": { + "description": "The time the bookmark was created", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the bookmark", + "type": "object" + }, + "displayName": { + "description": "The display name of the bookmark", + "type": "string" + }, + "labels": { + "description": "List of labels relevant to this bookmark", + "items": { + "$ref": "#/definitions/Label" + }, + "type": "array" + }, + "notes": { + "description": "The notes of the bookmark", + "type": "string" + }, + "query": { + "description": "The query of the bookmark.", + "type": "string" + }, + "queryResult": { + "description": "The query result of the bookmark.", + "type": "string" + }, + "updated": { + "description": "The last time the bookmark was updated", + "format": "date-time", + "type": "string" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the bookmark", + "type": "object" + }, + "eventTime": { + "description": "The bookmark event time", + "format": "date-time", + "type": "string" + }, + "queryStartTime": { + "description": "The start time for the query", + "format": "date-time", + "type": "string" + }, + "queryEndTime": { + "description": "The end time for the query", + "format": "date-time", + "type": "string" + }, + "incidentInfo": { + "$ref": "#/definitions/IncidentInfo", + "description": "Describes an incident that relates to bookmark", + "type": "object" + } + }, + "required": [ + "displayName", + "query" + ], + "type": "object" + }, + "IncidentInfo": { + "description": "Describes related incident information for the bookmark", + "properties": { + "incidentId": { + "description": "Incident Id", + "type": "string" + }, + "severity": { + "description": "The severity of the incident", + "enum": [ + "Critical", + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "CaseSeverity", + "values": [ + { + "description": "Critical severity", + "value": "Critical" + }, + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "title": { + "description": "The title of the incident", + "type": "string" + }, + "relationName": { + "description": "Relation Name", + "type": "string" + } + }, + "type": "object" + }, + "Label": { + "description": "Label that will be used to tag and filter on.", + "type": "string" + }, + "UserInfo": { + "description": "User information that made some action", + "properties": { + "email": { + "description": "The email of the user.", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "The name of the user.", + "readOnly": true, + "type": "string" + }, + "objectId": { + "description": "The object id of the user.", + "format": "uuid", + "type": "string", + "x-nullable": true + } + }, + "required": [ + "objectId" + ], + "type": "object" + } + }, + "parameters": { + "Bookmark": { + "description": "The bookmark", + "in": "body", + "name": "bookmark", + "required": true, + "schema": { + "$ref": "#/definitions/Bookmark" + }, + "x-ms-parameter-location": "method" + }, + "BookmarkId": { + "description": "Bookmark ID", + "in": "path", + "name": "bookmarkId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json new file mode 100644 index 00000000..4bfbc702 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json @@ -0,0 +1,739 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2020-01-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors": { + "get": { + "x-ms-examples": { + "Get all data connectors.": { + "$ref": "./examples/dataConnectors/GetDataConnectors.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Gets all data connectors.", + "operationId": "DataConnectors_List", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/DataConnectorList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}": { + "get": { + "x-ms-examples": { + "Get an Office365 data connector.": { + "$ref": "./examples/dataConnectors/GetOfficeDataConnetorById.json" + }, + "Get a TI data connector.": { + "$ref": "./examples/dataConnectors/GetThreatIntelligenceById.json" + }, + "Get a MCAS data connector.": { + "$ref": "./examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json" + }, + "Get a ASC data connector.": { + "$ref": "./examples/dataConnectors/GetAzureSecurityCenterById.json" + }, + "Get an AAD data connector.": { + "$ref": "./examples/dataConnectors/GetAzureActiveDirectoryById.json" + }, + "Get an AwsCloudTrail data connector.": { + "$ref": "./examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json" + }, + "Get an AATP data connector.": { + "$ref": "./examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json" + }, + "Get a MDATP data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Gets a data connector.", + "operationId": "DataConnectors_Get", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an Office365 data connector.": { + "$ref": "./examples/dataConnectors/CreateOfficeDataConnetor.json" + }, + "Creates or updates an Threat Intelligence Platform data connector.": { + "$ref": "./examples/dataConnectors/CreateThreatIntelligenceDataConnector.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Creates or updates the data connector.", + "operationId": "DataConnectors_CreateOrUpdate", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + }, + { + "$ref": "#/parameters/DataConnector" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an Office365 data connector.": { + "$ref": "./examples/dataConnectors/DeleteOfficeDataConnetor.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Delete the data connector.", + "operationId": "DataConnectors_Delete", + "parameters": [ + { + "$ref": "SecurityInsights.json#/parameters/ApiVersion" + }, + { + "$ref": "SecurityInsights.json#/parameters/SubscriptionId" + }, + { + "$ref": "SecurityInsights.json#/parameters/ResourceGroupName" + }, + { + "$ref": "SecurityInsights.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "SecurityInsights.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "AADDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents AAD (Azure Active Directory) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AADDataConnectorProperties", + "description": "AAD (Azure Active Directory) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureActiveDirectory" + }, + "AADDataConnectorProperties": { + "description": "AAD (Azure Active Directory) data connector properties.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "type": "object" + }, + "AATPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents AATP (Azure Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AATPDataConnectorProperties", + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureAdvancedThreatProtection" + }, + "AATPDataConnectorProperties": { + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "type": "object" + }, + "ASCDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents ASC (Azure Security Center) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/ASCDataConnectorProperties", + "description": "ASC (Azure Security Center) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureSecurityCenter" + }, + "ASCDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "ASC (Azure Security Center) data connector properties.", + "properties": { + "subscriptionId": { + "description": "The subscription id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object" + }, + "AlertsDataTypeOfDataConnector": { + "description": "Alerts data type for data connectors.", + "properties": { + "alerts": { + "$ref": "#/definitions/DataConnectorDataTypeCommon", + "description": "Alerts data type connection.", + "type": "object" + } + }, + "type": "object" + }, + "AwsCloudTrailDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Amazon Web Services CloudTrail data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorProperties", + "description": "Amazon Web Services CloudTrail data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AmazonWebServicesCloudTrail" + }, + "AwsCloudTrailDataConnectorDataTypes": { + "description": "The available data types for Amazon Web Services CloudTrail data connector.", + "properties": { + "logs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Logs data type.", + "type": "object" + } + }, + "type": "object" + }, + "AwsCloudTrailDataConnectorProperties": { + "description": "Amazon Web Services CloudTrail data connector properties.", + "properties": { + "awsRoleArn": { + "description": "The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object" + }, + "DataConnector": { + "allOf": [ + { + "$ref": "SecurityInsights.json#/definitions/ResourceWithEtag" + } + ], + "description": "Data connector.", + "discriminator": "kind", + "required": [ + "kind" + ], + "properties": { + "kind": { + "$ref": "#/definitions/DataConnectorKind", + "description": "The data connector kind" + } + }, + "type": "object" + }, + "DataConnectorKind": { + "description": "The kind of the data connector", + "enum": [ + "AzureActiveDirectory", + "AzureSecurityCenter", + "MicrosoftCloudAppSecurity", + "ThreatIntelligence", + "Office365", + "AmazonWebServicesCloudTrail", + "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataConnectorKind", + "values": [ + { + "value": "AzureActiveDirectory" + }, + { + "value": "AzureSecurityCenter" + }, + { + "value": "MicrosoftCloudAppSecurity" + }, + { + "value": "ThreatIntelligence" + }, + { + "value": "Office365" + }, + { + "value": "AmazonWebServicesCloudTrail" + }, + { + "value": "AzureAdvancedThreatProtection" + }, + { + "value": "MicrosoftDefenderAdvancedThreatProtection" + } + ] + } + }, + "DataConnectorList": { + "description": "List all the data connectors.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of data connectors.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of data connectors.", + "items": { + "$ref": "#/definitions/DataConnector" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "DataConnectorDataTypeCommon": { + "description": "Common field for data type in data connectors.", + "properties": { + "state": { + "description": "Describe whether this data type connection is enabled or not.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataTypeState" + } + } + }, + "type": "object" + }, + "DataConnectorTenantId": { + "description": "Properties data connector on tenant level.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object" + }, + "DataConnectorWithAlertsProperties": { + "description": "Data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "type": "object" + }, + "MCASDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents MCAS (Microsoft Cloud App Security) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MCASDataConnectorProperties", + "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftCloudAppSecurity" + }, + "MCASDataConnectorDataTypes": { + "allOf": [ + { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector" + } + ], + "description": "The available data types for MCAS (Microsoft Cloud App Security) data connector.", + "properties": { + "alerts": { + "$ref": "#/definitions/DataConnectorDataTypeCommon", + "description": "Alerts data type connection." + }, + "discoveryLogs": { + "$ref": "#/definitions/DataConnectorDataTypeCommon", + "description": "Discovery log data type connection." + } + }, + "type": "object" + }, + "MCASDataConnectorProperties": { + "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/MCASDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object" + }, + "MDATPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MDATPDataConnectorProperties", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection" + }, + "MDATPDataConnectorProperties": { + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "type": "object" + }, + "TIDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents threat intelligence data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/TIDataConnectorProperties", + "description": "TI (Threat Intelligence) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "TIDataConnectorDataTypes": { + "description": "The available data types for TI (Threat Intelligence) data connector.", + "properties": { + "indicators": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Data type for indicators connection.", + "type": "object" + } + }, + "type": "object" + }, + "TIDataConnectorProperties": { + "description": "TI (Threat Intelligence) data connector properties.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + }, + "tipLookbackPeriod": { + "description": "The lookback period for the feed to be imported.", + "format": "date-time", + "type": "string", + "x-nullable": true + }, + "dataTypes": { + "$ref": "#/definitions/TIDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object" + }, + "OfficeDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents office data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeDataConnectorProperties", + "description": "Office data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Office365" + }, + "OfficeDataConnectorDataTypes": { + "description": "The available data types for office data connector.", + "properties": { + "exchange": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Exchange data type connection.", + "type": "object" + }, + "sharePoint": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "SharePoint data type connection.", + "type": "object" + }, + "teams": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Teams data type connection.", + "type": "object" + } + }, + "type": "object" + }, + "OfficeDataConnectorProperties": { + "description": "Office data connector properties.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/OfficeDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object" + } + }, + "parameters": { + "DataConnector": { + "description": "The data connector", + "in": "body", + "name": "dataConnector", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnector" + }, + "x-ms-parameter-location": "method" + }, + "DataConnectorId": { + "description": "Connector ID", + "in": "path", + "name": "dataConnectorId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json new file mode 100644 index 00000000..1bb0b3df --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json @@ -0,0 +1,1430 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2020-01-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/providers/Microsoft.SecurityInsights/operations": { + "get": { + "operationId": "Operations_List", + "description": "Lists all operations available Azure Security Insights Resource Provider.", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + } + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "OK. Successfully retrieved operations list.", + "schema": { + "$ref": "#/definitions/OperationsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents": { + "get": { + "x-ms-examples": { + "Get all incidents.": { + "$ref": "./examples/incidents/GetIncidents.json" + } + }, + "tags": [ + "Incidents" + ], + "description": "Gets all incidents.", + "operationId": "Incidents_List", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ODataFilter" + }, + { + "$ref": "#/parameters/ODataOrderBy" + }, + { + "$ref": "#/parameters/ODataTop" + }, + { + "$ref": "#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/IncidentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}": { + "get": { + "x-ms-examples": { + "Get an incident.": { + "$ref": "./examples/incidents/GetIncidentById.json" + } + }, + "tags": [ + "Incidents" + ], + "description": "Gets an incident.", + "operationId": "Incidents_Get", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an incident.": { + "$ref": "./examples/incidents/CreateIncident.json" + } + }, + "tags": [ + "Incidents" + ], + "description": "Creates or updates the incident.", + "operationId": "Incidents_CreateOrUpdate", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/Incident" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an incident.": { + "$ref": "./examples/incidents/DeleteIncident.json" + } + }, + "tags": [ + "Incidents" + ], + "description": "Delete the incident.", + "operationId": "Incidents_Delete", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments": { + "get": { + "x-ms-examples": { + "Get all incident comments.": { + "$ref": "./examples/incidents/comments/GetAllIncidentComments.json" + } + }, + "tags": [ + "IncidentComments" + ], + "description": "Gets all incident comments.", + "operationId": "IncidentComments_ListByIncident", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/ODataFilter" + }, + { + "$ref": "#/parameters/ODataOrderBy" + }, + { + "$ref": "#/parameters/ODataTop" + }, + { + "$ref": "#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/IncidentCommentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-odata": "#/definitions/IncidentComment", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}": { + "get": { + "x-ms-examples": { + "Get an incident comment.": { + "$ref": "./examples/incidents/comments/GetIncidentCommentById.json" + } + }, + "tags": [ + "IncidentComments" + ], + "description": "Gets an incident comment.", + "operationId": "IncidentComments_Get", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates an incident comment.": { + "$ref": "./examples/incidents/comments/CreateIncidentComment.json" + } + }, + "tags": [ + "IncidentComments" + ], + "description": "Creates the incident comment.", + "operationId": "IncidentComments_CreateComment", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + }, + { + "$ref": "#/parameters/IncidentComment" + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "AttackTactic": { + "description": "The severity for alerts created by this alert rule.", + "enum": [ + "InitialAccess", + "Execution", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AttackTactic" + } + }, + "ClientInfo": { + "description": "Information on the client (user or application) that made some action", + "properties": { + "email": { + "description": "The email of the client.", + "type": "string" + }, + "name": { + "description": "The name of the client.", + "type": "string" + }, + "objectId": { + "description": "The object id of the client.", + "format": "uuid", + "type": "string" + }, + "userPrincipalName": { + "description": "The user principal name of the client.", + "type": "string" + } + }, + "type": "object" + }, + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse", + "description": "The error object of the CloudError response" + } + }, + "type": "object", + "description": "An error response for a resource management request." + }, + "Incident": { + "allOf": [ + { + "$ref": "#/definitions/ResourceWithEtag" + } + ], + "description": "Represents an incident in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/IncidentProperties", + "description": "Incident properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "IncidentAdditionalData": { + "description": "Incident additional data property bag.", + "properties": { + "alertsCount": { + "description": "The number of alerts in the incident", + "format": "int32", + "readOnly": true, + "type": "integer" + }, + "bookmarksCount": { + "description": "The number of bookmarks in the incident", + "format": "int32", + "readOnly": true, + "type": "integer" + }, + "commentsCount": { + "description": "The number of comments in the incident", + "format": "int32", + "readOnly": true, + "type": "integer" + }, + "alertProductNames": { + "description": "List of product names of alerts in the incident", + "items": { + "description": "Alert product name", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "tactics": { + "description": "The tactics associated with incident", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "IncidentComment": { + "allOf": [ + { + "$ref": "#/definitions/Resource" + } + ], + "description": "Represents an incident comment", + "properties": { + "properties": { + "$ref": "#/definitions/IncidentCommentProperties", + "description": "Incident comment properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "IncidentCommentList": { + "description": "List of incident comments.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of comments.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of comments.", + "items": { + "$ref": "#/definitions/IncidentComment" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "IncidentCommentProperties": { + "description": "Incident comment property bag.", + "properties": { + "createdTimeUtc": { + "description": "The time the comment was created", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "message": { + "description": "The comment message", + "type": "string" + }, + "author": { + "$ref": "#/definitions/ClientInfo", + "description": "Describes the client that created the comment", + "readOnly": true, + "type": "object" + } + }, + "required": [ + "message" + ], + "type": "object" + }, + "IncidentLabel": { + "description": "Represents an incident label", + "properties": { + "labelName": { + "description": "The name of the label", + "type": "string" + }, + "labelType": { + "description": "The type of the label", + "enum": [ + "User", + "System" + ], + "type": "string", + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentLabelType", + "values": [ + { + "description": "Label manually created by a user", + "value": "User" + }, + { + "description": "Label automatically created by the system", + "value": "System" + } + ] + } + } + }, + "required": [ + "labelName" + ], + "type": "object" + }, + "IncidentList": { + "description": "List all the incidents.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of incidents.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of incidents.", + "items": { + "$ref": "#/definitions/Incident" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "IncidentOwnerInfo": { + "description": "Information on the user an incident is assigned to", + "properties": { + "email": { + "description": "The email of the user the incident is assigned to.", + "type": "string" + }, + "assignedTo": { + "description": "The name of the user the incident is assigned to.", + "type": "string" + }, + "objectId": { + "description": "The object id of the user the incident is assigned to.", + "format": "uuid", + "type": "string" + }, + "userPrincipalName": { + "description": "The user principal name of the user the incident is assigned to.", + "type": "string" + } + }, + "type": "object" + }, + "IncidentProperties": { + "description": "Describes incident properties", + "properties": { + "additionalData": { + "$ref": "#/definitions/IncidentAdditionalData", + "description": "Additional data on the incident", + "readOnly": true, + "type": "object" + }, + "classification": { + "description": "The reason the incident was closed", + "enum": [ + "Undetermined", + "TruePositive", + "BenignPositive", + "FalsePositive" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentClassification", + "values": [ + { + "description": "Incident classification was undetermined", + "value": "Undetermined" + }, + { + "description": "Incident was true positive", + "value": "TruePositive" + }, + { + "description": "Incident was benign positive", + "value": "BenignPositive" + }, + { + "description": "Incident was false positive", + "value": "FalsePositive" + } + ] + } + }, + "classificationComment": { + "description": "Describes the reason the incident was closed", + "type": "string" + }, + "classificationReason": { + "description": "The classification reason the incident was closed with", + "enum": [ + "SuspiciousActivity", + "SuspiciousButExpected", + "IncorrectAlertLogic", + "InaccurateData" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentClassificationReason", + "values": [ + { + "description": "Classification reason was suspicious activity", + "value": "SuspiciousActivity" + }, + { + "description": "Classification reason was suspicious but expected", + "value": "SuspiciousButExpected" + }, + { + "description": "Classification reason was incorrect alert logic", + "value": "IncorrectAlertLogic" + }, + { + "description": "Classification reason was inaccurate data", + "value": "InaccurateData" + } + ] + } + }, + "createdTimeUtc": { + "description": "The time the incident was created", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the incident", + "type": "string" + }, + "firstActivityTimeUtc": { + "description": "The time of the first activity in the incident", + "format": "date-time", + "type": "string" + }, + "incidentUrl": { + "description": "The deep-link url to the incident in Azure portal", + "readOnly": true, + "type": "string" + }, + "incidentNumber": { + "description": "A sequential number", + "format": "int32", + "readOnly": true, + "type": "integer" + }, + "labels": { + "description": "List of labels relevant to this incident", + "items": { + "$ref": "#/definitions/IncidentLabel" + }, + "type": "array" + }, + "lastActivityTimeUtc": { + "description": "The time of the last activity in the incident", + "format": "date-time", + "type": "string" + }, + "lastModifiedTimeUtc": { + "description": "The last time the incident was updated", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "owner": { + "$ref": "#/definitions/IncidentOwnerInfo", + "description": "Describes a user that the incident is assigned to", + "type": "object" + }, + "relatedAnalyticRuleIds": { + "description": "List of resource ids of Analytic rules related to the incident", + "items": { + "description": "Related Analytic rule resource id", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "severity": { + "description": "The severity of the incident", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentSeverity", + "values": [ + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "status": { + "description": "The status of the incident", + "enum": [ + "New", + "Active", + "Closed" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentStatus", + "values": [ + { + "description": "An active incident which isn't being handled currently", + "value": "New" + }, + { + "description": "An active incident which is being handled", + "value": "Active" + }, + { + "description": "A non-active incident", + "value": "Closed" + } + ] + } + }, + "title": { + "description": "The title of the incident", + "type": "string" + } + }, + "required": [ + "title", + "severity", + "status" + ], + "type": "object" + }, + "OfficeConsent": { + "allOf": [ + { + "$ref": "#/definitions/Resource" + } + ], + "description": "Consent for Office365 tenant that already made.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeConsentProperties", + "description": "Office consent properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "OfficeConsentList": { + "description": "List of all the office365 consents.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of office consents.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of the consents.", + "items": { + "$ref": "#/definitions/OfficeConsent" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "OfficeConsentProperties": { + "description": "Consent property bag.", + "properties": { + "tenantId": { + "description": "The tenantId of the Office365 with the consent.", + "type": "string" + }, + "tenantName": { + "description": "The tenant name of the Office365 with the consent.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "Operation": { + "description": "Operation provided by provider", + "properties": { + "display": { + "description": "Properties of the operation", + "properties": { + "description": { + "description": "Description of the operation", + "type": "string" + }, + "operation": { + "description": "Operation name", + "type": "string" + }, + "provider": { + "description": "Provider name", + "type": "string" + }, + "resource": { + "description": "Resource name", + "type": "string" + } + }, + "type": "object" + }, + "name": { + "description": "Name of the operation", + "type": "string" + }, + "origin": { + "description": "The origin of the operation", + "type": "string" + } + }, + "type": "object" + }, + "OperationsList": { + "description": "Lists the operations available in the SecurityInsights RP.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of operations.", + "type": "string" + }, + "value": { + "description": "Array of operations", + "items": { + "$ref": "#/definitions/Operation" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "Resource": { + "description": "An azure resource object", + "properties": { + "id": { + "description": "Azure resource Id", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "Azure resource name", + "readOnly": true, + "type": "string" + }, + "type": { + "description": "Azure resource type", + "readOnly": true, + "type": "string" + } + }, + "type": "object", + "x-ms-azure-resource": true + }, + "ResourceWithEtag": { + "description": "An azure resource object with an Etag property", + "properties": { + "id": { + "description": "Azure resource Id", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "Azure resource name", + "readOnly": true, + "type": "string" + }, + "type": { + "description": "Azure resource type", + "readOnly": true, + "type": "string" + }, + "etag": { + "description": "Etag of the azure resource", + "type": "string" + } + }, + "type": "object", + "x-ms-azure-resource": true + }, + "Settings": { + "allOf": [ + { + "$ref": "#/definitions/ResourceWithEtag" + } + ], + "description": "The Settings.", + "discriminator": "kind", + "required": [ + "kind" + ], + "properties": { + "kind": { + "$ref": "#/definitions/SettingsKind", + "description": "The data connector kind" + } + }, + "type": "object" + }, + "SettingsKind": { + "description": "The kind of the setting", + "enum": [ + "UebaSettings", + "ToggleSettings" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "SettingKind" + } + }, + "ThreatIntelligence": { + "description": "ThreatIntelligence property bag.", + "properties": { + "confidence": { + "description": "Confidence (must be between 0 and 1)", + "format": "double", + "readOnly": true, + "type": "number" + }, + "providerName": { + "description": "Name of the provider from whom this Threat Intelligence information was received", + "readOnly": true, + "type": "string" + }, + "reportLink": { + "description": "Report link", + "readOnly": true, + "type": "string" + }, + "threatDescription": { + "description": "Threat description (free text)", + "readOnly": true, + "type": "string" + }, + "threatName": { + "description": "Threat name (e.g. \"Jedobot malware\")", + "readOnly": true, + "type": "string" + }, + "threatType": { + "description": "Threat type (e.g. \"Botnet\")", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "ToggleSettings": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/ToggleSettingsProperties", + "description": "toggle properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ToggleSettings" + }, + "ToggleSettingsProperties": { + "description": "toggle property bag.", + "properties": { + "isEnabled": { + "description": "Determines whether the setting is enable or disabled.", + "type": "boolean" + } + }, + "type": "object" + }, + "UebaSettings": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Represents settings for User and Entity Behavior Analytics enablement.", + "properties": { + "properties": { + "$ref": "#/definitions/UebaSettingsProperties", + "description": "User and Entity Behavior Analytics settings properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "UebaSettings" + }, + "UebaSettingsProperties": { + "description": "User and Entity Behavior Analytics settings property bag.", + "properties": { + "atpLicenseStatus": { + "description": "Determines whether the tenant has ATP (Advanced Threat Protection) license.", + "enum": [ + "Enabled", + "Disabled" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "LicenseStatus" + } + }, + "isEnabled": { + "description": "Determines whether User and Entity Behavior Analytics is enabled for this workspace.", + "type": "boolean" + }, + "statusInMcas": { + "description": "Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App Security).", + "enum": [ + "Enabled", + "Disabled" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "StatusInMcas" + } + } + }, + "type": "object" + }, + "UserInfo": { + "description": "User information that made some action", + "properties": { + "email": { + "description": "The email of the user.", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "The name of the user.", + "readOnly": true, + "type": "string" + }, + "objectId": { + "description": "The object id of the user.", + "format": "uuid", + "type": "string", + "x-nullable": true + } + }, + "required": [ + "objectId" + ], + "type": "object" + }, + "IncidentInfo": { + "description": "Describes related incident information for the bookmark", + "properties": { + "incidentId": { + "description": "Incident Id", + "type": "string" + }, + "severity": { + "description": "The severity of the incident", + "enum": [ + "Critical", + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "CaseSeverity", + "values": [ + { + "description": "Critical severity", + "value": "Critical" + }, + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "title": { + "description": "The title of the incident", + "type": "string" + }, + "relationName": { + "description": "Relation Name", + "type": "string" + } + }, + "type": "object" + } + }, + "parameters": { + "AggregationsName": { + "description": "The aggregation name. Supports - Cases", + "in": "path", + "name": "aggregationsName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ApiVersion": { + "description": "API version for the operation", + "enum": [ + "2020-01-01" + ], + "in": "query", + "name": "api-version", + "required": true, + "type": "string" + }, + "ConsentId": { + "description": "consent ID", + "in": "path", + "name": "consentId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "EntityId": { + "description": "entity ID", + "in": "path", + "name": "entityId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "EntityQueryId": { + "description": "entity query ID", + "in": "path", + "name": "entityQueryId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "Incident": { + "description": "The incident", + "in": "body", + "name": "incident", + "required": true, + "schema": { + "$ref": "#/definitions/Incident" + }, + "x-ms-parameter-location": "method" + }, + "IncidentComment": { + "description": "The incident comment", + "in": "body", + "name": "incidentComment", + "required": true, + "schema": { + "$ref": "#/definitions/IncidentComment" + }, + "x-ms-parameter-location": "method" + }, + "IncidentCommentId": { + "description": "Incident comment ID", + "in": "path", + "name": "incidentCommentId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "IncidentId": { + "description": "Incident ID", + "in": "path", + "name": "incidentId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ODataFilter": { + "description": "Filters the results, based on a Boolean condition. Optional.", + "in": "query", + "name": "$filter", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ODataOrderBy": { + "description": "Sorts the results. Optional.", + "in": "query", + "name": "$orderby", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ODataSkipToken": { + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "in": "query", + "name": "$skipToken", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ODataTop": { + "description": "Returns only the first n results. Optional.", + "format": "int32", + "in": "query", + "name": "$top", + "required": false, + "type": "integer", + "x-ms-parameter-location": "method" + }, + "ResourceGroupName": { + "description": "The name of the resource group within the user's subscription. The name is case insensitive.", + "in": "path", + "maxLength": 90, + "minLength": 1, + "name": "resourceGroupName", + "pattern": "^[-\\w\\._\\(\\)]+$", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "Settings": { + "description": "The setting", + "in": "body", + "name": "settings", + "required": true, + "schema": { + "$ref": "#/definitions/Settings" + }, + "x-ms-parameter-location": "method" + }, + "SettingsName": { + "description": "The setting name. Supports- Fusion, UEBA", + "in": "path", + "name": "settingsName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SubscriptionId": { + "description": "Azure subscription ID", + "in": "path", + "name": "subscriptionId", + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", + "required": true, + "type": "string" + }, + "WorkspaceName": { + "description": "The name of the workspace.", + "in": "path", + "maxLength": 90, + "minLength": 1, + "name": "workspaceName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/CreateActionOfAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/CreateActionOfAlertRule.json new file mode 100644 index 00000000..80172712 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/CreateActionOfAlertRule.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "action": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "triggerUri": "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/DeleteActionOfAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/DeleteActionOfAlertRule.json new file mode 100644 index 00000000..9b2972bf --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/DeleteActionOfAlertRule.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/GetActionOfAlertRuleById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/GetActionOfAlertRuleById.json new file mode 100644 index 00000000..065f9e92 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/GetActionOfAlertRuleById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/GetAllActionsByAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/GetAllActionsByAlertRule.json new file mode 100644 index 00000000..d0292df5 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/GetAllActionsByAlertRule.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRuleTemplates/GetAlertRuleTemplateById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRuleTemplates/GetAlertRuleTemplateById.json new file mode 100644 index 00000000..4dbca192 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRuleTemplates/GetAlertRuleTemplateById.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "alertRuleTemplateId": "65360bb0-8986-4ade-a89d-af3cf44d28aa" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Scheduled", + "properties": { + "severity": "Low", + "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", + "queryFrequency": "P1D", + "queryPeriod": "P1D", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "displayName": "Changes to Amazon VPC settings", + "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", + "tactics": [ + "PrivilegeEscalation", + "LateralMovement" + ], + "createdDateUTC": "2019-02-27T00:00:00Z", + "status": "Available", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "alertRulesCreatedByTemplateCount": 0 + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRuleTemplates/GetAlertRuleTemplates.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRuleTemplates/GetAlertRuleTemplates.json new file mode 100644 index 00000000..df498bf5 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRuleTemplates/GetAlertRuleTemplates.json @@ -0,0 +1,82 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Scheduled", + "properties": { + "severity": "Low", + "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", + "queryFrequency": "P1D", + "queryPeriod": "P1D", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "displayName": "Changes to Amazon VPC settings", + "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", + "tactics": [ + "PrivilegeEscalation", + "LateralMovement" + ], + "createdDateUTC": "2019-02-27T00:00:00Z", + "status": "Available", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "alertRulesCreatedByTemplateCount": 0 + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/f71aba3d-28fb-450b-b192-4e76a83015c8", + "name": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Place holder: Fusion uses graph powered machine learning algorithms to correlate between millions of lower fidelity anomalous activities from different products such as Azure AD Identity Protection, and Microsoft Cloud App Security, to combine them into a manageable number of interesting security cases.\n", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "createdDateUTC": "2019-07-25T00:00:00Z", + "status": "Available", + "severity": "High", + "alertRulesCreatedByTemplateCount": 0 + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/b3cfc7c0-092c-481c-a55b-34a3979758cb", + "name": "b3cfc7c0-092c-481c-a55b-34a3979758cb", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "displayName": "Create incidents based on Microsoft Cloud App Security alerts", + "description": "Create incidents based on all alerts generated in Microsoft Cloud App Security", + "createdDateUTC": "2019-07-16T00:00:00Z", + "status": "Available", + "alertRulesCreatedByTemplateCount": 0 + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateFusionAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateFusionAlertRule.json new file mode 100644 index 00000000..6bcf080c --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateFusionAlertRule.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "myFirstFusionRule", + "alertRule": { + "kind": "Fusion", + "etag": "3d00c3ca-0000-0100-0000-5d42d5010000", + "properties": { + "enabled": true, + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json new file mode 100644 index 00000000..a3014434 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "microsoftSecurityIncidentCreationRuleExample", + "alertRule": { + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "displayName": "testing displayname", + "enabled": true + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateScheduledAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateScheduledAlertRule.json new file mode 100644 index 00000000..d00bc205 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateScheduledAlertRule.json @@ -0,0 +1,89 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "alertRule": { + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2019-01-01T13:15:30Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2019-01-01T13:15:30Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/DeleteAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/DeleteAlertRule.json new file mode 100644 index 00000000..e9aed01e --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/DeleteAlertRule.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetAllAlertRules.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetAllAlertRules.json new file mode 100644 index 00000000..4ee69180 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetAllAlertRules.json @@ -0,0 +1,81 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2019-01-01T13:15:30Z" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"25005c11-0000-0d00-0000-5d6cc0e20000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "severity": "High", + "enabled": false, + "lastModifiedUtc": "2019-09-02T07:12:34.9065092Z" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetFusionAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetFusionAlertRule.json new file mode 100644 index 00000000..c0406f4f --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetFusionAlertRule.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "myFirstFusionRule" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Persistence", + "LateralMovement", + "Exfiltration", + "CommandAndControl" + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json new file mode 100644 index 00000000..fa0aed9b --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "microsoftSecurityIncidentCreationRuleExample" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetScheduledAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetScheduledAlertRule.json new file mode 100644 index 00000000..f2012877 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetScheduledAlertRule.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2019-01-01T13:15:30Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/CreateBookmark.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/CreateBookmark.json new file mode 100644 index 00000000..42dc461a --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/CreateBookmark.json @@ -0,0 +1,93 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "bookmark": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "updated": "2019-01-01T13:15:30Z", + "created": "2019-01-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2019-01-01T13:15:30Z", + "created": "2019-01-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2019-01-01T13:15:30Z", + "created": "2019-01-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/DeleteBookmark.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/DeleteBookmark.json new file mode 100644 index 00000000..f8357a11 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/DeleteBookmark.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/GetBookmarkById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/GetBookmarkById.json new file mode 100644 index 00000000..d38d2d2e --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/GetBookmarkById.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2019-01-01T13:15:30Z", + "created": "2019-01-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "incidentInfo": { + "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", + "severity": "Low", + "title": "New case 1", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018" + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/GetBookmarks.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/GetBookmarks.json new file mode 100644 index 00000000..78612f89 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/GetBookmarks.json @@ -0,0 +1,51 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2019-01-01T13:15:30Z", + "created": "2019-01-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "incidentInfo": { + "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", + "severity": "Low", + "title": "New case 1", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018" + } + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/CreateOfficeDataConnetor.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/CreateOfficeDataConnetor.json new file mode 100644 index 00000000..51d132bc --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/CreateOfficeDataConnetor.json @@ -0,0 +1,76 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json new file mode 100644 index 00000000..200254b1 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "ThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/DeleteOfficeDataConnetor.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/DeleteOfficeDataConnetor.json new file mode 100644 index 00000000..e279bf43 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/DeleteOfficeDataConnetor.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json new file mode 100644 index 00000000..fdcae392 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureActiveDirectoryById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureActiveDirectoryById.json new file mode 100644 index 00000000..ceab1826 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureActiveDirectoryById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureActiveDirectory", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json new file mode 100644 index 00000000..08991fc9 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "07e42cb3-e658-4e90-801c-efa0f29d3d44" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureSecurityCenterById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureSecurityCenterById.json new file mode 100644 index 00000000..6fba0c43 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureSecurityCenterById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureSecurityCenter", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetDataConnectors.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetDataConnectors.json new file mode 100644 index 00000000..0f46da36 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetDataConnectors.json @@ -0,0 +1,143 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureSecurityCenter", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureActiveDirectory", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftCloudAppSecurity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json new file mode 100644 index 00000000..8dab3597 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "b96d014d-b5c2-4a01-9aba-a8058f629d42" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftCloudAppSecurity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json new file mode 100644 index 00000000..57d265c3 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetOfficeDataConnetorById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetOfficeDataConnetorById.json new file mode 100644 index 00000000..a696c737 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetOfficeDataConnetorById.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetThreatIntelligenceById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetThreatIntelligenceById.json new file mode 100644 index 00000000..2fd7052c --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetThreatIntelligenceById.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/CreateIncident.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/CreateIncident.json new file mode 100644 index 00000000..3225ca91 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/CreateIncident.json @@ -0,0 +1,104 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incident": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "relatedAnalyticRuleIds": [], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [] + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "relatedAnalyticRuleIds": [], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [] + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/DeleteIncident.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/DeleteIncident.json new file mode 100644 index 00000000..48c85f20 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/DeleteIncident.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/GetIncidentById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/GetIncidentById.json new file mode 100644 index 00000000..b3b72c83 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/GetIncidentById.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "InaccurateData", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "InitialAccess", + "Persistence" + ] + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/GetIncidents.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/GetIncidents.json new file mode 100644 index 00000000..17cb6293 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/GetIncidents.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "$orderby": "properties/createdTimeUtc desc", + "$top": 1 + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "Persistence" + ] + } + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/CreateIncidentComment.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/CreateIncidentComment.json new file mode 100644 index 00000000..c5bf2a22 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/CreateIncidentComment.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "incidentComment": { + "properties": { + "message": "Some message" + } + } + }, + "responses": { + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/GetAllIncidentComments.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/GetAllIncidentComments.json new file mode 100644 index 00000000..25780703 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/GetAllIncidentComments.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + } + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/GetIncidentCommentById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/GetIncidentCommentById.json new file mode 100644 index 00000000..6ff96b83 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/GetIncidentCommentById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/alertRules.yaml b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/alertRules.yaml new file mode 100644 index 00000000..8824ecea --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/alertRules.yaml @@ -0,0 +1,27 @@ +scope: ResourceGroup +testScenarios: + - description: >- + Microsoft.SecurityInsights/alertRules Creates or updates a Scheduled alert + rule. + steps: + - step: Creates or updates a Scheduled alert rule. + exampleFile: ../examples/alertRules/CreateScheduledAlertRule.json + - step: Delete an alert rule. + exampleFile: ../examples/alertRules/DeleteAlertRule.json + - description: >- + Microsoft.SecurityInsights/alertRules Creates or updates a Fusion alert + rule. + steps: + - step: Creates or updates a Fusion alert rule. + exampleFile: ../examples/alertRules/CreateFusionAlertRule.json + - step: Delete an alert rule. + exampleFile: ../examples/alertRules/DeleteAlertRule.json + - description: >- + Microsoft.SecurityInsights/alertRules Creates or updates a + MicrosoftSecurityIncidentCreation rule. + steps: + - step: Creates or updates a MicrosoftSecurityIncidentCreation rule. + exampleFile: >- + ../examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json + - step: Delete an alert rule. + exampleFile: ../examples/alertRules/DeleteAlertRule.json diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/bookmarks.yaml b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/bookmarks.yaml new file mode 100644 index 00000000..01ebef85 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/bookmarks.yaml @@ -0,0 +1,8 @@ +scope: ResourceGroup +testScenarios: + - description: Microsoft.SecurityInsights/bookmarks Creates or updates a bookmark. + steps: + - step: Creates or updates a bookmark. + exampleFile: ../examples/bookmarks/CreateBookmark.json + - step: Delete a bookmark. + exampleFile: ../examples/bookmarks/DeleteBookmark.json diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/dataConnectors.yaml b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/dataConnectors.yaml new file mode 100644 index 00000000..14213d34 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/dataConnectors.yaml @@ -0,0 +1,18 @@ +scope: ResourceGroup +testScenarios: + - description: >- + Microsoft.SecurityInsights/dataConnectors Creates or updates an Office365 + data connector. + steps: + - step: Creates or updates an Office365 data connector. + exampleFile: ../examples/dataConnectors/CreateOfficeDataConnetor.json + - step: Delete an Office365 data connector. + exampleFile: ../examples/dataConnectors/DeleteOfficeDataConnetor.json + - description: >- + Microsoft.SecurityInsights/dataConnectors Creates or updates an Threat + Intelligence Platform data connector. + steps: + - step: Creates or updates an Threat Intelligence Platform data connector. + exampleFile: ../examples/dataConnectors/CreateThreatIntelligenceDataConnector.json + - step: Delete an Office365 data connector. + exampleFile: ../examples/dataConnectors/DeleteOfficeDataConnetor.json diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/incidents.yaml b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/incidents.yaml new file mode 100644 index 00000000..af4dfea4 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/incidents.yaml @@ -0,0 +1,8 @@ +scope: ResourceGroup +testScenarios: + - description: Microsoft.SecurityInsights/incidents Creates or updates an incident. + steps: + - step: Creates or updates an incident. + exampleFile: ../examples/incidents/CreateIncident.json + - step: Delete an incident. + exampleFile: ../examples/incidents/DeleteIncident.json diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/Incidents.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/Incidents.json new file mode 100644 index 00000000..26908cd9 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/Incidents.json @@ -0,0 +1,3820 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2021-04-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents": { + "get": { + "x-ms-examples": { + "Get all incidents.": { + "$ref": "./examples/incidents/GetIncidents.json" + } + }, + "tags": [ + "Incidents" + ], + "description": "Gets all incidents.", + "operationId": "Incidents_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/IncidentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}": { + "get": { + "x-ms-examples": { + "Get an incident.": { + "$ref": "./examples/incidents/GetIncidentById.json" + } + }, + "tags": [ + "Incidents" + ], + "description": "Gets a given incident.", + "operationId": "Incidents_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an incident.": { + "$ref": "./examples/incidents/CreateIncident.json" + } + }, + "tags": [ + "Incidents" + ], + "description": "Creates or updates an incident.", + "operationId": "Incidents_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/Incident" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an incident.": { + "$ref": "./examples/incidents/DeleteIncident.json" + } + }, + "tags": [ + "Incidents" + ], + "description": "Deletes a given incident.", + "operationId": "Incidents_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts": { + "post": { + "x-ms-examples": { + "Get all incident alerts.": { + "$ref": "./examples/incidents/GetAllIncidentAlerts.json" + } + }, + "tags": [ + "IncidentAlerts" + ], + "description": "Gets all alerts for an incident.", + "operationId": "Incidents_ListOfAlerts", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentAlertList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks": { + "post": { + "x-ms-examples": { + "Get all incident bookmarks.": { + "$ref": "./examples/incidents/GetAllIncidentBookmarks.json" + } + }, + "tags": [ + "IncidentBookmarks" + ], + "description": "Gets all bookmarks for an incident.", + "operationId": "Incidents_ListOfBookmarks", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentBookmarkList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments": { + "get": { + "x-ms-examples": { + "Get all incident comments.": { + "$ref": "./examples/incidents/comments/GetAllIncidentComments.json" + } + }, + "tags": [ + "IncidentComments" + ], + "description": "Gets all comments for a given incident.", + "operationId": "IncidentComments_ListByIncident", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/IncidentCommentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-odata": "#/definitions/IncidentComment", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}": { + "get": { + "x-ms-examples": { + "Get an incident comment.": { + "$ref": "./examples/incidents/comments/GetIncidentCommentById.json" + } + }, + "tags": [ + "IncidentComments" + ], + "description": "Gets a comment for a given incident.", + "operationId": "IncidentComments_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an incident comment.": { + "$ref": "./examples/incidents/comments/CreateIncidentComment.json" + } + }, + "tags": [ + "IncidentComments" + ], + "description": "Creates or updates a comment for a given incident.", + "operationId": "IncidentComments_CreateComment", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + }, + { + "$ref": "#/parameters/IncidentComment" + } + ], + "responses": { + "200": { + "description": "Updated", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete the incident comment.": { + "$ref": "./examples/incidents/comments/DeleteIncidentComment.json" + } + }, + "tags": [ + "IncidentComments" + ], + "description": "Deletes a comment for a given incident.", + "operationId": "IncidentComments_DeleteComment", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities": { + "post": { + "x-ms-examples": { + "Gets all incident related entities": { + "$ref": "./examples/incidents/GetAllIncidentEntities.json" + } + }, + "tags": [ + "IncidentEntities" + ], + "description": "Gets all entities for an incident.", + "operationId": "Incidents_ListOfEntities", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentEntitiesResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations": { + "get": { + "x-ms-examples": { + "Get all incident relations.": { + "$ref": "./examples/incidents/relations/GetAllIncidentRelations.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Gets all relations for a given incident.", + "operationId": "IncidentRelations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/RelationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-odata": "#/definitions/Relation", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}": { + "get": { + "x-ms-examples": { + "Get an incident relation.": { + "$ref": "./examples/incidents/relations/GetIncidentRelationByName.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Gets a relation for a given incident.", + "operationId": "IncidentRelations_GetRelation", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an incident relation.": { + "$ref": "./examples/incidents/relations/CreateIncidentRelation.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Creates or updates a relation for a given incident.", + "operationId": "IncidentRelations_CreateOrUpdateRelation", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/RelationName" + }, + { + "$ref": "#/parameters/Relation" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Relation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete the incident relation.": { + "$ref": "./examples/incidents/relations/DeleteIncidentRelation.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Deletes a relation for a given incident.", + "operationId": "IncidentRelations_DeleteRelation", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "AccountEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an account entity.", + "properties": { + "properties": { + "$ref": "#/definitions/AccountEntityProperties", + "description": "Account entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Account" + }, + "AccountEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Account entity property bag.", + "properties": { + "aadTenantId": { + "description": "The Azure Active Directory tenant id.", + "readOnly": true, + "type": "string" + }, + "aadUserId": { + "description": "The Azure Active Directory user id.", + "readOnly": true, + "type": "string" + }, + "accountName": { + "description": "The name of the account. This field should hold only the name without any domain added to it, i.e. administrator.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name of the account.", + "readOnly": true, + "type": "string" + }, + "hostEntityId": { + "description": "The Host entity id that contains the account in case it is a local account (not domain joined)", + "readOnly": true, + "type": "string" + }, + "isDomainJoined": { + "description": "Determines whether this is a domain account.", + "readOnly": true, + "type": "boolean" + }, + "ntDomain": { + "description": "The NetBIOS domain name as it appears in the alert format – domain\\username. Examples: NT AUTHORITY.", + "readOnly": true, + "type": "string" + }, + "objectGuid": { + "description": "The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory.", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "puid": { + "description": "The Azure Active Directory Passport User ID.", + "readOnly": true, + "type": "string" + }, + "sid": { + "description": "The account security identifier, e.g. S-1-5-18.", + "readOnly": true, + "type": "string" + }, + "upnSuffix": { + "description": "The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com.", + "readOnly": true, + "type": "string" + }, + "dnsDomain": { + "description": "The fully qualified domain DNS name.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "AlertSeverity": { + "description": "The severity of the alert", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertSeverity", + "values": [ + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "AttackTactic": { + "description": "The severity for alerts created by this alert rule.", + "enum": [ + "InitialAccess", + "Execution", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AttackTactic" + } + }, + "AzureResourceEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an azure resource entity.", + "properties": { + "properties": { + "$ref": "#/definitions/AzureResourceEntityProperties", + "description": "AzureResource entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureResource" + }, + "AzureResourceEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "AzureResource entity property bag.", + "properties": { + "resourceId": { + "description": "The azure resource id of the resource", + "readOnly": true, + "type": "string" + }, + "subscriptionId": { + "description": "The subscription id of the resource", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "ClientInfo": { + "description": "Information on the client (user or application) that made some action", + "properties": { + "email": { + "description": "The email of the client.", + "type": "string" + }, + "name": { + "description": "The name of the client.", + "type": "string" + }, + "objectId": { + "description": "The object id of the client.", + "format": "uuid", + "type": "string" + }, + "userPrincipalName": { + "description": "The user principal name of the client.", + "type": "string" + } + }, + "type": "object" + }, + "CloudApplicationEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a cloud application entity.", + "properties": { + "properties": { + "$ref": "#/definitions/CloudApplicationEntityProperties", + "description": "CloudApplication entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "CloudApplication" + }, + "CloudApplicationEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "CloudApplication entity property bag.", + "properties": { + "appId": { + "description": "The technical identifier of the application.", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "appName": { + "description": "The name of the related cloud application.", + "readOnly": true, + "type": "string" + }, + "instanceName": { + "description": "The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse", + "description": "The error object of the CloudError response" + } + }, + "type": "object", + "description": "An error response for a resource management request." + }, + "DnsEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a dns entity.", + "properties": { + "properties": { + "$ref": "#/definitions/DnsEntityProperties", + "description": "Dns entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "DnsResolution" + }, + "DnsEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Dns entity property bag.", + "properties": { + "dnsServerIpEntityId": { + "description": "An ip entity id for the dns server resolving the request", + "readOnly": true, + "type": "string" + }, + "domainName": { + "description": "The name of the dns record associated with the alert", + "readOnly": true, + "type": "string" + }, + "hostIpAddressEntityId": { + "description": "An ip entity id for the dns request client", + "readOnly": true, + "type": "string" + }, + "ipAddressEntityIds": { + "description": "Ip entity identifiers for the resolved ip address.", + "items": { + "description": "Ip entity id", + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "Entity": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/Resource" + }, + { + "$ref": "#/definitions/EntityKind" + } + ], + "description": "Specific entity.", + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "EntityCommonProperties": { + "description": "Entity common property bag.", + "properties": { + "additionalData": { + "additionalProperties": { + "type": "object" + }, + "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", + "readOnly": true, + "type": "object" + }, + "friendlyName": { + "description": "The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "EntityEdges": { + "description": "The edge that connects the entity to the other entity.", + "properties": { + "targetEntityId": { + "description": "The target entity Id.", + "type": "string" + }, + "additionalData": { + "additionalProperties": { + "type": "object" + }, + "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", + "type": "object" + } + }, + "type": "object" + }, + "EntityInnerKind": { + "description": "The kind of the entity", + "enum": [ + "Account", + "Host", + "File", + "AzureResource", + "CloudApplication", + "DnsResolution", + "FileHash", + "Ip", + "Malware", + "Process", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "Url", + "IoTDevice", + "SecurityAlert", + "Bookmark", + "Mailbox", + "MailCluster", + "MailMessage", + "SubmissionMail" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityKindEnum", + "values": [ + { + "description": "Entity represents account in the system.", + "value": "Account" + }, + { + "description": "Entity represents host in the system.", + "value": "Host" + }, + { + "description": "Entity represents file in the system.", + "value": "File" + }, + { + "description": "Entity represents azure resource in the system.", + "value": "AzureResource" + }, + { + "description": "Entity represents cloud application in the system.", + "value": "CloudApplication" + }, + { + "description": "Entity represents dns resolution in the system.", + "value": "DnsResolution" + }, + { + "description": "Entity represents file hash in the system.", + "value": "FileHash" + }, + { + "description": "Entity represents ip in the system.", + "value": "Ip" + }, + { + "description": "Entity represents malware in the system.", + "value": "Malware" + }, + { + "description": "Entity represents process in the system.", + "value": "Process" + }, + { + "description": "Entity represents registry key in the system.", + "value": "RegistryKey" + }, + { + "description": "Entity represents registry value in the system.", + "value": "RegistryValue" + }, + { + "description": "Entity represents security group in the system.", + "value": "SecurityGroup" + }, + { + "description": "Entity represents url in the system.", + "value": "Url" + }, + { + "description": "Entity represents IoT device in the system.", + "value": "IoTDevice" + }, + { + "description": "Entity represents security alert in the system.", + "value": "SecurityAlert" + }, + { + "description": "Entity represents bookmark in the system.", + "value": "Bookmark" + }, + { + "description": "Entity represents mail cluster in the system.", + "value": "MailCluster" + }, + { + "description": "Entity represents mail message in the system.", + "value": "MailMessage" + }, + { + "description": "Entity represents mailbox in the system.", + "value": "Mailbox" + }, + { + "description": "Entity represents submission mail in the system.", + "value": "SubmissionMail" + } + ] + } + }, + "EntityKind": { + "description": "Describes an entity with kind.", + "properties": { + "kind": { + "$ref": "#/definitions/EntityInnerKind", + "description": "The kind of the entity." + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "FileEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a file entity.", + "properties": { + "properties": { + "$ref": "#/definitions/FileEntityProperties", + "description": "File entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "File" + }, + "FileEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "File entity property bag.", + "properties": { + "directory": { + "description": "The full path to the file.", + "readOnly": true, + "type": "string" + }, + "fileHashEntityIds": { + "description": "The file hash entity identifiers associated with this file", + "items": { + "description": "file hash id", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "fileName": { + "description": "The file name without path (some alerts might not include path).", + "readOnly": true, + "type": "string" + }, + "hostEntityId": { + "description": "The Host entity id which the file belongs to", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "FileHashEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a file hash entity.", + "properties": { + "properties": { + "$ref": "#/definitions/FileHashEntityProperties", + "description": "FileHash entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "FileHash" + }, + "FileHashEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "FileHash entity property bag.", + "properties": { + "algorithm": { + "description": "The hash algorithm type.", + "enum": [ + "Unknown", + "MD5", + "SHA1", + "SHA256", + "SHA256AC" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "FileHashAlgorithm", + "values": [ + { + "description": "Unknown hash algorithm", + "value": "Unknown" + }, + { + "description": "MD5 hash type", + "value": "MD5" + }, + { + "description": "SHA1 hash type", + "value": "SHA1" + }, + { + "description": "SHA256 hash type", + "value": "SHA256" + }, + { + "description": "SHA256 Authenticode hash type", + "value": "SHA256AC" + } + ] + } + }, + "hashValue": { + "description": "The file hash value.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "GeoLocation": { + "description": "The geo-location context attached to the ip entity", + "properties": { + "asn": { + "description": "Autonomous System Number", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "city": { + "description": "City name", + "readOnly": true, + "type": "string" + }, + "countryCode": { + "description": "The country code according to ISO 3166 format", + "readOnly": true, + "type": "string" + }, + "countryName": { + "description": "Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name", + "readOnly": true, + "type": "string" + }, + "latitude": { + "description": "The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code.", + "format": "double", + "readOnly": true, + "type": "number" + }, + "longitude": { + "description": "The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code.", + "format": "double", + "readOnly": true, + "type": "number" + }, + "state": { + "description": "State name", + "readOnly": true, + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "HostEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a host entity.", + "properties": { + "properties": { + "$ref": "#/definitions/HostEntityProperties", + "description": "Host entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Host" + }, + "HostEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Host entity property bag.", + "properties": { + "azureID": { + "description": "The azure resource id of the VM.", + "readOnly": true, + "type": "string" + }, + "dnsDomain": { + "description": "The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain", + "readOnly": true, + "type": "string" + }, + "hostName": { + "description": "The hostname without the domain suffix.", + "readOnly": true, + "type": "string" + }, + "isDomainJoined": { + "description": "Determines whether this host belongs to a domain.", + "readOnly": true, + "type": "boolean" + }, + "netBiosName": { + "description": "The host name (pre-windows2000).", + "readOnly": true, + "type": "string" + }, + "ntDomain": { + "description": "The NT domain that this host belongs to.", + "readOnly": true, + "type": "string" + }, + "omsAgentID": { + "description": "The OMS agent id, if the host has OMS agent installed.", + "readOnly": true, + "type": "string" + }, + "osFamily": { + "description": "The operating system type.", + "enum": [ + "Linux", + "Windows", + "Android", + "IOS", + "Unknown" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "OSFamily", + "values": [ + { + "description": "Host with Linux operating system.", + "value": "Linux" + }, + { + "description": "Host with Windows operating system.", + "value": "Windows" + }, + { + "description": "Host with Android operating system.", + "value": "Android" + }, + { + "description": "Host with IOS operating system.", + "value": "IOS" + }, + { + "description": "Host with Unknown operating system.", + "value": "Unknown" + } + ] + } + }, + "osVersion": { + "description": "A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "HuntingBookmark": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a Hunting bookmark entity.", + "properties": { + "properties": { + "$ref": "#/definitions/HuntingBookmarkProperties", + "description": "HuntingBookmark entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Bookmark" + }, + "HuntingBookmarkProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Describes bookmark properties", + "properties": { + "created": { + "description": "The time the bookmark was created", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the bookmark", + "type": "object" + }, + "displayName": { + "description": "The display name of the bookmark", + "type": "string" + }, + "eventTime": { + "description": "The time of the event", + "format": "date-time", + "type": "string" + }, + "labels": { + "description": "List of labels relevant to this bookmark", + "items": { + "$ref": "#/definitions/Label" + }, + "type": "array" + }, + "notes": { + "description": "The notes of the bookmark", + "type": "string" + }, + "query": { + "description": "The query of the bookmark.", + "type": "string" + }, + "queryResult": { + "description": "The query result of the bookmark.", + "type": "string" + }, + "updated": { + "description": "The last time the bookmark was updated", + "format": "date-time", + "type": "string" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the bookmark", + "type": "object" + }, + "incidentInfo": { + "$ref": "#/definitions/IncidentInfo", + "description": "Describes an incident that relates to bookmark", + "type": "object" + } + }, + "required": [ + "displayName", + "query" + ], + "type": "object" + }, + "Incident": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents an incident in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/IncidentProperties", + "description": "Incident properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "IncidentAdditionalData": { + "description": "Incident additional data property bag.", + "properties": { + "alertsCount": { + "description": "The number of alerts in the incident", + "format": "int32", + "readOnly": true, + "type": "integer" + }, + "bookmarksCount": { + "description": "The number of bookmarks in the incident", + "format": "int32", + "readOnly": true, + "type": "integer" + }, + "commentsCount": { + "description": "The number of comments in the incident", + "format": "int32", + "readOnly": true, + "type": "integer" + }, + "alertProductNames": { + "description": "List of product names of alerts in the incident", + "items": { + "description": "Alert product name", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "tactics": { + "description": "The tactics associated with incident", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "IncidentAlertList": { + "description": "List of incident alerts.", + "properties": { + "value": { + "description": "Array of incident alerts.", + "type": "array", + "items": { + "$ref": "#/definitions/SecurityAlert" + } + } + }, + "required": [ + "value" + ] + }, + "IncidentBookmarkList": { + "description": "List of incident bookmarks.", + "properties": { + "value": { + "description": "Array of incident bookmarks.", + "type": "array", + "items": { + "$ref": "#/definitions/HuntingBookmark" + } + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "IncidentComment": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents an incident comment", + "properties": { + "properties": { + "$ref": "#/definitions/IncidentCommentProperties", + "description": "Incident comment properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "IncidentCommentList": { + "description": "List of incident comments.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of comments.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of comments.", + "items": { + "$ref": "#/definitions/IncidentComment" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "IncidentCommentProperties": { + "description": "Incident comment property bag.", + "properties": { + "createdTimeUtc": { + "description": "The time the comment was created", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "lastModifiedTimeUtc": { + "description": "The time the comment was updated", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "message": { + "description": "The comment message", + "type": "string" + }, + "author": { + "$ref": "#/definitions/ClientInfo", + "description": "Describes the client that created the comment", + "readOnly": true, + "type": "object" + } + }, + "required": [ + "message" + ], + "type": "object" + }, + "IncidentEntitiesResponse": { + "description": "The incident related entities response.", + "type": "object", + "properties": { + "entities": { + "description": "Array of the incident related entities.", + "type": "array", + "items": { + "$ref": "#/definitions/Entity" + } + }, + "metaData": { + "description": "The metadata from the incident related entities results.", + "type": "array", + "items": { + "$ref": "#/definitions/IncidentEntitiesResultsMetadata" + } + } + } + }, + "IncidentEntitiesResultsMetadata": { + "description": "Information of a specific aggregation in the incident related entities result.", + "properties": { + "count": { + "description": "Total number of aggregations of the given kind in the incident related entities result.", + "type": "integer", + "format": "int32" + }, + "entityKind": { + "$ref": "#/definitions/EntityInnerKind", + "description": "The kind of the aggregated entity." + } + }, + "required": [ + "entityKind", + "count" + ], + "type": "object" + }, + "IncidentInfo": { + "description": "Describes related incident information for the bookmark", + "properties": { + "incidentId": { + "description": "Incident Id", + "type": "string" + }, + "severity": { + "description": "The severity of the incident", + "enum": [ + "Critical", + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "CaseSeverity", + "values": [ + { + "description": "Critical severity", + "value": "Critical" + }, + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "title": { + "description": "The title of the incident", + "type": "string" + }, + "relationName": { + "description": "Relation Name", + "type": "string" + } + }, + "type": "object" + }, + "IncidentLabel": { + "description": "Represents an incident label", + "properties": { + "labelName": { + "description": "The name of the label", + "type": "string" + }, + "labelType": { + "description": "The type of the label", + "enum": [ + "User", + "System" + ], + "type": "string", + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentLabelType", + "values": [ + { + "description": "Label manually created by a user", + "value": "User" + }, + { + "description": "Label automatically created by the system", + "value": "System" + } + ] + } + } + }, + "required": [ + "labelName" + ], + "type": "object" + }, + "IncidentList": { + "description": "List all the incidents.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of incidents.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of incidents.", + "items": { + "$ref": "#/definitions/Incident" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "IncidentOwnerInfo": { + "description": "Information on the user an incident is assigned to", + "properties": { + "email": { + "description": "The email of the user the incident is assigned to.", + "type": "string" + }, + "assignedTo": { + "description": "The name of the user the incident is assigned to.", + "type": "string" + }, + "objectId": { + "description": "The object id of the user the incident is assigned to.", + "format": "uuid", + "type": "string" + }, + "userPrincipalName": { + "description": "The user principal name of the user the incident is assigned to.", + "type": "string" + } + }, + "type": "object" + }, + "IncidentProperties": { + "description": "Describes incident properties", + "properties": { + "additionalData": { + "$ref": "#/definitions/IncidentAdditionalData", + "description": "Additional data on the incident", + "readOnly": true, + "type": "object" + }, + "classification": { + "description": "The reason the incident was closed", + "enum": [ + "Undetermined", + "TruePositive", + "BenignPositive", + "FalsePositive" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentClassification", + "values": [ + { + "description": "Incident classification was undetermined", + "value": "Undetermined" + }, + { + "description": "Incident was true positive", + "value": "TruePositive" + }, + { + "description": "Incident was benign positive", + "value": "BenignPositive" + }, + { + "description": "Incident was false positive", + "value": "FalsePositive" + } + ] + } + }, + "classificationComment": { + "description": "Describes the reason the incident was closed", + "type": "string" + }, + "classificationReason": { + "description": "The classification reason the incident was closed with", + "enum": [ + "SuspiciousActivity", + "SuspiciousButExpected", + "IncorrectAlertLogic", + "InaccurateData" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentClassificationReason", + "values": [ + { + "description": "Classification reason was suspicious activity", + "value": "SuspiciousActivity" + }, + { + "description": "Classification reason was suspicious but expected", + "value": "SuspiciousButExpected" + }, + { + "description": "Classification reason was incorrect alert logic", + "value": "IncorrectAlertLogic" + }, + { + "description": "Classification reason was inaccurate data", + "value": "InaccurateData" + } + ] + } + }, + "createdTimeUtc": { + "description": "The time the incident was created", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the incident", + "type": "string" + }, + "firstActivityTimeUtc": { + "description": "The time of the first activity in the incident", + "format": "date-time", + "type": "string" + }, + "incidentUrl": { + "description": "The deep-link url to the incident in Azure portal", + "readOnly": true, + "type": "string" + }, + "incidentNumber": { + "description": "A sequential number", + "format": "int32", + "readOnly": true, + "type": "integer" + }, + "labels": { + "description": "List of labels relevant to this incident", + "items": { + "$ref": "#/definitions/IncidentLabel" + }, + "type": "array" + }, + "lastActivityTimeUtc": { + "description": "The time of the last activity in the incident", + "format": "date-time", + "type": "string" + }, + "lastModifiedTimeUtc": { + "description": "The last time the incident was updated", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "owner": { + "$ref": "#/definitions/IncidentOwnerInfo", + "description": "Describes a user that the incident is assigned to", + "type": "object" + }, + "relatedAnalyticRuleIds": { + "description": "List of resource ids of Analytic rules related to the incident", + "items": { + "description": "Related Analytic rule resource id", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "severity": { + "description": "The severity of the incident", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentSeverity", + "values": [ + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "status": { + "description": "The status of the incident", + "enum": [ + "New", + "Active", + "Closed" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentStatus", + "values": [ + { + "description": "An active incident which isn't being handled currently", + "value": "New" + }, + { + "description": "An active incident which is being handled", + "value": "Active" + }, + { + "description": "A non-active incident", + "value": "Closed" + } + ] + } + }, + "title": { + "description": "The title of the incident", + "type": "string" + } + }, + "required": [ + "title", + "severity", + "status" + ], + "type": "object" + }, + "IoTDeviceEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an IoT device entity.", + "properties": { + "properties": { + "$ref": "#/definitions/IoTDeviceEntityProperties", + "description": "IoTDevice entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "IoTDevice" + }, + "IoTDeviceEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "IoTDevice entity property bag.", + "properties": { + "deviceId": { + "description": "The ID of the IoT Device in the IoT Hub", + "readOnly": true, + "type": "string" + }, + "deviceName": { + "description": "The friendly name of the device", + "readOnly": true, + "type": "string" + }, + "source": { + "description": "The source of the device", + "readOnly": true, + "type": "string" + }, + "iotSecurityAgentId": { + "description": "The ID of the security agent running on the device", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "deviceType": { + "description": "The type of the device", + "readOnly": true, + "type": "string" + }, + "vendor": { + "description": "The vendor of the device", + "readOnly": true, + "type": "string" + }, + "edgeId": { + "description": "The ID of the edge device", + "readOnly": true, + "type": "string" + }, + "macAddress": { + "description": "The MAC address of the device", + "readOnly": true, + "type": "string" + }, + "model": { + "description": "The model of the device", + "readOnly": true, + "type": "string" + }, + "serialNumber": { + "description": "The serial number of the device", + "readOnly": true, + "type": "string" + }, + "firmwareVersion": { + "description": "The firmware version of the device", + "readOnly": true, + "type": "string" + }, + "operatingSystem": { + "description": "The operating system of the device", + "readOnly": true, + "type": "string" + }, + "iotHubEntityId": { + "description": "The AzureResource entity id of the IoT Hub", + "readOnly": true, + "type": "string" + }, + "hostEntityId": { + "description": "The Host entity id of this device", + "readOnly": true, + "type": "string" + }, + "ipAddressEntityId": { + "description": "The IP entity if of this device", + "readOnly": true, + "type": "string" + }, + "threatIntelligence": { + "description": "A list of TI contexts attached to the IoTDevice entity.", + "items": { + "$ref": "#/definitions/ThreatIntelligence" + }, + "readOnly": true, + "type": "array" + }, + "protocols": { + "description": "A list of protocols of the IoTDevice entity.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "IpEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an ip entity.", + "properties": { + "properties": { + "$ref": "#/definitions/IpEntityProperties", + "description": "Ip entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Ip" + }, + "IpEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Ip entity property bag.", + "properties": { + "address": { + "description": "The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)", + "readOnly": true, + "type": "string" + }, + "location": { + "$ref": "#/definitions/GeoLocation", + "description": "The geo-location context attached to the ip entity" + }, + "threatIntelligence": { + "description": "A list of TI contexts attached to the ip entity.", + "items": { + "$ref": "#/definitions/ThreatIntelligence" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "Label": { + "description": "Label that will be used to tag and filter on.", + "type": "string" + }, + "MailboxEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a mailbox entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailboxEntityProperties", + "description": "Mailbox entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Mailbox" + }, + "MailboxEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Mailbox entity property bag.", + "properties": { + "mailboxPrimaryAddress": { + "description": "The mailbox's primary address", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The mailbox's display name", + "readOnly": true, + "type": "string" + }, + "upn": { + "description": "The mailbox's UPN", + "readOnly": true, + "type": "string" + }, + "externalDirectoryObjectId": { + "description": "The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox object on office side", + "format": "uuid", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "MailClusterEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a mail cluster entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailClusterEntityProperties", + "description": "Mail cluster entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MailCluster" + }, + "MailClusterEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Mail cluster entity property bag.", + "properties": { + "networkMessageIds": { + "description": "The mail message IDs that are part of the mail cluster", + "items": { + "description": "A mail message ID", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "countByDeliveryStatus": { + "description": "Count of mail messages by DeliveryStatus string representation", + "readOnly": true, + "type": "object" + }, + "countByThreatType": { + "description": "Count of mail messages by ThreatType string representation", + "readOnly": true, + "type": "object" + }, + "countByProtectionStatus": { + "description": "Count of mail messages by ProtectionStatus string representation", + "readOnly": true, + "type": "object" + }, + "threats": { + "description": "The threats of mail messages that are part of the mail cluster", + "items": { + "description": "A threat", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "query": { + "description": "The query that was used to identify the messages of the mail cluster", + "readOnly": true, + "type": "string" + }, + "queryTime": { + "description": "The query time", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "mailCount": { + "description": "The number of mail messages that are part of the mail cluster", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "isVolumeAnomaly": { + "description": "Is this a volume anomaly mail cluster", + "readOnly": true, + "type": "boolean" + }, + "source": { + "description": "The source of the mail cluster (default is 'O365 ATP')", + "readOnly": true, + "type": "string" + }, + "clusterSourceIdentifier": { + "description": "The id of the cluster source", + "readOnly": true, + "type": "string" + }, + "clusterSourceType": { + "description": "The type of the cluster source", + "readOnly": true, + "type": "string" + }, + "clusterQueryStartTime": { + "description": "The cluster query start time", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "clusterQueryEndTime": { + "description": "The cluster query end time", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "clusterGroup": { + "description": "The cluster group", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "MailMessageEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a mail message entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailMessageEntityProperties", + "description": "Mail message entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MailMessage" + }, + "MailMessageEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Mail message entity property bag.", + "properties": { + "fileEntityIds": { + "description": "The File entity ids of this mail message's attachments", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "recipient": { + "description": "The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and each copy has one recipient", + "readOnly": true, + "type": "string" + }, + "urls": { + "description": "The Urls contained in this mail message", + "items": { + "description": "A Url contained in this mail message", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "threats": { + "description": "The threats of this mail message", + "items": { + "description": "A threat of the mail message", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "p1Sender": { + "description": "The p1 sender's email address", + "readOnly": true, + "type": "string" + }, + "p1SenderDisplayName": { + "description": "The p1 sender's display name", + "readOnly": true, + "type": "string" + }, + "p1SenderDomain": { + "description": "The p1 sender's domain", + "readOnly": true, + "type": "string" + }, + "senderIP": { + "description": "The sender's IP address", + "readOnly": true, + "type": "string" + }, + "p2Sender": { + "description": "The p2 sender's email address", + "readOnly": true, + "type": "string" + }, + "p2SenderDisplayName": { + "description": "The p2 sender's display name", + "readOnly": true, + "type": "string" + }, + "p2SenderDomain": { + "description": "The p2 sender's domain", + "readOnly": true, + "type": "string" + }, + "receiveDate": { + "description": "The receive date of this message", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "networkMessageId": { + "description": "The network message id of this mail message", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "internetMessageId": { + "description": "The internet message id of this mail message", + "readOnly": true, + "type": "string" + }, + "subject": { + "description": "The subject of this mail message", + "readOnly": true, + "type": "string" + }, + "language": { + "description": "The language of this mail message", + "readOnly": true, + "type": "string" + }, + "threatDetectionMethods": { + "description": "The threat detection methods", + "items": { + "description": "A threat detection method", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "bodyFingerprintBin1": { + "description": "The bodyFingerprintBin1", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin2": { + "description": "The bodyFingerprintBin2", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin3": { + "description": "The bodyFingerprintBin3", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin4": { + "description": "The bodyFingerprintBin4", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin5": { + "description": "The bodyFingerprintBin5", + "type": "integer", + "format": "int32" + }, + "antispamDirection": { + "description": "The directionality of this mail message", + "enum": [ + "Unknown", + "Inbound", + "Outbound", + "Intraorg" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AntispamMailDirection", + "values": [ + { + "description": "Unknown", + "value": "Unknown" + }, + { + "description": "Inbound", + "value": "Inbound" + }, + { + "description": "Outbound", + "value": "Outbound" + }, + { + "description": "Intraorg", + "value": "Intraorg" + } + ] + } + }, + "deliveryAction": { + "description": "The delivery action of this mail message like Delivered, Blocked, Replaced etc", + "enum": [ + "Unknown", + "DeliveredAsSpam", + "Delivered", + "Blocked", + "Replaced" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "DeliveryAction", + "values": [ + { + "description": "Unknown", + "value": "Unknown" + }, + { + "description": "DeliveredAsSpam", + "value": "DeliveredAsSpam" + }, + { + "description": "Delivered", + "value": "Delivered" + }, + { + "description": "Blocked", + "value": "Blocked" + }, + { + "description": "Replaced", + "value": "Replaced" + } + ] + } + }, + "deliveryLocation": { + "description": "The delivery location of this mail message like Inbox, JunkFolder etc", + "enum": [ + "Unknown", + "Inbox", + "JunkFolder", + "DeletedFolder", + "Quarantine", + "External", + "Failed", + "Dropped", + "Forwarded" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "DeliveryLocation", + "values": [ + { + "description": "Unknown", + "value": "Unknown" + }, + { + "description": "Inbox", + "value": "Inbox" + }, + { + "description": "JunkFolder", + "value": "JunkFolder" + }, + { + "description": "DeletedFolder", + "value": "DeletedFolder" + }, + { + "description": "Quarantine", + "value": "Quarantine" + }, + { + "description": "External", + "value": "External" + }, + { + "description": "Failed", + "value": "Failed" + }, + { + "description": "Dropped", + "value": "Dropped" + }, + { + "description": "Forwarded", + "value": "Forwarded" + } + ] + } + } + }, + "type": "object" + }, + "MalwareEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a malware entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MalwareEntityProperties", + "description": "File entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Malware" + }, + "MalwareEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Malware entity property bag.", + "properties": { + "category": { + "description": "The malware category by the vendor, e.g. Trojan", + "readOnly": true, + "type": "string" + }, + "fileEntityIds": { + "description": "List of linked file entity identifiers on which the malware was found", + "items": { + "description": "file entity id", + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "malwareName": { + "description": "The malware name by the vendor, e.g. Win32/Toga!rfn", + "readOnly": true, + "type": "string" + }, + "processEntityIds": { + "description": "List of linked process entity identifiers on which the malware was found.", + "items": { + "description": "process entity id", + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "ProcessEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a process entity.", + "properties": { + "properties": { + "$ref": "#/definitions/ProcessEntityProperties", + "description": "Process entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Process" + }, + "ProcessEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Process entity property bag.", + "properties": { + "accountEntityId": { + "description": "The account entity id running the processes.", + "readOnly": true, + "type": "string" + }, + "commandLine": { + "description": "The command line used to create the process", + "readOnly": true, + "type": "string" + }, + "creationTimeUtc": { + "description": "The time when the process started to run", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "elevationToken": { + "description": "The elevation token associated with the process.", + "enum": [ + "Default", + "Full", + "Limited" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "ElevationToken", + "values": [ + { + "description": "Default elevation token", + "value": "Default" + }, + { + "description": "Full elevation token", + "value": "Full" + }, + { + "description": "Limited elevation token", + "value": "Limited" + } + ] + } + }, + "hostEntityId": { + "description": "The host entity id on which the process was running", + "readOnly": true, + "type": "string" + }, + "hostLogonSessionEntityId": { + "description": "The session entity id in which the process was running", + "readOnly": true, + "type": "string" + }, + "imageFileEntityId": { + "description": "Image file entity id", + "readOnly": true, + "type": "string" + }, + "parentProcessEntityId": { + "description": "The parent process entity id.", + "readOnly": true, + "type": "string" + }, + "processId": { + "description": "The process ID", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "RegistryKeyEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a registry key entity.", + "properties": { + "properties": { + "$ref": "#/definitions/RegistryKeyEntityProperties", + "description": "RegistryKey entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "RegistryKey" + }, + "RegistryKeyEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "RegistryKey entity property bag.", + "properties": { + "hive": { + "description": "the hive that holds the registry key.", + "enum": [ + "HKEY_LOCAL_MACHINE", + "HKEY_CLASSES_ROOT", + "HKEY_CURRENT_CONFIG", + "HKEY_USERS", + "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "HKEY_PERFORMANCE_DATA", + "HKEY_PERFORMANCE_NLSTEXT", + "HKEY_PERFORMANCE_TEXT", + "HKEY_A", + "HKEY_CURRENT_USER" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "RegistryHive", + "values": [ + { + "description": "HKEY_LOCAL_MACHINE", + "value": "HKEY_LOCAL_MACHINE" + }, + { + "description": "HKEY_CLASSES_ROOT", + "value": "HKEY_CLASSES_ROOT" + }, + { + "description": "HKEY_CURRENT_CONFIG", + "value": "HKEY_CURRENT_CONFIG" + }, + { + "description": "HKEY_USERS", + "value": "HKEY_USERS" + }, + { + "description": "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "value": "HKEY_CURRENT_USER_LOCAL_SETTINGS" + }, + { + "description": "HKEY_PERFORMANCE_DATA", + "value": "HKEY_PERFORMANCE_DATA" + }, + { + "description": "HKEY_PERFORMANCE_NLSTEXT", + "value": "HKEY_PERFORMANCE_NLSTEXT" + }, + { + "description": "HKEY_PERFORMANCE_TEXT", + "value": "HKEY_PERFORMANCE_TEXT" + }, + { + "description": "HKEY_A", + "value": "HKEY_A" + }, + { + "description": "HKEY_CURRENT_USER", + "value": "HKEY_CURRENT_USER" + } + ] + } + }, + "key": { + "description": "The registry key path.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "RegistryValueEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a registry value entity.", + "properties": { + "properties": { + "$ref": "#/definitions/RegistryValueEntityProperties", + "description": "RegistryKey entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "RegistryValue" + }, + "RegistryValueEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "RegistryValue entity property bag.", + "properties": { + "keyEntityId": { + "description": "The registry key entity id.", + "readOnly": true, + "type": "string" + }, + "valueData": { + "description": "String formatted representation of the value data.", + "readOnly": true, + "type": "string" + }, + "valueName": { + "description": "The registry value name.", + "readOnly": true, + "type": "string" + }, + "valueType": { + "description": "Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry.", + "enum": [ + "None", + "Unknown", + "String", + "ExpandString", + "Binary", + "DWord", + "MultiString", + "QWord" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "RegistryValueKind", + "values": [ + { + "description": "None", + "value": "None" + }, + { + "description": "Unknown value type", + "value": "Unknown" + }, + { + "description": "String value type", + "value": "String" + }, + { + "description": "ExpandString value type", + "value": "ExpandString" + }, + { + "description": "Binary value type", + "value": "Binary" + }, + { + "description": "DWord value type", + "value": "DWord" + }, + { + "description": "MultiString value type", + "value": "MultiString" + }, + { + "description": "QWord value type", + "value": "QWord" + } + ] + } + } + }, + "type": "object" + }, + "Relation": { + "type": "object", + "description": "Represents a relation between two resources", + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/RelationProperties", + "description": "Relation properties", + "x-ms-client-flatten": true + } + } + }, + "RelationList": { + "description": "List of relations.", + "properties": { + "nextLink": { + "readOnly": true, + "description": "URL to fetch the next set of relations.", + "type": "string" + }, + "value": { + "description": "Array of relations.", + "type": "array", + "items": { + "$ref": "#/definitions/Relation" + } + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "RelationProperties": { + "description": "Relation property bag.", + "properties": { + "relatedResourceId": { + "description": "The resource ID of the related resource", + "type": "string" + }, + "relatedResourceName": { + "description": "The name of the related resource", + "readOnly": true, + "type": "string" + }, + "relatedResourceType": { + "description": "The resource type of the related resource", + "readOnly": true, + "type": "string" + }, + "relatedResourceKind": { + "description": "The resource kind of the related resource", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "relatedResourceId" + ], + "type": "object" + }, + "SecurityAlert": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a security alert entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SecurityAlertProperties", + "description": "SecurityAlert entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SecurityAlert" + }, + "SecurityAlertProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "SecurityAlert entity property bag.", + "properties": { + "alertDisplayName": { + "description": "The display name of the alert.", + "readOnly": true, + "type": "string" + }, + "alertType": { + "description": "The type name of the alert.", + "readOnly": true, + "type": "string" + }, + "compromisedEntity": { + "description": "Display name of the main entity being reported on.", + "readOnly": true, + "type": "string" + }, + "confidenceLevel": { + "description": "The confidence level of this alert.", + "enum": [ + "Unknown", + "Low", + "High" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ConfidenceLevel", + "values": [ + { + "description": "Unknown confidence, the is the default value", + "value": "Unknown" + }, + { + "description": "Low confidence, meaning we have some doubts this is indeed malicious or part of an attack", + "value": "Low" + }, + { + "description": "High confidence that the alert is true positive malicious", + "value": "High" + } + ] + } + }, + "confidenceReasons": { + "description": "The confidence reasons", + "items": { + "description": "confidence reason item", + "properties": { + "reason": { + "description": "The reason's description", + "readOnly": true, + "type": "string" + }, + "reasonType": { + "description": "The type (category) of the reason", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "readOnly": true, + "type": "array" + }, + "confidenceScore": { + "description": "The confidence score of the alert.", + "format": "double", + "readOnly": true, + "type": "number" + }, + "confidenceScoreStatus": { + "description": "The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final.", + "enum": [ + "NotApplicable", + "InProcess", + "NotFinal", + "Final" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ConfidenceScoreStatus", + "values": [ + { + "description": "Score will not be calculated for this alert as it is not supported by virtual analyst", + "value": "NotApplicable" + }, + { + "description": "No score was set yet and calculation is in progress", + "value": "InProcess" + }, + { + "description": "Score is calculated and shown as part of the alert, but may be updated again at a later time following the processing of additional data", + "value": "NotFinal" + }, + { + "description": "Final score was calculated and available", + "value": "Final" + } + ] + } + }, + "description": { + "description": "Alert description.", + "readOnly": true, + "type": "string" + }, + "endTimeUtc": { + "description": "The impact end time of the alert (the time of the last event contributing to the alert).", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "intent": { + "description": "Holds the alert intent stage(s) mapping for this alert.", + "enum": [ + "Unknown", + "Probing", + "Exploitation", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Execution", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "KillChainIntent", + "values": [ + { + "description": "The default value.", + "value": "Unknown" + }, + { + "description": "Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in.", + "value": "Probing" + }, + { + "description": "Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage.", + "value": "Exploitation" + }, + { + "description": "Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access.", + "value": "Persistence" + }, + { + "description": "Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege.", + "value": "PrivilegeEscalation" + }, + { + "description": "Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. ", + "value": "DefenseEvasion" + }, + { + "description": "Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment.", + "value": "CredentialAccess" + }, + { + "description": "Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must orient themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase.", + "value": "Discovery" + }, + { + "description": "Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect.", + "value": "LateralMovement" + }, + { + "description": "The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network.", + "value": "Execution" + }, + { + "description": "Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", + "value": "Collection" + }, + { + "description": "Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", + "value": "Exfiltration" + }, + { + "description": "The command and control tactic represents how adversaries communicate with systems under their control within a target network.", + "value": "CommandAndControl" + }, + { + "description": "The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others.", + "value": "Impact" + } + ] + } + }, + "providerAlertId": { + "description": "The identifier of the alert inside the product which generated the alert.", + "readOnly": true, + "type": "string" + }, + "processingEndTime": { + "description": "The time the alert was made available for consumption.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "productComponentName": { + "description": "The name of a component inside the product which generated the alert.", + "readOnly": true, + "type": "string" + }, + "productName": { + "description": "The name of the product which published this alert.", + "readOnly": true, + "type": "string" + }, + "productVersion": { + "description": "The version of the product generating the alert.", + "readOnly": true, + "type": "string" + }, + "remediationSteps": { + "description": "Manual action items to take to remediate the alert.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + }, + "severity": { + "$ref": "#/definitions/AlertSeverity", + "description": "The severity of the alert" + }, + "startTimeUtc": { + "description": "The impact start time of the alert (the time of the first event contributing to the alert).", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "status": { + "description": "The lifecycle status of the alert.", + "enum": [ + "Unknown", + "New", + "Resolved", + "Dismissed", + "InProgress" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertStatus", + "values": [ + { + "description": "Unknown value", + "value": "Unknown" + }, + { + "description": "New alert", + "value": "New" + }, + { + "description": "Alert closed after handling", + "value": "Resolved" + }, + { + "description": "Alert dismissed as false positive", + "value": "Dismissed" + }, + { + "description": "Alert is being handled", + "value": "InProgress" + } + ] + } + }, + "systemAlertId": { + "description": "Holds the product identifier of the alert for the product.", + "readOnly": true, + "type": "string" + }, + "tactics": { + "description": "The tactics of the alert", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + }, + "timeGenerated": { + "description": "The time the alert was generated.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "vendorName": { + "description": "The name of the vendor that raise the alert.", + "readOnly": true, + "type": "string" + }, + "alertLink": { + "description": "The uri link of the alert.", + "readOnly": true, + "type": "string" + }, + "resourceIdentifiers": { + "description": "The list of resource identifiers of the alert.", + "items": { + "type": "object" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + }, + "SecurityGroupEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a security group entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SecurityGroupEntityProperties", + "description": "SecurityGroup entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SecurityGroup" + }, + "SecurityGroupEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "SecurityGroup entity property bag.", + "properties": { + "distinguishedName": { + "description": "The group distinguished name", + "readOnly": true, + "type": "string" + }, + "objectGuid": { + "description": "A single-value attribute that is the unique identifier for the object, assigned by active directory.", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "sid": { + "description": "The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "SubmissionMailEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a submission mail entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SubmissionMailEntityProperties", + "description": "Submission mail entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SubmissionMail" + }, + "SubmissionMailEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Submission mail entity property bag.", + "properties": { + "networkMessageId": { + "description": "The network message id of email to which submission belongs", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "submissionId": { + "description": "The submission id", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "submitter": { + "description": "The submitter", + "readOnly": true, + "type": "string" + }, + "submissionDate": { + "description": "The submission date", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "timestamp": { + "description": "The Time stamp when the message is received (Mail)", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "recipient": { + "description": "The recipient of the mail", + "readOnly": true, + "type": "string" + }, + "sender": { + "description": "The sender of the mail", + "readOnly": true, + "type": "string" + }, + "senderIp": { + "description": "The sender's IP", + "readOnly": true, + "type": "string" + }, + "subject": { + "description": "The subject of submission mail", + "readOnly": true, + "type": "string" + }, + "reportType": { + "description": "The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "ThreatIntelligence": { + "description": "ThreatIntelligence property bag.", + "properties": { + "confidence": { + "description": "Confidence (must be between 0 and 1)", + "format": "double", + "readOnly": true, + "type": "number" + }, + "providerName": { + "description": "Name of the provider from whom this Threat Intelligence information was received", + "readOnly": true, + "type": "string" + }, + "reportLink": { + "description": "Report link", + "readOnly": true, + "type": "string" + }, + "threatDescription": { + "description": "Threat description (free text)", + "readOnly": true, + "type": "string" + }, + "threatName": { + "description": "Threat name (e.g. \"Jedobot malware\")", + "readOnly": true, + "type": "string" + }, + "threatType": { + "description": "Threat type (e.g. \"Botnet\")", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "UrlEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a url entity.", + "properties": { + "properties": { + "$ref": "#/definitions/UrlEntityProperties", + "description": "Url entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Url" + }, + "UrlEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Url entity property bag.", + "properties": { + "url": { + "description": "A full URL the entity points to", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "UserInfo": { + "description": "User information that made some action", + "properties": { + "email": { + "description": "The email of the user.", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "The name of the user.", + "readOnly": true, + "type": "string" + }, + "objectId": { + "description": "The object id of the user.", + "format": "uuid", + "type": "string", + "x-nullable": true + } + }, + "type": "object" + } + }, + "parameters": { + "Incident": { + "description": "The incident", + "in": "body", + "name": "incident", + "required": true, + "schema": { + "$ref": "#/definitions/Incident" + }, + "x-ms-parameter-location": "method" + }, + "IncidentComment": { + "description": "The incident comment", + "in": "body", + "name": "incidentComment", + "required": true, + "schema": { + "$ref": "#/definitions/IncidentComment" + }, + "x-ms-parameter-location": "method" + }, + "IncidentCommentId": { + "description": "Incident comment ID", + "in": "path", + "name": "incidentCommentId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "IncidentId": { + "description": "Incident ID", + "in": "path", + "name": "incidentId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "Relation": { + "name": "relation", + "in": "body", + "description": "The relation model", + "required": true, + "schema": { + "$ref": "#/definitions/Relation" + }, + "x-ms-parameter-location": "method" + }, + "RelationName": { + "name": "relationName", + "in": "path", + "required": true, + "type": "string", + "description": "Relation Name", + "x-ms-parameter-location": "method" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/ThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/ThreatIntelligence.json new file mode 100644 index 00000000..d8da42a1 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/ThreatIntelligence.json @@ -0,0 +1,1183 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2021-04-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator": { + "post": { + "x-ms-examples": { + "Create a new Threat Intelligence": { + "$ref": "./examples/threatintelligence/CreateThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Create a new threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_CreateIndicator", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceProperties" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to create indicators.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators": { + "get": { + "x-ms-examples": { + "Get all threat intelligence indicators": { + "$ref": "./examples/threatintelligence/GetThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Get all threat intelligence indicators.", + "operationId": "ThreatIntelligenceIndicators_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ODataFilter" + }, + { + "$ref": "#/parameters/ODataTop" + }, + { + "$ref": "#/parameters/ODataSkipToken" + }, + { + "$ref": "#/parameters/ODataOrderBy" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformationList" + } + }, + "default": { + "description": "Error response describing why the operation failed to get indicators.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}": { + "get": { + "x-ms-examples": { + "View a threat intelligence indicator by name": { + "$ref": "./examples/threatintelligence/GetThreatIntelligenceById.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "View a threat intelligence indicator by name.", + "operationId": "ThreatIntelligenceIndicator_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to view an indicator.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Update a threat Intelligence indicator": { + "$ref": "./examples/threatintelligence/UpdateThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Update a threat Intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceProperties" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to update an indicator.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a threat intelligence indicator": { + "$ref": "./examples/threatintelligence/DeleteThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Delete a threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed to delete an indicator.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators": { + "post": { + "x-ms-examples": { + "Query threat intelligence indicators as per filtering criteria": { + "$ref": "./examples/threatintelligence/QueryThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Query threat intelligence indicators as per filtering criteria.", + "operationId": "ThreatIntelligenceIndicator_QueryIndicators", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceFilteringCriteria" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics": { + "get": { + "x-ms-examples": { + "Get threat intelligence indicators metrics.": { + "$ref": "./examples/threatintelligence/CollectThreatIntelligenceMetrics.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source).", + "operationId": "ThreatIntelligenceIndicatorMetrics_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceMetricsList" + } + }, + "default": { + "description": "Error response describing why the operation failed to get metrics.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags": { + "post": { + "x-ms-examples": { + "Append tags to a threat intelligence indicator": { + "$ref": "./examples/threatintelligence/AppendTagsThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Append tags to a threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_AppendTags", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceAppendTags" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed to append tags.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags": { + "post": { + "x-ms-examples": { + "Replace tags to a Threat Intelligence": { + "$ref": "./examples/threatintelligence/ReplaceTagsThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Replace tags added to a threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_ReplaceTags", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceReplaceTags" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to replace tags.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse", + "description": "The error object of the CloudError response" + } + }, + "description": "An error response for a resource management request." + }, + "ThreatIntelligenceInformation": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + }, + { + "$ref": "#/definitions/ThreatIntelligenceResourceKind" + } + ], + "description": "Threat intelligence information object.", + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "ThreatIntelligenceInformationList": { + "description": "List of all the threat intelligence information objects.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of information objects.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of threat intelligence information objects.", + "items": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "ThreatIntelligenceIndicatorModel": { + "allOf": [ + { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + ], + "description": "Threat intelligence indicator entity.", + "properties": { + "properties": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorProperties", + "description": "Threat Intelligence Entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "indicator" + }, + "ThreatIntelligenceIndicatorModelForRequestBody": { + "allOf": [ + { + "$ref": "#/definitions/ThreatIntelligenceResourceKind" + } + ], + "description": "Threat intelligence indicator entity used in request body.", + "properties": { + "etag": { + "description": "Etag of the azure resource", + "type": "string" + }, + "properties": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorProperties", + "description": "Threat Intelligence Entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "indicator" + }, + "ThreatIntelligenceResourceKind": { + "description": "Describes an entity with kind.", + "properties": { + "kind": { + "$ref": "#/definitions/ThreatIntelligenceResourceInnerKind", + "description": "The kind of the entity." + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "ThreatIntelligenceResourceInnerKind": { + "description": "The kind of the threat intelligence entity", + "enum": [ + "indicator" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ThreatIntelligenceResourceInnerKind", + "values": [ + { + "description": "Entity represents threat intelligence indicator in the system.", + "value": "indicator" + } + ] + } + }, + "ThreatIntelligenceIndicatorProperties": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/EntityCommonProperties" + } + ], + "description": "Describes threat intelligence entity properties", + "properties": { + "threatIntelligenceTags": { + "description": "List of tags", + "items": { + "description": "tag", + "type": "string" + }, + "type": "array" + }, + "lastUpdatedTimeUtc": { + "description": "Last updated time in UTC", + "type": "string" + }, + "source": { + "description": "Source of a threat intelligence entity", + "type": "string" + }, + "displayName": { + "description": "Display name of a threat intelligence entity", + "type": "string" + }, + "description": { + "description": "Description of a threat intelligence entity", + "type": "string" + }, + "indicatorTypes": { + "description": "Indicator types of threat intelligence entities", + "items": { + "description": "Indicator type of a threat intelligence entity", + "type": "string" + }, + "type": "array" + }, + "pattern": { + "description": "Pattern of a threat intelligence entity", + "type": "string" + }, + "patternType": { + "description": "Pattern type of a threat intelligence entity", + "type": "string" + }, + "patternVersion": { + "description": "Pattern version of a threat intelligence entity", + "type": "string" + }, + "killChainPhases": { + "description": "Kill chain phases", + "items": { + "description": "Kill chain phase", + "$ref": "#/definitions/ThreatIntelligenceKillChainPhase" + }, + "type": "array" + }, + "parsedPattern": { + "description": "Parsed patterns", + "items": { + "description": "Parsed pattern", + "$ref": "#/definitions/ThreatIntelligenceParsedPattern" + }, + "type": "array" + }, + "externalId": { + "description": "External ID of threat intelligence entity", + "type": "string" + }, + "createdByRef": { + "description": "Created by reference of threat intelligence entity", + "type": "string" + }, + "defanged": { + "description": "Is threat intelligence entity defanged", + "type": "boolean" + }, + "externalLastUpdatedTimeUtc": { + "description": "External last updated time in UTC", + "type": "string" + }, + "externalReferences": { + "description": "External References", + "items": { + "description": "external_reference", + "$ref": "#/definitions/ThreatIntelligenceExternalReference" + }, + "type": "array" + }, + "granularMarkings": { + "description": "Granular Markings", + "items": { + "description": "Granular marking", + "$ref": "#/definitions/ThreatIntelligenceGranularMarkingModel" + }, + "type": "array" + }, + "labels": { + "description": "Labels of threat intelligence entity", + "items": { + "description": "label", + "type": "string" + }, + "type": "array" + }, + "revoked": { + "description": "Is threat intelligence entity revoked", + "type": "boolean" + }, + "confidence": { + "description": "Confidence of threat intelligence entity", + "type": "integer", + "format": "int32" + }, + "objectMarkingRefs": { + "description": "Threat intelligence entity object marking references", + "items": { + "description": "Threat intelligence entity object marking reference", + "type": "string" + }, + "type": "array" + }, + "language": { + "description": "Language of threat intelligence entity", + "type": "string" + }, + "threatTypes": { + "description": "Threat types", + "items": { + "description": "Threat type", + "type": "string" + }, + "type": "array" + }, + "validFrom": { + "description": "Valid from", + "type": "string" + }, + "validUntil": { + "description": "Valid until", + "type": "string" + }, + "created": { + "description": "Created by", + "type": "string" + }, + "modified": { + "description": "Modified by", + "type": "string" + }, + "extensions": { + "description": "Extensions map", + "type": "object", + "additionalProperties": {} + } + }, + "type": "object" + }, + "ThreatIntelligenceKillChainPhase": { + "description": "Describes threat kill chain phase entity", + "properties": { + "killChainName": { + "description": "Kill chainName name", + "type": "string" + }, + "phaseName": { + "description": "Phase name", + "type": "string" + } + }, + "type": "object" + }, + "ThreatIntelligenceParsedPattern": { + "description": "Describes parsed pattern entity", + "properties": { + "patternTypeKey": { + "description": "Pattern type key", + "type": "string" + }, + "patternTypeValues": { + "description": "Pattern type keys", + "items": { + "description": "Pattern type key", + "$ref": "#/definitions/ThreatIntelligenceParsedPatternTypeValue" + }, + "type": "array" + } + }, + "type": "object" + }, + "ThreatIntelligenceParsedPatternTypeValue": { + "description": "Describes threat kill chain phase entity", + "properties": { + "valueType": { + "description": "Type of the value", + "type": "string" + }, + "value": { + "description": "Value of parsed pattern", + "type": "string" + } + }, + "type": "object" + }, + "ThreatIntelligenceGranularMarkingModel": { + "description": "Describes threat granular marking model entity", + "properties": { + "language": { + "description": "Language granular marking model", + "type": "string" + }, + "markingRef": { + "description": "marking reference granular marking model", + "type": "integer", + "format": "int32" + }, + "selectors": { + "description": "granular marking model selectors", + "items": { + "description": "granular marking model selector", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "ThreatIntelligenceExternalReference": { + "description": "Describes external reference", + "properties": { + "description": { + "description": "External reference description", + "type": "string" + }, + "externalId": { + "description": "External reference ID", + "type": "string" + }, + "sourceName": { + "description": "External reference source name", + "type": "string" + }, + "url": { + "description": "External reference URL", + "type": "string" + }, + "hashes": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "External reference hashes" + } + }, + "type": "object" + }, + "ThreatIntelligenceFilteringCriteria": { + "description": "Filtering criteria for querying threat intelligence indicators.", + "properties": { + "pageSize": { + "description": "Page size", + "type": "integer", + "format": "int32" + }, + "minConfidence": { + "description": "Minimum confidence.", + "type": "integer", + "format": "int32" + }, + "maxConfidence": { + "description": "Maximum confidence.", + "type": "integer", + "format": "int32" + }, + "minValidUntil": { + "description": "Start time for ValidUntil filter.", + "type": "string" + }, + "maxValidUntil": { + "description": "End time for ValidUntil filter.", + "type": "string" + }, + "includeDisabled": { + "description": "Parameter to include/exclude disabled indicators.", + "type": "boolean" + }, + "sortBy": { + "description": "Columns to sort by and sorting order", + "items": { + "description": "Sort By", + "$ref": "#/definitions/ThreatIntelligenceSortingCriteria" + }, + "type": "array" + }, + "sources": { + "description": "Sources of threat intelligence indicators", + "items": { + "description": "Source", + "type": "string" + }, + "type": "array" + }, + "patternTypes": { + "description": "Pattern types", + "items": { + "description": "Pattern type", + "type": "string" + }, + "type": "array" + }, + "threatTypes": { + "description": "Threat types of threat intelligence indicators", + "items": { + "description": "Threat type of a threat intelligence indicator", + "type": "string" + }, + "type": "array" + }, + "ids": { + "description": "Ids of threat intelligence indicators", + "items": { + "description": "Id of a threat intelligence indicator", + "type": "string" + }, + "type": "array" + }, + "keywords": { + "description": "Keywords for searching threat intelligence indicators", + "items": { + "description": "keyword for searching threat intelligence indicators", + "type": "string" + }, + "type": "array" + }, + "skipToken": { + "description": "Skip token.", + "type": "string" + } + }, + "type": "object" + }, + "ThreatIntelligenceSortingCriteria": { + "description": "List of available columns for sorting", + "properties": { + "itemKey": { + "description": "Column name", + "type": "string" + }, + "sortOrder": { + "$ref": "#/definitions/ThreatIntelligenceSortingOrder", + "description": "Sorting order (ascending/descending/unsorted)." + } + }, + "type": "object" + }, + "ThreatIntelligenceSortingOrder": { + "description": "Sorting order (ascending/descending/unsorted).", + "enum": [ + "unsorted", + "ascending", + "descending" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ThreatIntelligenceSortingOrder", + "values": [ + { + "value": "unsorted" + }, + { + "value": "ascending" + }, + { + "value": "descending" + } + ] + } + }, + "ThreatIntelligenceAppendTags": { + "description": "Array of tags to be appended to the threat intelligence indicator.", + "properties": { + "threatIntelligenceTags": { + "description": "List of tags to be appended.", + "items": { + "description": "parameter", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "ThreatIntelligenceMetricsList": { + "description": "List of all the threat intelligence metric fields (type/threat type/source).", + "properties": { + "value": { + "description": "Array of threat intelligence metric fields (type/threat type/source).", + "items": { + "$ref": "#/definitions/ThreatIntelligenceMetrics" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "ThreatIntelligenceMetrics": { + "description": "Threat intelligence metrics.", + "properties": { + "properties": { + "description": "Threat intelligence metrics.", + "$ref": "#/definitions/ThreatIntelligenceMetric" + } + }, + "type": "object" + }, + "ThreatIntelligenceMetric": { + "description": "Describes threat intelligence metric", + "properties": { + "lastUpdatedTimeUtc": { + "description": "Last updated indicator metric", + "type": "string" + }, + "threatTypeMetrics": { + "description": "Threat type metrics", + "items": { + "description": "parameter", + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "type": "array" + }, + "patternTypeMetrics": { + "description": "Pattern type metrics", + "items": { + "description": "parameter", + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "type": "array" + }, + "sourceMetrics": { + "description": "Source metrics", + "items": { + "description": "parameter", + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "ThreatIntelligenceMetricEntity": { + "description": "Describes threat intelligence metric entity", + "properties": { + "metricName": { + "description": "Metric name", + "type": "string" + }, + "metricValue": { + "description": "Metric value", + "type": "integer", + "format": "int32" + } + }, + "type": "object" + } + }, + "parameters": { + "OperationalInsightsResourceProvider": { + "description": "The namespace of workspaces resource provider- Microsoft.OperationalInsights.", + "in": "path", + "name": "operationalInsightsResourceProvider", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceName": { + "description": "Threat intelligence indicator name field.", + "in": "path", + "name": "name", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceProperties": { + "description": "Properties of threat intelligence indicators to create and update.", + "in": "body", + "name": "ThreatIntelligenceProperties", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorModelForRequestBody" + }, + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceReplaceTags": { + "description": "Tags in the threat intelligence indicator to be replaced.", + "in": "body", + "name": "ThreatIntelligenceReplaceTags", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorModelForRequestBody" + }, + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceFilteringCriteria": { + "description": "Filtering criteria for querying threat intelligence indicators.", + "in": "body", + "name": "ThreatIntelligenceFilteringCriteria", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceFilteringCriteria" + }, + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceIndicatorEntityKind": { + "description": "The threat intelligence entity kind", + "in": "query", + "name": "ctiEntityKind", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceAppendTags": { + "description": "The threat intelligence append tags request body", + "in": "body", + "name": "ThreatIntelligenceAppendTags", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceAppendTags" + }, + "x-ms-parameter-location": "method" + }, + "ODataFilter": { + "description": "Filters the results, based on a Boolean condition. Optional.", + "in": "query", + "name": "$filter", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ODataOrderBy": { + "description": "Sorts the results. Optional.", + "in": "query", + "name": "$orderby", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ODataSkipToken": { + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "in": "query", + "name": "$skipToken", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ODataTop": { + "description": "Returns only the first n results. Optional.", + "format": "int32", + "in": "query", + "name": "$top", + "required": false, + "type": "integer", + "x-ms-parameter-location": "method" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/Watchlists.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/Watchlists.json new file mode 100644 index 00000000..7a85c964 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/Watchlists.json @@ -0,0 +1,774 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2021-04-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists": { + "get": { + "x-ms-examples": { + "Get all watchlists.": { + "$ref": "./examples/watchlists/GetWatchlists.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Get all watchlists, without watchlist items.", + "operationId": "Watchlists_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}": { + "get": { + "x-ms-examples": { + "Get a watchlist.": { + "$ref": "./examples/watchlists/GetWatchlistByAlias.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Get a watchlist, without its watchlist items.", + "operationId": "Watchlists_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Watchlist" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a watchlist.": { + "$ref": "./examples/watchlists/DeleteWatchlist.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Delete a watchlist.", + "operationId": "Watchlists_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create or update a watchlist.": { + "$ref": "./examples/watchlists/CreateWatchlist.json" + }, + "Create or update a watchlist and bulk creates watchlist items.": { + "$ref": "./examples/watchlists/CreateWatchlistAndWatchlistItems.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint with rawContent and contentType properties.", + "operationId": "Watchlists_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/Watchlist" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Watchlist" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Watchlist" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems": { + "get": { + "x-ms-examples": { + "Get all watchlist Items.": { + "$ref": "./examples/watchlists/GetWatchlistItems.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Get all watchlist Items.", + "operationId": "WatchlistItems_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistItemList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}": { + "get": { + "x-ms-examples": { + "Get a watchlist item.": { + "$ref": "./examples/watchlists/GetWatchlistItemById.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Get a watchlist item.", + "operationId": "WatchlistItems_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a watchlist item.": { + "$ref": "./examples/watchlists/DeleteWatchlistItem.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Delete a watchlist item.", + "operationId": "WatchlistItems_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create or update a watchlist item.": { + "$ref": "./examples/watchlists/CreateWatchlistItem.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Create or update a watchlist item.", + "operationId": "WatchlistItems_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + }, + { + "$ref": "#/parameters/WatchlistItem" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "WatchlistList": { + "description": "List all the watchlists.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of watchlists.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of watchlist.", + "items": { + "$ref": "#/definitions/Watchlist" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "Watchlist": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Watchlist in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/WatchlistProperties", + "description": "Watchlist properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WatchlistProperties": { + "description": "Describes watchlist properties", + "properties": { + "watchlistId": { + "description": "The id (a Guid) of the watchlist", + "type": "string" + }, + "displayName": { + "description": "The display name of the watchlist", + "type": "string" + }, + "provider": { + "description": "The provider of the watchlist", + "type": "string" + }, + "source": { + "description": "The source of the watchlist", + "enum": [ + "Local file", + "Remote storage" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "source" + } + }, + "created": { + "description": "The time the watchlist was created", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The last time the watchlist was updated", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the watchlist", + "type": "object" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the watchlist", + "type": "object" + }, + "description": { + "description": "A description of the watchlist", + "type": "string" + }, + "watchlistType": { + "description": "The type of the watchlist", + "type": "string" + }, + "watchlistAlias": { + "description": "The alias of the watchlist", + "type": "string" + }, + "isDeleted": { + "description": "A flag that indicates if the watchlist is deleted or not", + "type": "boolean" + }, + "labels": { + "description": "List of labels relevant to this watchlist", + "items": { + "$ref": "#/definitions/Label" + }, + "type": "array" + }, + "defaultDuration": { + "description": "The default duration of a watchlist (in ISO 8601 duration format)", + "format": "duration", + "type": "string" + }, + "tenantId": { + "description": "The tenantId where the watchlist belongs to", + "type": "string" + }, + "numberOfLinesToSkip": { + "description": "The number of lines in a csv content to skip before the header", + "type": "integer", + "format": "int32" + }, + "rawContent": { + "description": "The raw content that represents to watchlist items to create. Example : This line will be skipped\nheader1,header2\nvalue1,value2", + "type": "string" + }, + "itemsSearchKey": { + "description": "The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.", + "type": "string" + }, + "contentType": { + "description": "The content type of the raw content. For now, only text/csv is valid", + "type": "string" + }, + "uploadStatus": { + "description": "The status of the Watchlist upload : New, InProgress or Complete. **Note** : When a Watchlist upload status is InProgress, the Watchlist cannot be deleted", + "type": "string" + } + }, + "required": [ + "displayName", + "source", + "provider", + "itemsSearchKey" + ], + "type": "object" + }, + "WatchlistItemList": { + "description": "List all the watchlist items.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of watchlist items.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of watchlist items.", + "items": { + "$ref": "#/definitions/WatchlistItem" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "WatchlistItem": { + "allOf": [ + { + "$ref": "../../../common/1.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Watchlist Item in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/WatchlistItemProperties", + "description": "Watchlist Item properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WatchlistItemProperties": { + "description": "Describes watchlist item properties", + "properties": { + "watchlistItemType": { + "description": "The type of the watchlist item", + "type": "string" + }, + "watchlistItemId": { + "description": "The id (a Guid) of the watchlist item", + "type": "string" + }, + "tenantId": { + "description": "The tenantId to which the watchlist item belongs to", + "type": "string" + }, + "isDeleted": { + "description": "A flag that indicates if the watchlist item is deleted or not", + "type": "boolean" + }, + "created": { + "description": "The time the watchlist item was created", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The last time the watchlist item was updated", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the watchlist item", + "type": "object" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the watchlist item", + "type": "object" + }, + "itemsKeyValue": { + "description": "key-value pairs for a watchlist item", + "type": "object" + }, + "entityMapping": { + "description": "key-value pairs for a watchlist item entity mapping", + "type": "object" + } + }, + "required": [ + "itemsKeyValue" + ], + "type": "object" + }, + "UserInfo": { + "description": "User information that made some action", + "properties": { + "email": { + "description": "The email of the user.", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "The name of the user.", + "readOnly": true, + "type": "string" + }, + "objectId": { + "description": "The object id of the user.", + "format": "uuid", + "type": "string", + "x-nullable": true + } + }, + "type": "object" + }, + "Label": { + "description": "Label that will be used to tag and filter on.", + "type": "string" + }, + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse", + "description": "The error object of the CloudError response" + } + }, + "type": "object", + "description": "An error response for a resource management request." + } + }, + "parameters": { + "WatchlistAlias": { + "description": "The watchlist alias", + "in": "path", + "name": "watchlistAlias", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "Watchlist": { + "description": "The watchlist", + "in": "body", + "name": "watchlist", + "required": true, + "schema": { + "$ref": "#/definitions/Watchlist" + }, + "x-ms-parameter-location": "method" + }, + "WatchlistItem": { + "description": "The watchlist item", + "in": "body", + "name": "watchlistItem", + "required": true, + "schema": { + "$ref": "#/definitions/WatchlistItem" + }, + "x-ms-parameter-location": "method" + }, + "WatchlistItemId": { + "description": "The watchlist item id (GUID)", + "in": "path", + "name": "watchlistItemId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SubscriptionId": { + "description": "Azure subscription ID", + "in": "path", + "name": "subscriptionId", + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", + "required": true, + "type": "string" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/CreateIncident.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/CreateIncident.json new file mode 100644 index 00000000..6f5924ca --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/CreateIncident.json @@ -0,0 +1,104 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incident": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "relatedAnalyticRuleIds": [], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [] + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "relatedAnalyticRuleIds": [], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [] + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/DeleteIncident.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/DeleteIncident.json new file mode 100644 index 00000000..56603898 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/DeleteIncident.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentAlerts.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentAlerts.json new file mode 100644 index 00000000..2a7544a5 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentAlerts.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "name": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "SecurityAlert", + "properties": { + "systemAlertId": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "tactics": [], + "alertDisplayName": "myAlert", + "confidenceLevel": "Unknown", + "severity": "Low", + "vendorName": "Microsoft", + "productName": "Azure Security Center", + "alertType": "myAlert", + "processingEndTime": "2020-07-20T18:21:53.6158361Z", + "status": "New", + "endTimeUtc": "2020-07-20T18:21:53.6158361Z", + "startTimeUtc": "2020-07-20T18:21:53.6158361Z", + "timeGenerated": "2020-07-20T18:21:53.6158361Z", + "resourceIdentifiers": [ + { + "type": "LogAnalytics", + "workspaceId": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroup": "myRG" + } + ], + "additionalData": { + "AlertMessageEnqueueTime": "2020-07-20T18:21:57.304Z" + }, + "friendlyName": "myAlert" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentBookmarks.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentBookmarks.json new file mode 100644 index 00000000..757b7929 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentBookmarks.json @@ -0,0 +1,77 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/afbd324f-6c48-459c-8710-8d1e1cd03812", + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "Bookmark", + "properties": { + "displayName": "SecurityEvent - 868f40f4698d", + "created": "2020-06-17T15:34:01.4265524+00:00", + "updated": "2020-06-17T15:34:01.4265524+00:00", + "createdBy": { + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@microsoft.com", + "name": "user" + }, + "updatedBy": { + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@microsoft.com", + "name": "user" + }, + "eventTime": "2020-06-17T15:34:01.4265524+00:00", + "labels": [], + "query": "SecurityEvent\r\n| take 1\n", + "queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}", + "additionalData": { + "ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", + "EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "friendlyName": "SecurityEvent - 868f40f4698d" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/bbbd324f-6c48-459c-8710-8d1e1cd03812", + "name": "bbbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "Bookmark", + "properties": { + "displayName": "SecurityEvent - 868f40f4698d", + "created": "2020-06-17T15:34:01.4265524+00:00", + "updated": "2020-06-17T15:34:01.4265524+00:00", + "createdBy": { + "objectId": "303ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@microsoft.com", + "name": "user" + }, + "updatedBy": { + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@microsoft.com", + "name": "user" + }, + "eventTime": "2020-06-17T15:34:01.4265524+00:00", + "labels": [], + "query": "SecurityEvent\r\n| take 1\n", + "queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}", + "additionalData": { + "ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", + "EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "friendlyName": "SecurityEvent - 868f40f4698d" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentEntities.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentEntities.json new file mode 100644 index 00000000..9fbd4023 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentEntities.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "entities": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "Account", + "properties": { + "friendlyName": "administrator", + "accountName": "administrator", + "ntDomain": "domain" + } + } + ], + "metaData": [ + { + "entityKind": "Account", + "count": 1 + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetIncidentById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetIncidentById.json new file mode 100644 index 00000000..78ecfba0 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetIncidentById.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "InaccurateData", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "InitialAccess", + "Persistence" + ] + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetIncidents.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetIncidents.json new file mode 100644 index 00000000..927a9671 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetIncidents.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "$orderby": "properties/createdTimeUtc desc", + "$top": 1 + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/incidents", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "description": "This is a demo incident", + "title": "My incident", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "assignedTo": "john doe" + }, + "severity": "High", + "classification": "FalsePositive", + "classificationComment": "Not a malicious activity", + "classificationReason": "IncorrectAlertLogic", + "status": "Closed", + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentNumber": 3177, + "labels": [], + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ], + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "Persistence" + ] + } + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/CreateIncidentComment.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/CreateIncidentComment.json new file mode 100644 index 00000000..e86a3fb7 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/CreateIncidentComment.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "incidentComment": { + "properties": { + "message": "Some message" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-04T13:15:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/DeleteIncidentComment.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/DeleteIncidentComment.json new file mode 100644 index 00000000..e23ae7f8 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/DeleteIncidentComment.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/GetAllIncidentComments.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/GetAllIncidentComments.json new file mode 100644 index 00000000..bebe3cc3 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/GetAllIncidentComments.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + } + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/GetIncidentCommentById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/GetIncidentCommentById.json new file mode 100644 index 00000000..b52d6efd --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/GetIncidentCommentById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/comments", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "userPrincipalName": "john@contoso.com", + "name": "john doe" + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/CreateIncidentRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/CreateIncidentRelation.json new file mode 100644 index 00000000..82c2500f --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/CreateIncidentRelation.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "relation": { + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/DeleteIncidentRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/DeleteIncidentRelation.json new file mode 100644 index 00000000..7a37ded9 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/DeleteIncidentRelation.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/GetAllIncidentRelations.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/GetAllIncidentRelations.json new file mode 100644 index 00000000..b53500d9 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/GetAllIncidentRelations.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/9673a17d-8bc7-4ca6-88ee-38a4f3efc032", + "name": "9673a17d-8bc7-4ca6-88ee-38a4f3efc032", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "6f714025-dd7c-46aa-b5d0-b9857488d060", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/1dd267cd-8a1f-4f6f-b92c-da43ac8819af", + "relatedResourceName": "1dd267cd-8a1f-4f6f-b92c-da43ac8819af", + "relatedResourceType": "Microsoft.SecurityInsights/entities", + "relatedResourceKind": "SecurityAlert" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/GetIncidentRelationByName.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/GetIncidentRelationByName.json new file mode 100644 index 00000000..a2846679 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/GetIncidentRelationByName.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/AppendTagsThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/AppendTagsThreatIntelligence.json new file mode 100644 index 00000000..46520a2d --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/AppendTagsThreatIntelligence.json @@ -0,0 +1,19 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceAppendTags": { + "threatIntelligenceTags": [ + "tag1", + "tag2" + ] + } + }, + "responses": { + "200": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/CollectThreatIntelligenceMetrics.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/CollectThreatIntelligenceMetrics.json new file mode 100644 index 00000000..c882bf91 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/CollectThreatIntelligenceMetrics.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "lastUpdatedTimeUtc": "2020-09-01T19:44:44.117403Z", + "threatTypeMetrics": [ + { + "metricName": "compromised", + "metricValue": 20 + } + ], + "patternTypeMetrics": [ + { + "metricName": "url", + "metricValue": 20 + } + ], + "sourceMetrics": [ + { + "metricName": "Azure Sentinel", + "metricValue": 10315 + }, + { + "metricName": "zinga", + "metricValue": 2 + } + ] + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/CreateThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/CreateThreatIntelligence.json new file mode 100644 index 00000000..cc69d35b --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/CreateThreatIntelligence.json @@ -0,0 +1,101 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ThreatIntelligenceProperties": { + "kind": "indicator", + "properties": { + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "description": "debugging indicators", + "externalReferences": [], + "granularMarkings": [], + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "validFrom": "2020-04-15T17:44:00.114052Z", + "validUntil": "" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T20:20:38.6160949Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T20:20:38.6160949Z", + "createdByRef": "aztestConnectors@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/DeleteThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/DeleteThreatIntelligence.json new file mode 100644 index 00000000..ca06dedb --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/DeleteThreatIntelligence.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/GetThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/GetThreatIntelligence.json new file mode 100644 index 00000000..0264247c --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/GetThreatIntelligence.json @@ -0,0 +1,77 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 90, + "created": "2020-04-15T20:11:57.9666134Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:15:11.0746926Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema 2", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + }, + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T19:51:17.1050923Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:15:11.074903Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/GetThreatIntelligenceById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/GetThreatIntelligenceById.json new file mode 100644 index 00000000..7334c9ea --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/GetThreatIntelligenceById.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T19:51:17.1050923Z", + "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:18:49.2259902Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://abc.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/QueryThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/QueryThreatIntelligence.json new file mode 100644 index 00000000..2ebf7262 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/QueryThreatIntelligence.json @@ -0,0 +1,108 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ThreatIntelligenceFilteringCriteria": { + "pageSize": 100, + "minConfidence": 25, + "maxConfidence": 80, + "minValidUntil": "2020-04-05T17:44:00.114052Z", + "maxValidUntil": "2020-04-25T17:44:00.114052Z", + "sources": [ + "Azure Sentinel" + ], + "sortBy": [ + { + "itemKey": "lastUpdatedTimeUtc", + "sortOrder": "descending" + } + ] + } + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 90, + "created": "2020-04-15T20:11:57.9666134Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:15:11.0746926Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema 2", + "description": "debugging indicators 2", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z", + "parsedPattern": [ + { + "patternTypeKey": "network-traffic", + "patternTypeValues": [ + { + "valueType": "0", + "value": "SSH-2.0-PuTTY_Release_0.64" + }, + { + "valueType": "1", + "value": "194.88.106.146" + } + ] + } + ] + } + }, + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T19:51:17.1050923Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:15:11.074903Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/ReplaceTagsThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/ReplaceTagsThreatIntelligence.json new file mode 100644 index 00000000..4ac66249 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/ReplaceTagsThreatIntelligence.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceReplaceTags": { + "etag": "\"0000262c-0000-0800-0000-5e9767060000\"", + "kind": "indicator", + "properties": { + "threatIntelligenceTags": [ + "patching tags" + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T19:51:17.1050923Z", + "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T19:56:08.828946Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://abc.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/UpdateThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/UpdateThreatIntelligence.json new file mode 100644 index 00000000..b020c1b9 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/UpdateThreatIntelligence.json @@ -0,0 +1,102 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceProperties": { + "kind": "indicator", + "properties": { + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "description": "debugging indicators", + "externalReferences": [], + "granularMarkings": [], + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "validFrom": "2020-04-15T17:44:00.114052Z", + "validUntil": "" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T20:20:38.6160949Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2020-04-15T20:20:38.6160949Z", + "createdByRef": "aztestConnectors@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2020-04-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlist.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlist.json new file mode 100644 index 00000000..bd00602c --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlist.json @@ -0,0 +1,86 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlist": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "High Value Assets Watchlist", + "source": "Local file", + "provider": "Microsoft", + "description": "Watchlist from CSV content", + "itemsSearchKey": "header1" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlistAndWatchlistItems.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlistAndWatchlistItems.json new file mode 100644 index 00000000..1c7b3a22 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlistAndWatchlistItems.json @@ -0,0 +1,89 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlist": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "High Value Assets Watchlist", + "source": "Local file", + "provider": "Microsoft", + "description": "Watchlist from CSV content", + "numberOfLinesToSkip": 1, + "rawContent": "This line will be skipped\nheader1,header2\nvalue1,value2", + "itemsSearchKey": "header1", + "contentType": "text/csv" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlistItem.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlistItem.json new file mode 100644 index 00000000..08e7a272 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlistItem.json @@ -0,0 +1,92 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "watchlistItem": { + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "properties": { + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "isDeleted": false, + "created": "2020-11-15T04:58:56.0748363+00:00", + "updated": "2020-11-16T16:05:20+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "isDeleted": false, + "created": "2020-11-15T04:58:56.0748363+00:00", + "updated": "2020-11-16T16:05:20+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/DeleteWatchlist.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/DeleteWatchlist.json new file mode 100644 index 00000000..cb1c4805 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/DeleteWatchlist.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/DeleteWatchlistItem.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/DeleteWatchlistItem.json new file mode 100644 index 00000000..942c3c14 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/DeleteWatchlistItem.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistByAlias.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistByAlias.json new file mode 100644 index 00000000..ae9dbcae --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistByAlias.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "labels": [ + "Tag1", + "Tag2" + ], + "defaultDuration": "P1279DT12H30M5S", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistItemById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistItemById.json new file mode 100644 index 00000000..4f5422c7 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistItemById.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "watchlistAlias": "highValueAsset", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistItemId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", + "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "isDeleted": false, + "created": "2021-02-04T12:27:32.3783333-08:00", + "updated": "2021-02-04T12:27:32.3783333-08:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Header-1": "v1_1", + "Header-2": "v1_2", + "Header-3": "v1_3", + "Header-4": "v1_4", + "Header-5": "v1_5" + }, + "entityMapping": {} + } + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistItems.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistItems.json new file mode 100644 index 00000000..e7e87f1d --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistItems.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", + "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "isDeleted": false, + "created": "2021-02-04T12:27:32.3783333-08:00", + "updated": "2021-02-04T12:27:32.3783333-08:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Header-1": "v1_1", + "Header-2": "v1_2", + "Header-3": "v1_3", + "Header-4": "v1_4", + "Header-5": "v1_5" + }, + "entityMapping": {} + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlists.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlists.json new file mode 100644 index 00000000..ae148175 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlists.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2021-04-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "labels": [ + "Tag1", + "Tag2" + ], + "defaultDuration": "P1279DT12H30M5S", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + ] + } + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/operations.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/operations.json new file mode 100644 index 00000000..0808512d --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/operations.json @@ -0,0 +1,140 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2021-04-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/providers/Microsoft.SecurityInsights/operations": { + "get": { + "operationId": "Operations_List", + "description": "Lists all operations available Azure Security Insights Resource Provider.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "OK. Successfully retrieved operations list.", + "schema": { + "$ref": "#/definitions/OperationsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse", + "description": "The error object of the CloudError response" + } + }, + "type": "object", + "description": "An error response for a resource management request." + }, + "OperationsList": { + "description": "Lists the operations available in the SecurityInsights RP.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of operations.", + "type": "string", + "readOnly": true + }, + "value": { + "description": "Array of operations", + "items": { + "$ref": "#/definitions/Operation" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "Operation": { + "description": "Operation provided by provider", + "properties": { + "display": { + "description": "Properties of the operation", + "properties": { + "description": { + "description": "Description of the operation", + "type": "string" + }, + "operation": { + "description": "Operation name", + "type": "string" + }, + "provider": { + "description": "Provider name", + "type": "string" + }, + "resource": { + "description": "Resource name", + "type": "string" + } + }, + "type": "object" + }, + "name": { + "description": "Name of the operation", + "type": "string" + }, + "origin": { + "description": "The origin of the operation", + "type": "string" + } + }, + "type": "object" + } + }, + "parameters": {} +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/common/1.0/types.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/common/1.0/types.json new file mode 100644 index 00000000..c7e07346 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/common/1.0/types.json @@ -0,0 +1,182 @@ +{ + "swagger": "2.0", + "info": { + "version": "1.0", + "title": "Common types" + }, + "paths": {}, + "definitions": { + "CloudError": { + "description": "Error response structure.", + "properties": { + "error": { + "$ref": "#/definitions/CloudErrorBody", + "description": "Error data", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-external": true + }, + "CloudErrorBody": { + "description": "Error details.", + "properties": { + "code": { + "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.", + "readOnly": true, + "type": "string" + }, + "message": { + "description": "A message describing the error, intended to be suitable for display in a user interface.", + "readOnly": true, + "type": "string" + } + }, + "type": "object", + "x-ms-external": true + }, + "EntityCommonProperties": { + "description": "Entity common property bag.", + "properties": { + "additionalData": { + "additionalProperties": { + "type": "object" + }, + "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", + "readOnly": true, + "type": "object" + }, + "friendlyName": { + "description": "The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "ResourceWithEtag": { + "allOf": [ + { + "$ref": "#/definitions/Resource" + } + ], + "description": "An azure resource object with an Etag property", + "properties": { + "etag": { + "description": "Etag of the azure resource", + "type": "string" + } + }, + "type": "object" + }, + "Resource": { + "description": "An azure resource object", + "properties": { + "id": { + "description": "Azure resource Id", + "readOnly": true, + "type": "string" + }, + "name": { + "description": "Azure resource name", + "readOnly": true, + "type": "string" + }, + "type": { + "description": "Azure resource type", + "readOnly": true, + "type": "string" + }, + "systemData": { + "readOnly": true, + "type": "object", + "description": "Azure Resource Manager metadata containing createdBy and modifiedBy information.", + "$ref": "../../../../common-types/resource-management/v2/types.json#/definitions/systemData" + } + }, + "type": "object", + "x-ms-azure-resource": true + } + }, + "parameters": { + "WorkspaceName": { + "description": "The name of the workspace.", + "in": "path", + "maxLength": 90, + "minLength": 1, + "name": "workspaceName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "OperationalInsightsResourceProvider": { + "description": "The namespace of workspaces resource provider- Microsoft.OperationalInsights.", + "in": "path", + "name": "operationalInsightsResourceProvider", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ResourceGroupName": { + "description": "The name of the resource group within the user's subscription. The name is case insensitive.", + "in": "path", + "maxLength": 90, + "minLength": 1, + "name": "resourceGroupName", + "pattern": "^[-\\w\\._\\(\\)]+$", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SubscriptionId": { + "description": "Azure subscription ID", + "in": "path", + "name": "subscriptionId", + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", + "required": true, + "type": "string" + }, + "ODataFilter": { + "description": "Filters the results, based on a Boolean condition. Optional.", + "in": "query", + "name": "$filter", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ODataOrderBy": { + "description": "Sorts the results. Optional.", + "in": "query", + "name": "$orderby", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ODataSkipToken": { + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "in": "query", + "name": "$skipToken", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ODataTop": { + "description": "Returns only the first n results. Optional.", + "format": "int32", + "in": "query", + "name": "$top", + "required": false, + "type": "integer", + "x-ms-parameter-location": "method" + }, + "ODataSkip": { + "description": "Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left.", + "in": "query", + "name": "$skip", + "required": false, + "type": "integer", + "format": "int32", + "x-ms-parameter-location": "method" + } + } +} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.az.md b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.az.md new file mode 100644 index 00000000..eddcad53 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.az.md @@ -0,0 +1,24 @@ +## AZ + +These settings apply only when `--az` is specified on the command line. + +``` yaml $(az) +az: + extensions: sentinel + namespace: azure.mgmt.securityinsight + package-name: azure-mgmt-securityinsight +az-output-folder: $(azure-cli-extension-folder)/src/securityinsight +python-sdk-output-folder: "$(az-output-folder)/azext_sentinel/vendored_sdks/securityinsight" + +#cli: +# cli-directive: +# directive on operationGroup +# - select: 'operationGroup' +# where: +# operationGroup: 'operations' +# hidden: true +# - where: +# parameter: location +# required: true + +``` diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.cli.md b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.cli.md new file mode 100644 index 00000000..a9e918ee --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.cli.md @@ -0,0 +1,9 @@ + CLI + +These settings apply only when `--cli` is specified on the command line. + +``` yaml $(cli) +#cli: +# test-scenario: +# - name: Factories_CreateOrUpdate +``` diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.go.md b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.go.md new file mode 100644 index 00000000..5d0a3c22 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.go.md @@ -0,0 +1,36 @@ +## Go + +These settings apply only when `--go` is specified on the command line. + +```yaml $(go) +go: + license-header: MICROSOFT_MIT_NO_VERSION + namespace: securityinsight + clear-output-folder: true +``` + +### Go multi-api + +```yaml $(go) && $(multiapi) +batch: + - tag: package-2020-01 + - tag: package-2019-01-preview +``` + +### Tag: package-2020-01 and go + +These settings apply only when `--tag=package-2020-01 --go` is specified on the command line. +Please also specify `--go-sdk-folder=`. + +```yaml $(tag) == 'package-2020-01' && $(go) +output-folder: $(go-sdk-folder)/services/$(namespace)/mgmt/2020-01-01/$(namespace) +``` + +### Tag: package-2019-01-preview and go + +These settings apply only when `--tag=package-2019-01-preview --go` is specified on the command line. +Please also specify `--go-sdk-folder=`. + +```yaml $(tag) == 'package-2019-01-preview' && $(go) +output-folder: $(go-sdk-folder)/services/preview/$(namespace)/mgmt/2019-01-01-preview/$(namespace) +``` diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.md b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.md new file mode 100644 index 00000000..58ac8938 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.md @@ -0,0 +1,231 @@ +# Security Insight + +> see https://aka.ms/autorest + +This is the AutoRest configuration file for SecurityInsights. + +--- + +## Getting Started + +To build the SDK for SecurityInsights, simply [Install AutoRest](https://aka.ms/autorest/install) and in this folder, run: + +> `autorest` + +To see additional help and options, run: + +> `autorest --help` + +--- + +## Configuration + +### Basic Information + +These are the global settings for the SecurityInsights API. + +```yaml +openapi-type: arm +tag: package-2020-01 +``` + + +### Tag: package-2021-04-01-only + +These settings apply only when `--tag=package-2021-04-01-only` is specified on the command line. + +```yaml $(tag) == 'package-2021-04-01-only' +input-file: +- Microsoft.SecurityInsights/stable/2021-04-01/Incidents.json +- Microsoft.SecurityInsights/stable/2021-04-01/operations.json +- Microsoft.SecurityInsights/stable/2021-04-01/Watchlists.json +- Microsoft.SecurityInsights/stable/2021-04-01/ThreatIntelligence.json + +directive: + - suppress: R4017 + from: Microsoft.SecurityInsights/stable/2021-04-01/Incidents.json + where: $.definitions.Incidents + reason: The Incident does not support list by subscription. It's not a top-level resource. To get the Incident, we should have a subscription as well as a resource group and Log Analytics workspace. + - suppress: R4017 + from: Microsoft.SecurityInsights/stable/2021-04-01/Watchlists.json + where: $.definitions.Watchlist + reason: The Watchlist does not support list by subscription. It's not a top-level resource. To get the Watchlist, we should have a subscription as well as a resource group and Log Analytics workspace. +``` + +--- + +### Tag: package-2020-01 + +These settings apply only when `--tag=package-2020-01` is specified on the command line. + + +```yaml $(tag) == 'package-2020-01' +input-file: +- Microsoft.SecurityInsights/stable/2020-01-01/AlertRules.json +- Microsoft.SecurityInsights/stable/2020-01-01/Bookmarks.json +- Microsoft.SecurityInsights/stable/2020-01-01/DataConnectors.json +- Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json + +directive: + - suppress: R2059 + from: Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json + reason: it's not actually a resource path; the validator is confused because the LogAnalytics namespace is in the URI path. + approved-by: "@lirenhe" +``` + +--- + +### Tag: package-2021-03-preview-only + +These settings apply only when `--tag=package-2021-03-preview-only` is specified on the command line. + +```yaml $(tag) == 'package-2021-03-preview-only' +input-file: +- Microsoft.SecurityInsights/preview/2021-03-01-preview/Incidents.json +- Microsoft.SecurityInsights/preview/2021-03-01-preview/Settings.json +- Microsoft.SecurityInsights/preview/2021-03-01-preview/OnboardingStates.json +- Microsoft.SecurityInsights/preview/2021-03-01-preview/operations.json +- Microsoft.SecurityInsights/preview/2021-03-01-preview/SourceControls.json +- Microsoft.SecurityInsights/preview/2021-03-01-preview/dataConnectors.json +- Microsoft.SecurityInsights/preview/2021-03-01-preview/Watchlists.json +- Microsoft.SecurityInsights/preview/2021-03-01-preview/AlertRules.json +- Microsoft.SecurityInsights/preview/2021-03-01-preview/EntityQueries.json +- Microsoft.SecurityInsights/preview/2021-03-01-preview/Metadata.json +directive: + - suppress: R4017 + from: Microsoft.SecurityInsights/preview/2021-03-01-preview/Settings.json + where: $.definitions.Settings + reason: The Setting does not support list by subscription. It's not a top-level resource. To get the Setting, we should have a subscription as well as a resource group and Log Analytics workspace. + - suppress: R4017 + from: Microsoft.SecurityInsights/preview/2021-03-01-preview/dataConnectors.json + where: $.definitions.DataConnector + reason: The DataConnector does not support list by subscription. It's not a top-level resource. + - suppress: R4017 + from: Microsoft.SecurityInsights/preview/2021-03-01-preview/Watchlists.json + where: $.definitions.Watchlist + reason: The Watchlist does not support list by subscription. It's not a top-level resource. To get the Watchlist, we should have a subscription as well as a resource group and Log Analytics workspace. + - suppress: R4017 + from: Microsoft.SecurityInsights/preview/2021-03-01-preview/SourceControls.json + where: $.definitions.SourceControl + reason: The sourceControl does not support list by subscription. It's not a top-level resource. + - suppress: R4017 + from: Microsoft.SecurityInsights/preview/2021-03-01-preview/OnboardingStates.json + where: $.definitions.SentinelOnboardingState + reason: The SentinelOnboardingState does not support list by subscription. It's not a top-level resource. To get the SentinelOnboardingState, we should have a subscription as well as a resource group and Log Analytics workspace. + - suppress: R4017 + from: Microsoft.SecurityInsights/preview/2021-03-01-preview/Incidents.json + where: $.definitions.Incidents + reason: The Incidents does not support list by subscription. It's not a top-level resource. To get the Incidents, we should have a subscription as well as a resource group and Log Analytics workspace. + - suppress: R4017 + from: Microsoft.SecurityInsights/preview/2021-03-01-preview/Incidents.json + where: $.definitions.Incident + reason: The Incident does not support list by subscription. It's not a top-level resource. To get the Incident, we should have a subscription as well as a resource group, Log Analytics workspace and incident ID. + - suppress: R4017 + from: Microsoft.SecurityInsights/preview/2021-03-01-preview/AlertRules.json + where: $.definitions.AlertRule + reason: The AlertRule does not support list by subscription. It's not a top-level resource. To get the AlertRule, we should have a subscription as well as a resource group and Log Analytics workspace. + - suppress: R4017 + from: Microsoft.SecurityInsights/preview/2021-03-01-preview/AlertRules.json + where: $.definitions.AlertRuleTemplate + reason: The AlertRuleTemplate does not support list by subscription. It's not a top-level resource. To get the AlertRuleTemplate, we should have a subscription as well as a resource group and Log Analytics workspace. + - suppress: R4017 + from: Microsoft.SecurityInsights/preview/2021-03-01-preview/EntityQueries.json + where: $.definitions.EntityQuery + reason: The EntityQuery does not support list by subscription. It's not a top-level resource. To get the EntityQuery, we should have a subscription as well as a resource group and Log Analytics workspace. + - suppress: R4017 + from: Microsoft.SecurityInsights/preview/2021-03-01-preview/Metadata.json + where: $.definitions.MetadataModel + reason: Metadata does not support list by subscription. It's not a top-level resource. To get a Metadata list, we should have a subscription as well as a resource group and Log Analytics workspace. +``` + +--- + +### Tag: package-2019-01-preview + +These settings apply only when `--tag=package-2019-01-preview` is specified on the command line. + +```yaml $(tag) == 'package-2019-01-preview' +input-file: +- Microsoft.SecurityInsights/preview/2019-01-01-preview/Aggregations.json +- Microsoft.SecurityInsights/preview/2019-01-01-preview/AutomationRules.json +- Microsoft.SecurityInsights/preview/2019-01-01-preview/Bookmarks.json +- Microsoft.SecurityInsights/preview/2019-01-01-preview/Cases.json +- Microsoft.SecurityInsights/preview/2019-01-01-preview/DataConnectorsCheckRequirements.json +- Microsoft.SecurityInsights/preview/2019-01-01-preview/Enrichment.json +- Microsoft.SecurityInsights/preview/2019-01-01-preview/Entities.json +- Microsoft.SecurityInsights/preview/2019-01-01-preview/OfficeConsents.json +- Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +- Microsoft.SecurityInsights/preview/2019-01-01-preview/ThreatIntelligence.json +directive: + - suppress: R4017 + from: Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json + where: $.definitions.ThreatIntelligenceResource + reason: Our API is designed based on per region per workspace concept. There is no use case of our customers to get all indicators in multiple workspaces. + approved-by: "@cheggert" + - suppress: R4017 + from: Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json + where: $.definitions.Watchlist + reason: The Watchlist does not support list by subscription. It's not a top-level resource. To get the Watchlist, we should have a subscription as well as a resource group and Log Analytics workspace. + - suppress: R4017 + from: Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json + where: $.definitions.AutomationRule + reason: The AutomationRule does not support list by subscription. It's not a top-level resource. To get the AutomationRule, we should have a subscription as well as a resource group and Log Analytics workspace. + - suppress: R4017 + from: Microsoft.SecurityInsights/preview/2019-01-01-preview/AutomationRules.json + where: $.definitions.AutomationRule + reason: The AutomationRule does not support list by subscription. It's not a top-level resource. To get the AutomationRule, we should have a subscription as well as a resource group and Log Analytics workspace. +``` + +--- + +# Code Generation + +## Swagger to SDK + +This section describes what SDK should be generated by the automatic system. +This is not used by Autorest itself. + +```yaml $(swagger-to-sdk) +swagger-to-sdk: + - repo: azure-sdk-for-net + - repo: azure-sdk-for-go + - repo: azure-sdk-for-python-track2 + - repo: azure-sdk-for-js + - repo: azure-sdk-for-node + - repo: azure-cli-extensions + - repo: azure-resource-manager-schemas +``` + +## C# + +These settings apply only when `--csharp` is specified on the command line. +Please also specify `--csharp-sdks-folder=`. + +```yaml $(csharp) +csharp: + azure-arm: true + license-header: MICROSOFT_MIT_NO_VERSION + namespace: Microsoft.Azure.Management.SecurityInsights + payload-flattening-threshold: 2 + output-folder: $(csharp-sdks-folder)/securityinsights/Microsoft.Azure.Management.SecurityInsights/src/Generated + clear-output-folder: true +``` + +## Go + +See configuration in [readme.go.md](./readme.go.md) + +## Python + +See configuration in [readme.python.md](./readme.python.md) + +## Node.js + +See configuration in [readme.nodejs.md](./readme.nodejs.md) + +## TypeScript + +See configuration in [readme.typescript.md](./readme.typescript.md) + + + diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.nodejs.md b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.nodejs.md new file mode 100644 index 00000000..f4181bc3 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.nodejs.md @@ -0,0 +1,14 @@ +## Node.js + +These settings apply only when `--nodejs` is specified on the command line. +Please also specify `--node-sdks-folder=`. + +``` yaml $(nodejs) +nodejs: + azure-arm: true + package-name: azure-arm-securityinsight + output-folder: $(node-sdks-folder)/lib/services/securityInsightManagement + generate-license-txt: true + generate-package-json: true + generate-readme-md: true +``` diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.python.md b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.python.md new file mode 100644 index 00000000..32143c68 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.python.md @@ -0,0 +1,24 @@ +## Python + +These settings apply only when `--python` is specified on the command line. +Please also specify `--python-sdks-folder=`. +Use `--python-mode=update` if you already have a setup.py and just want to update the code itself. + +``` yaml $(python) && $(track2) +azure-arm: true +license-header: MICROSOFT_MIT_NO_VERSION +namespace: azure.mgmt.securityinsight +package-name: azure-mgmt-securityinsight +package-version: 1.0.0b1 +clear-output-folder: true +``` + +``` yaml $(python) && $(python-mode) == 'update' && $(track2) +no-namespace-folders: true +output-folder: $(python-sdks-folder)/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight +``` + +``` yaml $(python) && $(python-mode) == 'create' && $(track2) +basic-setup-py: true +output-folder: $(python-sdks-folder)/securityinsight/azure-mgmt-securityinsight +``` diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.test.md b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.test.md new file mode 100644 index 00000000..e83ff999 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.test.md @@ -0,0 +1,12 @@ + +### Tag: package-composite-v1 + +These settings apply only when `--tag=package-composite-v1` is specified on the command line. + +```yaml $(tag) == 'package-composite-v1' +test-resources: + - test: Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/alertRules.yaml + - test: Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/bookmarks.yaml + - test: Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/dataConnectors.yaml + - test: Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/incidents.yaml +``` diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.typescript.md b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.typescript.md new file mode 100644 index 00000000..f47d1535 --- /dev/null +++ b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.typescript.md @@ -0,0 +1,13 @@ +## TypeScript + +These settings apply only when `--typescript` is specified on the command line. +Please also specify `--typescript-sdks-folder=`. + +``` yaml $(typescript) +typescript: + azure-arm: true + package-name: "@azure/arm-securityinsight" + output-folder: "$(typescript-sdks-folder)/sdk/securityinsight/arm-securityinsight" + clear-output-folder: true + generate-metadata: true +``` diff --git a/src/test/errors-test.ts b/src/test/errors-test.ts index 7855abba..76496699 100644 --- a/src/test/errors-test.ts +++ b/src/test/errors-test.ts @@ -72,6 +72,38 @@ describe('errors', () => { level: 'Error', message: 'The API version of the swagger is inconsistent with its file path.', }, + { + level: 'Error', + code: 'MISSING_APIS_IN_DEFAULT_TAG', + message: + // tslint:disable-next-line: max-line-length + 'The default tag does not contain all APIs in this RP. Please make sure the missing API swaggers are in the default tag.', + tag: 'default', + readMeUrl: + // tslint:disable-next-line: max-line-length + '/work/avocado/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.md', + jsonUrl: + // tslint:disable-next-line: max-line-length + '/work/avocado/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/Watchlists.json', + path: + // tslint:disable-next-line: max-line-length + '/subscriptions/{}/resourceGroups/{}/providers/{}/workspaces/{}/providers/Microsoft.SecurityInsights/watchlists/{}/watchlistItems/{}', + }, + { + level: 'Error', + code: 'NOT_LATEST_API_VERSION_IN_DEFAULT_TAG', + message: + // tslint:disable-next-line: max-line-length + 'The default tag does not contains the latest API version. Please make sure the latest api version swaggers are in the default tag.', + tag: 'default', + readMeUrl: + // tslint:disable-next-line: max-line-length + '/work/avocado/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.md', + jsonUrl: + // tslint:disable-next-line: max-line-length + '/work/avocado/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/operations.json', + path: '/providers/Microsoft.SecurityInsights/operations', + }, ] const res = input.map(it => getPathInfoFromError(it as Error)) const expected = [ @@ -150,6 +182,30 @@ describe('errors', () => { }, ], [], + [ + { + tag: 'readme', + path: 'https://github.com/undefined/blob/undefined/specification/securityinsights/resource-manager/readme.md', + }, + { + tag: 'json', + path: + // tslint:disable-next-line: max-line-length + 'https://github.com/undefined/blob/undefined/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/Watchlists.json', + }, + ], + [ + { + tag: 'readme', + path: 'https://github.com/undefined/blob/undefined/specification/securityinsights/resource-manager/readme.md', + }, + { + tag: 'json', + path: + // tslint:disable-next-line: max-line-length + 'https://github.com/undefined/blob/undefined/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/operations.json', + }, + ], ] assert.deepStrictEqual(res, expected) }) diff --git a/tslint.json b/tslint.json index 5090e802..9af33913 100644 --- a/tslint.json +++ b/tslint.json @@ -19,6 +19,7 @@ "member-ordering": false, "no-magic-numbers": false, "newline-before-return": false, + "no-use-before-declare": false, "unnecessary-else": false, "completed-docs": false, "no-void-expression": false, @@ -26,7 +27,6 @@ "strict-boolean-expressions": [ false ], - "no-var-keyword": true, "no-parameter-reassignment": true, "typedef": true, @@ -38,12 +38,12 @@ true, 120 ], - - "readonly-keyword": true, - "no-let": true, + "readonly-keyword": false, + "no-let": false, "no-object-mutation": true, "no-delete": true, "no-method-signature": true, + "no-non-null-assertion": false, "no-this": false, "no-class": false, "no-mixed-interface": true, From 07698c89f108dca09617de3cbfffedf83314cb55 Mon Sep 17 00:00:00 2001 From: ruowan Date: Mon, 21 Feb 2022 05:54:32 +0000 Subject: [PATCH 03/16] delete unused language readme --- .../resource-manager/readme.az.md | 24 ------------- .../resource-manager/readme.cli.md | 9 ----- .../resource-manager/readme.go.md | 36 ------------------- .../resource-manager/readme.nodejs.md | 14 -------- .../resource-manager/readme.python.md | 24 ------------- .../resource-manager/readme.test.md | 12 ------- .../resource-manager/readme.typescript.md | 13 ------- 7 files changed, 132 deletions(-) delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.az.md delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.cli.md delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.go.md delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.nodejs.md delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.python.md delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.test.md delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.typescript.md diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.az.md b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.az.md deleted file mode 100644 index eddcad53..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.az.md +++ /dev/null @@ -1,24 +0,0 @@ -## AZ - -These settings apply only when `--az` is specified on the command line. - -``` yaml $(az) -az: - extensions: sentinel - namespace: azure.mgmt.securityinsight - package-name: azure-mgmt-securityinsight -az-output-folder: $(azure-cli-extension-folder)/src/securityinsight -python-sdk-output-folder: "$(az-output-folder)/azext_sentinel/vendored_sdks/securityinsight" - -#cli: -# cli-directive: -# directive on operationGroup -# - select: 'operationGroup' -# where: -# operationGroup: 'operations' -# hidden: true -# - where: -# parameter: location -# required: true - -``` diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.cli.md b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.cli.md deleted file mode 100644 index a9e918ee..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.cli.md +++ /dev/null @@ -1,9 +0,0 @@ - CLI - -These settings apply only when `--cli` is specified on the command line. - -``` yaml $(cli) -#cli: -# test-scenario: -# - name: Factories_CreateOrUpdate -``` diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.go.md b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.go.md deleted file mode 100644 index 5d0a3c22..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.go.md +++ /dev/null @@ -1,36 +0,0 @@ -## Go - -These settings apply only when `--go` is specified on the command line. - -```yaml $(go) -go: - license-header: MICROSOFT_MIT_NO_VERSION - namespace: securityinsight - clear-output-folder: true -``` - -### Go multi-api - -```yaml $(go) && $(multiapi) -batch: - - tag: package-2020-01 - - tag: package-2019-01-preview -``` - -### Tag: package-2020-01 and go - -These settings apply only when `--tag=package-2020-01 --go` is specified on the command line. -Please also specify `--go-sdk-folder=`. - -```yaml $(tag) == 'package-2020-01' && $(go) -output-folder: $(go-sdk-folder)/services/$(namespace)/mgmt/2020-01-01/$(namespace) -``` - -### Tag: package-2019-01-preview and go - -These settings apply only when `--tag=package-2019-01-preview --go` is specified on the command line. -Please also specify `--go-sdk-folder=`. - -```yaml $(tag) == 'package-2019-01-preview' && $(go) -output-folder: $(go-sdk-folder)/services/preview/$(namespace)/mgmt/2019-01-01-preview/$(namespace) -``` diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.nodejs.md b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.nodejs.md deleted file mode 100644 index f4181bc3..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.nodejs.md +++ /dev/null @@ -1,14 +0,0 @@ -## Node.js - -These settings apply only when `--nodejs` is specified on the command line. -Please also specify `--node-sdks-folder=`. - -``` yaml $(nodejs) -nodejs: - azure-arm: true - package-name: azure-arm-securityinsight - output-folder: $(node-sdks-folder)/lib/services/securityInsightManagement - generate-license-txt: true - generate-package-json: true - generate-readme-md: true -``` diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.python.md b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.python.md deleted file mode 100644 index 32143c68..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.python.md +++ /dev/null @@ -1,24 +0,0 @@ -## Python - -These settings apply only when `--python` is specified on the command line. -Please also specify `--python-sdks-folder=`. -Use `--python-mode=update` if you already have a setup.py and just want to update the code itself. - -``` yaml $(python) && $(track2) -azure-arm: true -license-header: MICROSOFT_MIT_NO_VERSION -namespace: azure.mgmt.securityinsight -package-name: azure-mgmt-securityinsight -package-version: 1.0.0b1 -clear-output-folder: true -``` - -``` yaml $(python) && $(python-mode) == 'update' && $(track2) -no-namespace-folders: true -output-folder: $(python-sdks-folder)/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight -``` - -``` yaml $(python) && $(python-mode) == 'create' && $(track2) -basic-setup-py: true -output-folder: $(python-sdks-folder)/securityinsight/azure-mgmt-securityinsight -``` diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.test.md b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.test.md deleted file mode 100644 index e83ff999..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.test.md +++ /dev/null @@ -1,12 +0,0 @@ - -### Tag: package-composite-v1 - -These settings apply only when `--tag=package-composite-v1` is specified on the command line. - -```yaml $(tag) == 'package-composite-v1' -test-resources: - - test: Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/alertRules.yaml - - test: Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/bookmarks.yaml - - test: Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/dataConnectors.yaml - - test: Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/incidents.yaml -``` diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.typescript.md b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.typescript.md deleted file mode 100644 index f47d1535..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/readme.typescript.md +++ /dev/null @@ -1,13 +0,0 @@ -## TypeScript - -These settings apply only when `--typescript` is specified on the command line. -Please also specify `--typescript-sdks-folder=`. - -``` yaml $(typescript) -typescript: - azure-arm: true - package-name: "@azure/arm-securityinsight" - output-folder: "$(typescript-sdks-folder)/sdk/securityinsight/arm-securityinsight" - clear-output-folder: true - generate-metadata: true -``` From 65bc0796dd81441df08d5b990c010e5c72280e58 Mon Sep 17 00:00:00 2001 From: ruowan Date: Mon, 21 Feb 2022 05:56:41 +0000 Subject: [PATCH 04/16] bump version and update changelog --- CHANGELOG.md | 4 ++++ package-lock.json | 2 +- package.json | 4 ++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8ee27f93..77e6f060 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 0.8.5 + +- To make sure default tag contains the latest apiVersion swagger. Add two rules NOT_LATEST_API_VERSION_IN_DEFAULT_TAG and MISSING_APIS_IN_DEFAULT_TAG. + ## 0.8.3 - Bug fix. avoid infinite loop. When find the nearest readme diff --git a/package-lock.json b/package-lock.json index 3c7f0ce4..ef900ba0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "@azure/avocado", - "version": "0.8.4", + "version": "0.8.5", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 6248e926..48c6056c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@azure/avocado", - "version": "0.8.4", + "version": "0.8.5", "description": "A validator of OpenAPI configurations", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -43,7 +43,7 @@ "collectCoverage": true, "coverageThreshold": { "global": { - "branches": 93, + "branches": 90, "functions": 95, "lines": 98, "statements": 98 From f64ae34cf84ca243132c9f010f7487ec50d53992 Mon Sep 17 00:00:00 2001 From: ruowan Date: Mon, 21 Feb 2022 06:11:22 +0000 Subject: [PATCH 05/16] remove unused example file --- .../actions/CreateActionOfAlertRule.json | 44 -- .../actions/DeleteActionOfAlertRule.json | 15 - .../actions/GetActionOfAlertRuleById.json | 25 - .../actions/GetAllActionsByAlertRule.json | 28 -- .../aggregations/GetCasesAggregations.json | 37 -- .../GetAlertRuleTemplateById.json | 49 -- .../GetAlertRuleTemplates.json | 85 ---- .../alertRules/CreateFusionAlertRule.json | 66 --- ...softSecurityIncidentCreationAlertRule.json | 59 --- .../alertRules/CreateScheduledAlertRule.json | 134 ----- .../examples/alertRules/DeleteAlertRule.json | 14 - .../examples/alertRules/GetAllAlertRules.json | 97 ---- .../alertRules/GetFusionAlertRule.json | 35 -- ...softSecurityIncidentCreationAlertRule.json | 31 -- .../alertRules/GetScheduledAlertRule.json | 56 --- .../automationRules/CreateAutomationRule.json | 176 ------- .../automationRules/DeleteAutomationRule.json | 14 - .../GetAllAutomationRules.json | 69 --- .../automationRules/GetAutomationRule.json | 76 --- .../examples/bookmarks/CreateBookmark.json | 93 ---- .../examples/bookmarks/DeleteBookmark.json | 14 - .../examples/bookmarks/GetBookmarkById.json | 48 -- .../examples/bookmarks/GetBookmarks.json | 51 -- .../bookmarks/expand/PostExpandBookmark.json | 44 -- .../relations/CreateBookmarkRelation.json | 44 -- .../relations/DeleteBookmarkRelation.json | 15 - .../relations/GetAllBookmarkRelations.json | 29 -- .../relations/GetBookmarkRelationByName.json | 26 - .../examples/cases/CreateCase.json | 97 ---- .../examples/cases/DeleteCase.json | 14 - .../examples/cases/GetCaseById.json | 57 --- .../examples/cases/GetCases.json | 62 --- .../cases/comments/CreateCaseComment.json | 34 -- .../cases/comments/GetAllCaseComments.json | 32 -- .../cases/comments/GetCaseCommentById.json | 29 -- .../cases/relations/CreateCaseRelation.json | 53 -- .../cases/relations/DeleteCaseRelation.json | 15 - .../cases/relations/GetAllCaseRelations.json | 31 -- .../relations/GetCaseRelationByName.json | 28 -- ...CheckRequirementsAzureActiveDirectory.json | 23 - ...tsAzureActiveDirectoryNoAuthorization.json | 23 - ...irementsAzureActiveDirectoryNoLicense.json | 23 - .../CheckRequirementsAzureSecurityCenter.json | 23 - .../CheckRequirementsDynamics365.json | 23 - .../CheckRequirementsMdatp.json | 23 - ...RequirementsMicrosoftCloudAppSecurity.json | 23 - ...quirementsMicrosoftThreatIntelligence.json | 23 - ...RequirementsMicrosoftThreatProtection.json | 23 - .../CheckRequirementsOfficeATP.json | 23 - .../CheckRequirementsThreatIntelligence.json | 23 - ...ckRequirementsThreatIntelligenceTaxii.json | 23 - .../CreateDynamics365DataConnetor.json | 58 --- .../CreateOfficeDataConnetor.json | 76 --- ...CreateThreatIntelligenceDataConnector.json | 60 --- ...eThreatIntelligenceTaxiiDataConnector.json | 82 ---- .../DeleteOfficeDataConnetor.json | 14 - .../GetAmazonWebServicesCloudTrailById.json | 29 -- .../GetAzureActiveDirectoryById.json | 29 -- .../GetAzureAdvancedThreatProtectionById.json | 29 -- .../GetAzureSecurityCenterById.json | 29 -- .../dataConnectors/GetDataConnectors.json | 198 -------- .../GetDynamics365DataConnectorById.json | 29 -- .../GetMicrosoftCloudAppSecurityById.json | 32 -- ...tDefenderAdvancedThreatProtectionById.json | 29 -- .../GetMicrosoftThreatIntelligenceById.json | 34 -- .../GetMicrosoftThreatProtectionById.json | 29 -- ...Office365AdvancedThreatProtectionById.json | 29 -- .../GetOfficeDataConnetorById.json | 35 -- .../GetThreatIntelligenceById.json | 30 -- .../GetThreatIntelligenceTaxiiById.json | 37 -- .../examples/enrichment/GetGeodataByIp.json | 31 -- .../enrichment/GetWhoisByDomainName.json | 87 ---- .../entities/GetAccountEntityById.json | 33 -- .../entities/GetAzureResourceEntityById.json | 25 - .../GetCloudApplicationEntityById.json | 26 - .../examples/entities/GetDnsEntityById.json | 27 -- .../examples/entities/GetEntities.json | 64 --- .../examples/entities/GetFileEntityById.json | 25 - .../entities/GetFileHashEntityById.json | 25 - .../examples/entities/GetHostEntityById.json | 32 -- .../entities/GetIoTDeviceEntityById.json | 25 - .../examples/entities/GetIpEntityById.json | 24 - .../entities/GetMailClusterEntityById.json | 45 -- .../entities/GetMailMessageEntityById.json | 49 -- .../entities/GetMailboxEntityById.json | 27 -- .../entities/GetMalwareEntityById.json | 25 - .../entities/GetProcessEntityById.json | 26 - .../examples/entities/GetQueries.json | 457 ------------------ .../entities/GetRegistryKeyEntityById.json | 25 - .../entities/GetRegistryValueEntityById.json | 27 -- .../entities/GetSecurityAlertEntityById.json | 52 -- .../entities/GetSecurityGroupEntityById.json | 26 - .../entities/GetSubmissionMailEntityById.json | 30 -- .../examples/entities/GetUrlEntityById.json | 24 - .../entities/expand/PostExpandEntity.json | 53 -- .../entities/insights/PostGetInsights.json | 101 ---- .../relations/GetAllEntityRelations.json | 29 -- .../relations/GetEntityRelationByName.json | 26 - .../entities/timeline/PostTimelineEntity.json | 69 --- .../entityQueries/GetEntityQueries.json | 59 --- .../GetExpansionEntityQueryById.json | 35 -- .../examples/incidents/CreateIncident.json | 109 ----- .../examples/incidents/DeleteIncident.json | 14 - .../incidents/GetAllIncidentAlerts.json | 51 -- .../incidents/GetAllIncidentBookmarks.json | 78 --- .../examples/incidents/GetIncidentById.json | 57 --- .../examples/incidents/GetIncidents.json | 62 --- .../comments/CreateIncidentComment.json | 56 --- .../comments/DeleteIncidentComment.json | 15 - .../comments/GetAllIncidentComments.json | 35 -- .../comments/GetIncidentCommentById.json | 32 -- .../entities/GetAllIncidentEntities.json | 35 -- .../relations/CreateIncidentRelation.json | 44 -- .../relations/DeleteIncidentRelation.json | 15 - .../relations/GetAllIncidentRelations.json | 41 -- .../relations/GetIncidentRelationByName.json | 26 - .../officeConsents/DeleteOfficeConsents.json | 14 - .../officeConsents/GetOfficeConsents.json | 26 - .../officeConsents/GetOfficeConsentsById.json | 23 - .../settings/DeleteEyesOnSetting.json | 14 - .../examples/settings/GetAllSettings.json | 26 - .../examples/settings/GetEyesOnSetting.json | 23 - .../settings/UpdateEyesOnSetting.json | 29 -- .../AppendTagsThreatIntelligence.json | 19 - .../CollectThreatIntelligenceMetrics.json | 44 -- .../CreateThreatIntelligence.json | 101 ---- .../DeleteThreatIntelligence.json | 14 - .../GetThreatIntelligence.json | 77 --- .../GetThreatIntelligenceById.json | 44 -- .../QueryThreatIntelligence.json | 108 ----- .../ReplaceTagsThreatIntelligence.json | 53 -- .../UpdateThreatIntelligence.json | 102 ---- .../examples/watchlists/CreateWatchlist.json | 86 ---- .../watchlists/CreateWatchlistItem.json | 92 ---- .../examples/watchlists/DeleteWatchlist.json | 14 - .../watchlists/DeleteWatchlistItem.json | 15 - .../watchlists/GetWatchlistByAlias.json | 48 -- .../watchlists/GetWatchlistItemById.json | 47 -- .../watchlists/GetWatchlistItems.json | 50 -- .../examples/watchlists/GetWatchlists.json | 51 -- .../actions/CreateActionOfAlertRule.json | 44 -- .../actions/DeleteActionOfAlertRule.json | 15 - .../actions/GetActionOfAlertRuleById.json | 25 - .../actions/GetAllActionsByAlertRule.json | 28 -- .../GetAlertRuleTemplateById.json | 49 -- .../GetAlertRuleTemplates.json | 85 ---- .../alertRules/CreateFusionAlertRule.json | 66 --- ...softSecurityIncidentCreationAlertRule.json | 59 --- .../alertRules/CreateScheduledAlertRule.json | 240 --------- .../examples/alertRules/DeleteAlertRule.json | 14 - .../examples/alertRules/GetAllAlertRules.json | 133 ----- .../alertRules/GetFusionAlertRule.json | 35 -- ...softSecurityIncidentCreationAlertRule.json | 31 -- .../alertRules/GetScheduledAlertRule.json | 92 ---- .../CreateDynamics365DataConnetor.json | 58 --- .../dataConnectors/CreateGenericUI.json | 438 ----------------- .../CreateOfficeDataConnetor.json | 76 --- ...CreateThreatIntelligenceDataConnector.json | 60 --- ...eThreatIntelligenceTaxiiDataConnector.json | 82 ---- .../dataConnectors/DeleteGenericUI.json | 14 - .../DeleteOfficeDataConnetor.json | 14 - .../GetAmazonWebServicesCloudTrailById.json | 29 -- .../GetAzureActiveDirectoryById.json | 29 -- .../GetAzureAdvancedThreatProtectionById.json | 29 -- .../GetAzureSecurityCenterById.json | 29 -- .../dataConnectors/GetDataConnectors.json | 341 ------------- .../GetDynamics365DataConnectorById.json | 29 -- .../examples/dataConnectors/GetGenericUI.json | 157 ------ .../GetMicrosoftCloudAppSecurityById.json | 32 -- ...tDefenderAdvancedThreatProtectionById.json | 29 -- .../GetMicrosoftThreatIntelligenceById.json | 34 -- .../GetMicrosoftThreatProtectionById.json | 29 -- ...Office365AdvancedThreatProtectionById.json | 29 -- .../GetOfficeDataConnetorById.json | 35 -- .../GetThreatIntelligenceById.json | 30 -- .../GetThreatIntelligenceTaxiiById.json | 37 -- .../CreateEntityQueryActivity.json | 134 ----- .../entityQueries/DeleteEntityQuery.json | 14 - .../GetActivityEntityQueryById.json | 55 --- .../entityQueries/GetEntityQueries.json | 60 --- .../GetExpansionEntityQueryById.json | 35 -- .../examples/incidents/CreateIncident.json | 110 ----- .../examples/incidents/CreateTeam.json | 25 - .../examples/incidents/DeleteIncident.json | 14 - .../incidents/GetAllIncidentAlerts.json | 51 -- .../incidents/GetAllIncidentBookmarks.json | 78 --- .../examples/incidents/GetIncidentById.json | 58 --- .../examples/incidents/GetIncidents.json | 63 --- .../comments/CreateIncidentComment.json | 56 --- .../comments/DeleteIncidentComment.json | 15 - .../comments/GetAllIncidentComments.json | 35 -- .../comments/GetIncidentCommentById.json | 32 -- .../entities/GetAllIncidentEntities.json | 35 -- .../relations/CreateIncidentRelation.json | 44 -- .../relations/DeleteIncidentRelation.json | 15 - .../relations/GetAllIncidentRelations.json | 41 -- .../relations/GetIncidentRelationByName.json | 26 - .../examples/metadata/DeleteMetadata.json | 14 - .../examples/metadata/GetAllMetadata.json | 65 --- .../metadata/GetAllMetadataOData.json | 53 -- .../examples/metadata/GetMetadata.json | 72 --- .../examples/metadata/PatchMetadata.json | 36 -- .../examples/metadata/PutMetadata.json | 188 ------- .../examples/metadata/PutMetadataMinimal.json | 41 -- .../CreateSentinelOnboardingState.json | 37 -- .../DeleteSentinelOnboardingState.json | 14 - .../GetAllSentinelOnboardingStates.json | 25 - .../GetSentinelOnboardingState.json | 22 - .../repositories/GetRepositories.json | 26 - .../settings/DeleteEyesOnSetting.json | 14 - .../examples/settings/GetAllSettings.json | 26 - .../examples/settings/GetEyesOnSetting.json | 23 - .../settings/UpdateEyesOnSetting.json | 29 -- .../sourcecontrols/CreateSourceControl.json | 118 ----- .../sourcecontrols/DeleteSourceControl.json | 14 - .../sourcecontrols/GetSourceControlById.json | 52 -- .../sourcecontrols/GetSourceControls.json | 55 --- .../examples/watchlists/CreateWatchlist.json | 86 ---- .../CreateWatchlistAndWatchlistItems.json | 89 ---- .../watchlists/CreateWatchlistItem.json | 92 ---- .../examples/watchlists/DeleteWatchlist.json | 14 - .../watchlists/DeleteWatchlistItem.json | 15 - .../watchlists/GetWatchlistByAlias.json | 49 -- .../watchlists/GetWatchlistItemById.json | 47 -- .../watchlists/GetWatchlistItems.json | 50 -- .../examples/watchlists/GetWatchlists.json | 52 -- .../actions/CreateActionOfAlertRule.json | 44 -- .../actions/DeleteActionOfAlertRule.json | 15 - .../actions/GetActionOfAlertRuleById.json | 25 - .../actions/GetAllActionsByAlertRule.json | 28 -- .../GetAlertRuleTemplateById.json | 45 -- .../GetAlertRuleTemplates.json | 82 ---- .../alertRules/CreateFusionAlertRule.json | 66 --- ...softSecurityIncidentCreationAlertRule.json | 59 --- .../alertRules/CreateScheduledAlertRule.json | 89 ---- .../examples/alertRules/DeleteAlertRule.json | 14 - .../examples/alertRules/GetAllAlertRules.json | 81 ---- .../alertRules/GetFusionAlertRule.json | 35 -- ...softSecurityIncidentCreationAlertRule.json | 31 -- .../alertRules/GetScheduledAlertRule.json | 40 -- .../examples/bookmarks/CreateBookmark.json | 93 ---- .../examples/bookmarks/DeleteBookmark.json | 14 - .../examples/bookmarks/GetBookmarkById.json | 48 -- .../examples/bookmarks/GetBookmarks.json | 51 -- .../CreateOfficeDataConnetor.json | 76 --- ...CreateThreatIntelligenceDataConnector.json | 60 --- .../DeleteOfficeDataConnetor.json | 14 - .../GetAmazonWebServicesCloudTrailById.json | 29 -- .../GetAzureActiveDirectoryById.json | 29 -- .../GetAzureAdvancedThreatProtectionById.json | 29 -- .../GetAzureSecurityCenterById.json | 29 -- .../dataConnectors/GetDataConnectors.json | 143 ------ .../GetMicrosoftCloudAppSecurityById.json | 32 -- ...tDefenderAdvancedThreatProtectionById.json | 29 -- .../GetOfficeDataConnetorById.json | 35 -- .../GetThreatIntelligenceById.json | 30 -- .../examples/incidents/CreateIncident.json | 104 ---- .../examples/incidents/DeleteIncident.json | 13 - .../examples/incidents/GetIncidentById.json | 54 --- .../examples/incidents/GetIncidents.json | 59 --- .../comments/CreateIncidentComment.json | 34 -- .../comments/GetAllIncidentComments.json | 32 -- .../comments/GetIncidentCommentById.json | 29 -- .../2020-01-01/test-scenarios/alertRules.yaml | 27 -- .../2020-01-01/test-scenarios/bookmarks.yaml | 8 - .../test-scenarios/dataConnectors.yaml | 18 - .../2020-01-01/test-scenarios/incidents.yaml | 8 - .../examples/incidents/CreateIncident.json | 104 ---- .../examples/incidents/DeleteIncident.json | 13 - .../incidents/GetAllIncidentAlerts.json | 50 -- .../incidents/GetAllIncidentBookmarks.json | 77 --- .../incidents/GetAllIncidentEntities.json | 34 -- .../examples/incidents/GetIncidentById.json | 54 --- .../examples/incidents/GetIncidents.json | 59 --- .../comments/CreateIncidentComment.json | 55 --- .../comments/DeleteIncidentComment.json | 14 - .../comments/GetAllIncidentComments.json | 34 -- .../comments/GetIncidentCommentById.json | 31 -- .../relations/CreateIncidentRelation.json | 43 -- .../relations/DeleteIncidentRelation.json | 14 - .../relations/GetAllIncidentRelations.json | 40 -- .../relations/GetIncidentRelationByName.json | 25 - .../AppendTagsThreatIntelligence.json | 19 - .../CollectThreatIntelligenceMetrics.json | 44 -- .../CreateThreatIntelligence.json | 101 ---- .../DeleteThreatIntelligence.json | 14 - .../GetThreatIntelligence.json | 77 --- .../GetThreatIntelligenceById.json | 44 -- .../QueryThreatIntelligence.json | 108 ----- .../ReplaceTagsThreatIntelligence.json | 53 -- .../UpdateThreatIntelligence.json | 102 ---- .../examples/watchlists/CreateWatchlist.json | 86 ---- .../CreateWatchlistAndWatchlistItems.json | 89 ---- .../watchlists/CreateWatchlistItem.json | 92 ---- .../examples/watchlists/DeleteWatchlist.json | 14 - .../watchlists/DeleteWatchlistItem.json | 15 - .../watchlists/GetWatchlistByAlias.json | 49 -- .../watchlists/GetWatchlistItemById.json | 47 -- .../watchlists/GetWatchlistItems.json | 50 -- .../examples/watchlists/GetWatchlists.json | 52 -- 300 files changed, 14943 deletions(-) delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/CreateActionOfAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/DeleteActionOfAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/GetActionOfAlertRuleById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/GetAllActionsByAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/aggregations/GetCasesAggregations.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateFusionAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateScheduledAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/DeleteAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetAllAlertRules.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetFusionAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetScheduledAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/CreateAutomationRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/DeleteAutomationRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/GetAllAutomationRules.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/GetAutomationRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/CreateBookmark.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/DeleteBookmark.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/GetBookmarkById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/GetBookmarks.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/expand/PostExpandBookmark.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/CreateCase.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/DeleteCase.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCaseById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCases.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/CreateCaseComment.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetAllCaseComments.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetCaseCommentById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/CreateCaseRelation.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/DeleteCaseRelation.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/GetAllCaseRelations.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/GetCaseRelationByName.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDataConnectors.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAccountEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAzureResourceEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetCloudApplicationEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetDnsEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetEntities.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetFileEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetFileHashEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetHostEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIoTDeviceEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIpEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailClusterEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailMessageEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailboxEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMalwareEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetProcessEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetQueries.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetRegistryKeyEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetRegistryValueEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityAlertEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityGroupEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSubmissionMailEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetUrlEntityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/expand/PostExpandEntity.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/insights/PostGetInsights.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/relations/GetAllEntityRelations.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/relations/GetEntityRelationByName.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/timeline/PostTimelineEntity.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entityQueries/GetEntityQueries.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/DeleteIncident.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetAllIncidentAlerts.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetAllIncidentBookmarks.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidentById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidents.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/CreateIncidentComment.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/DeleteIncidentComment.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/GetAllIncidentComments.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/GetIncidentCommentById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/entities/GetAllIncidentEntities.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/CreateIncidentRelation.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/DeleteIncidentRelation.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/GetAllIncidentRelations.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/GetIncidentRelationByName.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/DeleteOfficeConsents.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/GetOfficeConsents.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/GetOfficeConsentsById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/DeleteEyesOnSetting.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/GetAllSettings.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/GetEyesOnSetting.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/UpdateEyesOnSetting.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CreateThreatIntelligence.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/GetThreatIntelligence.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/QueryThreatIntelligence.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlist.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlistItem.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlist.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlistItem.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistByAlias.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistItemById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistItems.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlists.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/CreateActionOfAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/DeleteActionOfAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/GetActionOfAlertRuleById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/GetAllActionsByAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateFusionAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateScheduledAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/DeleteAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetAllAlertRules.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetFusionAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetScheduledAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateGenericUI.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/DeleteGenericUI.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetDataConnectors.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetGenericUI.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/CreateEntityQueryActivity.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/DeleteEntityQuery.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetActivityEntityQueryById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetEntityQueries.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/CreateIncident.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/CreateTeam.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/DeleteIncident.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetAllIncidentAlerts.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetAllIncidentBookmarks.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetIncidentById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetIncidents.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/CreateIncidentComment.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/DeleteIncidentComment.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/GetAllIncidentComments.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/GetIncidentCommentById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/entities/GetAllIncidentEntities.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/CreateIncidentRelation.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/DeleteIncidentRelation.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/GetAllIncidentRelations.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/GetIncidentRelationByName.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/DeleteMetadata.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetAllMetadata.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetAllMetadataOData.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetMetadata.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PatchMetadata.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PutMetadata.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PutMetadataMinimal.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/repositories/GetRepositories.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/DeleteEyesOnSetting.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/GetAllSettings.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/GetEyesOnSetting.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/UpdateEyesOnSetting.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/CreateSourceControl.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/DeleteSourceControl.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/GetSourceControlById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/GetSourceControls.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlist.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlistItem.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/DeleteWatchlist.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/DeleteWatchlistItem.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistByAlias.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistItemById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistItems.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlists.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/CreateActionOfAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/DeleteActionOfAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/GetActionOfAlertRuleById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/GetAllActionsByAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRuleTemplates/GetAlertRuleTemplateById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRuleTemplates/GetAlertRuleTemplates.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateFusionAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateScheduledAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/DeleteAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetAllAlertRules.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetFusionAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetScheduledAlertRule.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/CreateBookmark.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/DeleteBookmark.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/GetBookmarkById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/GetBookmarks.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/CreateOfficeDataConnetor.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/DeleteOfficeDataConnetor.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureActiveDirectoryById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureSecurityCenterById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetDataConnectors.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetOfficeDataConnetorById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetThreatIntelligenceById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/CreateIncident.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/DeleteIncident.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/GetIncidentById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/GetIncidents.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/CreateIncidentComment.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/GetAllIncidentComments.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/GetIncidentCommentById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/alertRules.yaml delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/bookmarks.yaml delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/dataConnectors.yaml delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/incidents.yaml delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/CreateIncident.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/DeleteIncident.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentAlerts.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentBookmarks.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentEntities.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetIncidentById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetIncidents.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/CreateIncidentComment.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/DeleteIncidentComment.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/GetAllIncidentComments.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/GetIncidentCommentById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/CreateIncidentRelation.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/DeleteIncidentRelation.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/GetAllIncidentRelations.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/GetIncidentRelationByName.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/AppendTagsThreatIntelligence.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/CollectThreatIntelligenceMetrics.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/CreateThreatIntelligence.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/DeleteThreatIntelligence.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/GetThreatIntelligence.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/GetThreatIntelligenceById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/QueryThreatIntelligence.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/ReplaceTagsThreatIntelligence.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/UpdateThreatIntelligence.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlist.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlistAndWatchlistItems.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlistItem.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/DeleteWatchlist.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/DeleteWatchlistItem.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistByAlias.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistItemById.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistItems.json delete mode 100644 src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlists.json diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/CreateActionOfAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/CreateActionOfAlertRule.json deleted file mode 100644 index b9646c9a..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/CreateActionOfAlertRule.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "action": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "triggerUri": "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", - "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "type": "Microsoft.SecurityInsights/alertRules/actions", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "workflowId": "cd3765391efd48549fd7681ded1d48d7", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", - "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "type": "Microsoft.SecurityInsights/alertRules/actions", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "workflowId": "cd3765391efd48549fd7681ded1d48d7", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/DeleteActionOfAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/DeleteActionOfAlertRule.json deleted file mode 100644 index 9bac7acf..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/DeleteActionOfAlertRule.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/GetActionOfAlertRuleById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/GetActionOfAlertRuleById.json deleted file mode 100644 index d67ffd31..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/GetActionOfAlertRuleById.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", - "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "type": "Microsoft.SecurityInsights/alertRules/actions", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "workflowId": "cd3765391efd48549fd7681ded1d48d7", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/GetAllActionsByAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/GetAllActionsByAlertRule.json deleted file mode 100644 index 25672aac..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/actions/GetAllActionsByAlertRule.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", - "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "type": "Microsoft.SecurityInsights/alertRules/actions", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "workflowId": "cd3765391efd48549fd7681ded1d48d7", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/aggregations/GetCasesAggregations.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/aggregations/GetCasesAggregations.json deleted file mode 100644 index da5cf61e..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/aggregations/GetCasesAggregations.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "aggregationsName": "Cases" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/aggregations/Cases", - "name": "Cases", - "type": "Microsoft.SecurityInsights/aggregations", - "kind": "CasesAggregation", - "properties": { - "aggregationBySeverity": { - "totalCriticalSeverity": 13, - "totalHighSeverity": 14, - "totalMediumSeverity": 4, - "totalLowSeverity": 15, - "totalInformationalSeverity": 26 - }, - "aggregationByStatus": { - "totalNewStatus": 42, - "totalInProgressStatus": 30, - "totalResolvedStatus": 2, - "totalDismissedStatus": 1, - "totalTruePositiveStatus": 7, - "totalFalsePositiveStatus": 0 - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json deleted file mode 100644 index 02e76a6e..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "alertRuleTemplateId": "65360bb0-8986-4ade-a89d-af3cf44d28aa" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", - "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "kind": "Scheduled", - "properties": { - "severity": "Low", - "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", - "queryFrequency": "P1D", - "queryPeriod": "P1D", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "displayName": "Changes to Amazon VPC settings", - "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "tactics": [ - "PrivilegeEscalation", - "LateralMovement" - ], - "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", - "createdDateUTC": "2019-02-27T00:00:00Z", - "status": "Available", - "requiredDataConnectors": [ - { - "connectorId": "AWS", - "dataTypes": [ - "AWSCloudTrail" - ] - } - ], - "alertRulesCreatedByTemplateCount": 0 - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json deleted file mode 100644 index 060fabfb..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", - "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "kind": "Scheduled", - "properties": { - "severity": "Low", - "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", - "queryFrequency": "P1D", - "queryPeriod": "P1D", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "displayName": "Changes to Amazon VPC settings", - "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", - "tactics": [ - "PrivilegeEscalation", - "LateralMovement" - ], - "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", - "createdDateUTC": "2019-02-27T00:00:00Z", - "status": "Available", - "requiredDataConnectors": [ - { - "connectorId": "AWS", - "dataTypes": [ - "AWSCloudTrail" - ] - } - ], - "alertRulesCreatedByTemplateCount": 0 - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/f71aba3d-28fb-450b-b192-4e76a83015c8", - "name": "f71aba3d-28fb-450b-b192-4e76a83015c8", - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "kind": "Fusion", - "properties": { - "displayName": "Advanced Multi-Stage Attack Detection", - "description": "Place holder: Fusion uses graph powered machine learning algorithms to correlate between millions of lower fidelity anomalous activities from different products such as Azure AD Identity Protection, and Microsoft Cloud App Security, to combine them into a manageable number of interesting security cases.\n", - "tactics": [ - "Persistence", - "LateralMovement", - "Exfiltration", - "CommandAndControl" - ], - "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", - "createdDateUTC": "2019-07-25T00:00:00Z", - "status": "Available", - "severity": "High", - "alertRulesCreatedByTemplateCount": 0 - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/b3cfc7c0-092c-481c-a55b-34a3979758cb", - "name": "b3cfc7c0-092c-481c-a55b-34a3979758cb", - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "kind": "MicrosoftSecurityIncidentCreation", - "properties": { - "productFilter": "Microsoft Cloud App Security", - "displayName": "Create incidents based on Microsoft Cloud App Security alerts", - "description": "Create incidents based on all alerts generated in Microsoft Cloud App Security", - "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", - "createdDateUTC": "2019-07-16T00:00:00Z", - "status": "Available", - "alertRulesCreatedByTemplateCount": 0 - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateFusionAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateFusionAlertRule.json deleted file mode 100644 index 2c9605f9..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateFusionAlertRule.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "myFirstFusionRule", - "alertRule": { - "kind": "Fusion", - "etag": "3d00c3ca-0000-0100-0000-5d42d5010000", - "properties": { - "enabled": true, - "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", - "name": "myFirstFusionRule", - "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Fusion", - "properties": { - "displayName": "Advanced Multi-Stage Attack Detection", - "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", - "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", - "tactics": [ - "Persistence", - "LateralMovement", - "Exfiltration", - "CommandAndControl" - ], - "severity": "High", - "enabled": true, - "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", - "name": "myFirstFusionRule", - "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Fusion", - "properties": { - "displayName": "Advanced Multi-Stage Attack Detection", - "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", - "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", - "tactics": [ - "Persistence", - "LateralMovement", - "Exfiltration", - "CommandAndControl" - ], - "severity": "High", - "enabled": true, - "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json deleted file mode 100644 index 0d0009cb..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "microsoftSecurityIncidentCreationRuleExample", - "alertRule": { - "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", - "kind": "MicrosoftSecurityIncidentCreation", - "properties": { - "productFilter": "Microsoft Cloud App Security", - "displayName": "testing displayname", - "enabled": true - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", - "name": "microsoftSecurityIncidentCreationRuleExample", - "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "MicrosoftSecurityIncidentCreation", - "properties": { - "productFilter": "Microsoft Cloud App Security", - "severitiesFilter": null, - "displayNamesFilter": null, - "displayName": "testing displayname", - "enabled": true, - "description": null, - "alertRuleTemplateName": null, - "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", - "name": "microsoftSecurityIncidentCreationRuleExample", - "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "MicrosoftSecurityIncidentCreation", - "properties": { - "productFilter": "Microsoft Cloud App Security", - "severitiesFilter": null, - "displayNamesFilter": null, - "displayName": "testing displayname", - "enabled": true, - "description": null, - "alertRuleTemplateName": null, - "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateScheduledAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateScheduledAlertRule.json deleted file mode 100644 index 153980fd..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateScheduledAlertRule.json +++ /dev/null @@ -1,134 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "alertRule": { - "kind": "Scheduled", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "displayName": "Rule2", - "description": "", - "severity": "High", - "enabled": true, - "tactics": [ - "Persistence", - "LateralMovement" - ], - "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", - "queryFrequency": "PT1H", - "queryPeriod": "P2DT1H30M", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "incidentConfiguration": { - "createIncident": true, - "groupingConfiguration": { - "enabled": true, - "reopenClosedIncident": false, - "lookbackDuration": "PT5H", - "entitiesMatchingMethod": "Custom", - "groupByEntities": [ - "Host", - "Account" - ] - } - } - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Scheduled", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "alertRuleTemplateName": null, - "displayName": "Rule2", - "description": "", - "severity": "High", - "enabled": true, - "tactics": [ - "Persistence", - "LateralMovement" - ], - "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", - "queryFrequency": "PT1H", - "queryPeriod": "P2DT1H30M", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "lastModifiedUtc": "2019-01-01T13:15:30Z", - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "incidentConfiguration": { - "createIncident": true, - "groupingConfiguration": { - "enabled": true, - "reopenClosedIncident": false, - "lookbackDuration": "PT5H", - "entitiesMatchingMethod": "Custom", - "groupByEntities": [ - "Host", - "Account" - ] - } - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Scheduled", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "alertRuleTemplateName": null, - "displayName": "Rule2", - "description": "", - "severity": "High", - "enabled": true, - "tactics": [ - "Persistence", - "LateralMovement" - ], - "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", - "queryFrequency": "PT1H", - "queryPeriod": "P2DT1H30M", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "lastModifiedUtc": "2019-01-01T13:15:30Z", - "incidentConfiguration": { - "createIncident": true, - "groupingConfiguration": { - "enabled": true, - "reopenClosedIncident": false, - "lookbackDuration": "PT5H", - "entitiesMatchingMethod": "Custom", - "groupByEntities": [ - "Host", - "Account" - ] - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/DeleteAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/DeleteAlertRule.json deleted file mode 100644 index 45ff1c95..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/DeleteAlertRule.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetAllAlertRules.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetAllAlertRules.json deleted file mode 100644 index d88a4ee5..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetAllAlertRules.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Scheduled", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "alertRuleTemplateName": null, - "displayName": "Rule2", - "description": "", - "severity": "High", - "enabled": true, - "tactics": [ - "Persistence", - "LateralMovement" - ], - "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", - "queryFrequency": "PT1H", - "queryPeriod": "P2DT1H30M", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "lastModifiedUtc": "2019-01-01T13:15:30Z", - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "incidentConfiguration": { - "createIncident": true, - "groupingConfiguration": { - "enabled": true, - "reopenClosedIncident": false, - "lookbackDuration": "PT5H", - "entitiesMatchingMethod": "Custom", - "groupByEntities": [ - "Host", - "Account" - ] - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", - "name": "microsoftSecurityIncidentCreationRuleExample", - "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "MicrosoftSecurityIncidentCreation", - "properties": { - "productFilter": "Microsoft Cloud App Security", - "severitiesFilter": null, - "displayNamesFilter": null, - "displayName": "testing displayname", - "enabled": true, - "description": null, - "alertRuleTemplateName": null, - "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", - "name": "myFirstFusionRule", - "etag": "\"25005c11-0000-0d00-0000-5d6cc0e20000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Fusion", - "properties": { - "displayName": "Advanced Multi-Stage Attack Detection", - "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", - "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", - "tactics": [ - "Persistence", - "LateralMovement", - "Exfiltration", - "CommandAndControl" - ], - "severity": "High", - "enabled": false, - "lastModifiedUtc": "2019-09-02T07:12:34.9065092Z" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetFusionAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetFusionAlertRule.json deleted file mode 100644 index f5020610..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetFusionAlertRule.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "myFirstFusionRule" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", - "name": "myFirstFusionRule", - "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Fusion", - "properties": { - "displayName": "Advanced Multi-Stage Attack Detection", - "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", - "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", - "tactics": [ - "Persistence", - "LateralMovement", - "Exfiltration", - "CommandAndControl" - ], - "severity": "High", - "enabled": true, - "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json deleted file mode 100644 index 39470e16..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "microsoftSecurityIncidentCreationRuleExample" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", - "name": "microsoftSecurityIncidentCreationRuleExample", - "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "MicrosoftSecurityIncidentCreation", - "properties": { - "productFilter": "Microsoft Cloud App Security", - "severitiesFilter": null, - "displayNamesFilter": null, - "displayName": "testing displayname", - "enabled": true, - "description": null, - "alertRuleTemplateName": null, - "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetScheduledAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetScheduledAlertRule.json deleted file mode 100644 index bb101e34..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetScheduledAlertRule.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Scheduled", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "alertRuleTemplateName": null, - "displayName": "Rule2", - "description": "", - "severity": "High", - "enabled": true, - "tactics": [ - "Persistence", - "LateralMovement" - ], - "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", - "queryFrequency": "PT1H", - "queryPeriod": "P2DT1H30M", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "lastModifiedUtc": "2019-01-01T13:15:30Z", - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "incidentConfiguration": { - "createIncident": true, - "groupingConfiguration": { - "enabled": true, - "reopenClosedIncident": false, - "lookbackDuration": "PT5H", - "entitiesMatchingMethod": "Custom", - "groupByEntities": [ - "Host", - "Account" - ] - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/CreateAutomationRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/CreateAutomationRule.json deleted file mode 100644 index a792af5d..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/CreateAutomationRule.json +++ /dev/null @@ -1,176 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "automationRule": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "order": 1, - "displayName": "High severity incidents escalation", - "triggeringLogic": { - "isEnabled": true, - "triggersOn": "Incidents", - "triggersWhen": "Created", - "conditions": [ - { - "conditionType": "Property", - "conditionProperties": { - "propertyName": "IncidentRelatedAnalyticRuleIds", - "operator": "Contains", - "propertyValues": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" - ] - } - } - ] - }, - "actions": [ - { - "order": 1, - "actionType": "ModifyProperties", - "actionConfiguration": { - "severity": "High" - } - }, - { - "order": 2, - "actionType": "RunPlaybook", - "actionConfiguration": { - "tenantId": "ee48efaf-50c6-411b-9345-b2bdc3eb4abc", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook" - } - } - ] - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", - "properties": { - "order": 1, - "displayName": "High severity incidents escalation", - "createdTimeUtc": "2019-01-01T13:00:30Z", - "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - }, - "lastModifiedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - }, - "triggeringLogic": { - "isEnabled": true, - "triggersOn": "Incidents", - "triggersWhen": "Created", - "conditions": [ - { - "conditionType": "Property", - "conditionProperties": { - "propertyName": "IncidentRelatedAnalyticRuleIds", - "operator": "Contains", - "propertyValues": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" - ] - } - } - ] - }, - "actions": [ - { - "order": 1, - "actionType": "ModifyProperties", - "actionConfiguration": { - "severity": "High" - } - }, - { - "order": 2, - "actionType": "RunPlaybook", - "actionConfiguration": { - "tenantId": "ee48efaf-50c6-411b-9345-b2bdc3eb4abc", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook" - } - } - ] - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", - "properties": { - "order": 1, - "displayName": "High severity incidents escalation", - "createdTimeUtc": "2019-01-01T13:00:30Z", - "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - }, - "lastModifiedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - }, - "triggeringLogic": { - "isEnabled": true, - "triggersOn": "Incidents", - "triggersWhen": "Created", - "conditions": [ - { - "conditionType": "Property", - "conditionProperties": { - "propertyName": "IncidentRelatedAnalyticRuleIds", - "operator": "Contains", - "propertyValues": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" - ] - } - } - ] - }, - "actions": [ - { - "order": 1, - "actionType": "ModifyProperties", - "actionConfiguration": { - "severity": "High" - } - }, - { - "order": 2, - "actionType": "RunPlaybook", - "actionConfiguration": { - "tenantId": "ee48efaf-50c6-411b-9345-b2bdc3eb4abc", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook" - } - } - ] - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/DeleteAutomationRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/DeleteAutomationRule.json deleted file mode 100644 index 76eebc5d..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/DeleteAutomationRule.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/GetAllAutomationRules.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/GetAllAutomationRules.json deleted file mode 100644 index 2cd33d57..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/GetAllAutomationRules.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "$top": 1 - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/automationRules", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "order": 1, - "displayName": "High severity incidents escalation", - "createdTimeUtc": "2019-01-01T13:00:30Z", - "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - }, - "lastModifiedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - }, - "triggeringLogic": { - "isEnabled": true, - "triggersOn": "Incidents", - "triggersWhen": "Created", - "conditions": [ - { - "conditionType": "Property", - "conditionProperties": { - "propertyName": "IncidentRelatedAnalyticRuleIds", - "operator": "Contains", - "propertyValues": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" - ] - } - } - ] - }, - "actions": [ - { - "order": 1, - "actionType": "ModifyProperties", - "actionConfiguration": { - "severity": "High" - } - } - ] - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/GetAutomationRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/GetAutomationRule.json deleted file mode 100644 index cc077509..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/automationRules/GetAutomationRule.json +++ /dev/null @@ -1,76 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "order": 1, - "displayName": "High severity incidents escalation", - "createdTimeUtc": "2019-01-01T13:00:30Z", - "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - }, - "lastModifiedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - }, - "triggeringLogic": { - "isEnabled": true, - "triggersOn": "Incidents", - "triggersWhen": "Created", - "conditions": [ - { - "conditionType": "Property", - "conditionProperties": { - "propertyName": "IncidentTitle", - "operator": "Contains", - "propertyValues": [ - "logon failure" - ] - } - }, - { - "conditionType": "Property", - "conditionProperties": { - "propertyName": "HostName", - "operator": "Equals", - "propertyValues": [ - "TestVM" - ] - } - } - ] - }, - "actions": [ - { - "order": 1, - "actionType": "ModifyProperties", - "actionConfiguration": { - "status": "Closed", - "classification": "BenignPositive", - "classificationReason": "SuspiciousButExpected" - } - } - ] - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/CreateBookmark.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/CreateBookmark.json deleted file mode 100644 index e0735815..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/CreateBookmark.json +++ /dev/null @@ -1,93 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "bookmark": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "displayName": "My bookmark", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" - }, - "updated": "2019-01-01T13:15:30Z", - "created": "2019-01-01T13:15:30Z", - "notes": "Found a suspicious activity", - "labels": [ - "Tag1", - "Tag2" - ], - "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", - "queryResult": "Security Event query result" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/bookmarks", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "displayName": "My bookmark", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updated": "2019-01-01T13:15:30Z", - "created": "2019-01-01T13:15:30Z", - "notes": "Found a suspicious activity", - "labels": [ - "Tag1", - "Tag2" - ], - "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", - "queryResult": "Security Event query result" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/bookmarks", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "displayName": "My bookmark", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updated": "2019-01-01T13:15:30Z", - "created": "2019-01-01T13:15:30Z", - "notes": "Found a suspicious activity", - "labels": [ - "Tag1", - "Tag2" - ], - "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", - "queryResult": "Security Event query result" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/DeleteBookmark.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/DeleteBookmark.json deleted file mode 100644 index 75aa6ebd..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/DeleteBookmark.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/GetBookmarkById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/GetBookmarkById.json deleted file mode 100644 index 2d9829a9..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/GetBookmarkById.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/bookmarks", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "displayName": "My bookmark", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updated": "2019-01-01T13:15:30Z", - "created": "2019-01-01T13:15:30Z", - "notes": "Found a suspicious activity", - "labels": [ - "Tag1", - "Tag2" - ], - "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", - "queryResult": "Security Event query result", - "incidentInfo": { - "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", - "severity": "Low", - "title": "New case 1", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018" - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/GetBookmarks.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/GetBookmarks.json deleted file mode 100644 index 83b3911c..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/GetBookmarks.json +++ /dev/null @@ -1,51 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/bookmarks", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "displayName": "My bookmark", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updated": "2019-01-01T13:15:30Z", - "created": "2019-01-01T13:15:30Z", - "notes": "Found a suspicious activity", - "labels": [ - "Tag1", - "Tag2" - ], - "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", - "queryResult": "Security Event query result", - "incidentInfo": { - "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", - "severity": "Low", - "title": "New case 1", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018" - } - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/expand/PostExpandBookmark.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/expand/PostExpandBookmark.json deleted file mode 100644 index 6db0bd92..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/expand/PostExpandBookmark.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "parameters": { - "expansionId": "27f76e63-c41b-480f-bb18-12ad2e011d49", - "startTime": "2019-12-25T17:21:00.000Z", - "endTime": "2020-01-24T17:21:00.000Z" - } - }, - "responses": { - "200": { - "body": { - "value": { - "entities": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/fe4ddab5-8cea-eca3-c8b8-9e92e830a387", - "name": "fe4ddab5-8cea-eca3-c8b8-9e92e830a387", - "type": "Microsoft.SecurityInsights/entities", - "kind": "Account", - "properties": { - "friendlyName": "administrator", - "accountName": "administrator", - "ntDomain": "domain" - } - } - ] - }, - "metaData": { - "aggregations": [ - { - "entityKind": "Account", - "count": 1 - } - ] - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json deleted file mode 100644 index 66174191..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "relation": { - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/bookmarks/relations", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", - "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "relatedResourceType": "Microsoft.SecurityInsights/incidents" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/bookmarks/relations", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", - "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "relatedResourceType": "Microsoft.SecurityInsights/incidents" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json deleted file mode 100644 index 0a4bc219..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json deleted file mode 100644 index edd5062c..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/bookmarks/relations", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", - "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "relatedResourceType": "Microsoft.SecurityInsights/incidents" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json deleted file mode 100644 index c02146c3..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/bookmarks/relations", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", - "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "relatedResourceType": "Microsoft.SecurityInsights/incidents" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/CreateCase.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/CreateCase.json deleted file mode 100644 index 3a22fdc9..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/CreateCase.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "caseId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "case": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "endTimeUtc": "2019-01-01T13:05:30Z", - "startTimeUtc": "2019-01-01T13:00:30Z", - "labels": [ - "Tag1", - "Tag2" - ], - "description": "This is a demo case", - "title": "My case", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" - }, - "severity": "High", - "closeReason": "Resolved", - "status": "Closed" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/cases", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "lastUpdatedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "endTimeUtc": "2019-01-01T13:05:30Z", - "startTimeUtc": "2019-01-01T13:00:30Z", - "labels": [ - "Tag1", - "Tag2" - ], - "description": "This is a demo case", - "title": "My case", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "severity": "High", - "closeReason": "Resolved", - "status": "Closed", - "relatedAlertIds": [ - "cf441808-2d50-4c10-81af-cdd0b908c121" - ], - "tactics": [], - "caseNumber": 3177 - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/cases", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "lastUpdatedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "endTimeUtc": "2019-01-01T13:05:30Z", - "startTimeUtc": "2019-01-01T13:00:30Z", - "labels": [ - "Tag1", - "Tag2" - ], - "description": "This is a demo case", - "title": "My case", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "severity": "High", - "closeReason": "Resolved", - "status": "Closed", - "relatedAlertIds": [ - "cf441808-2d50-4c10-81af-cdd0b908c121" - ], - "tactics": [], - "caseNumber": 3177 - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/DeleteCase.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/DeleteCase.json deleted file mode 100644 index 90581fc8..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/DeleteCase.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "caseId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCaseById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCaseById.json deleted file mode 100644 index 7e290b8e..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCaseById.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "caseId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/cases", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "lastUpdatedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "endTimeUtc": "2019-01-01T13:05:30Z", - "startTimeUtc": "2019-01-01T13:00:30Z", - "labels": [ - "Tag1", - "Tag2" - ], - "description": "This is a demo case", - "title": "My case", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "severity": "High", - "closeReason": "Resolved", - "status": "Closed", - "closedReasonText": "case resolved", - "relatedAlertIds": [ - "cf441808-2d50-4c10-81af-cdd0b908c121" - ], - "relatedAlertProductNames": [ - "Azure Sentinel" - ], - "tactics": [ - "InitialAccess", - "Persistence" - ], - "caseNumber": 3177, - "lastComment": "This is a demo case", - "totalComments": 3, - "metrics": { - "SecurityAlert": 1 - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCases.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCases.json deleted file mode 100644 index be30141c..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCases.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "$orderby": "properties/createdTimeUtc desc", - "$top": 1 - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/cases", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "lastUpdatedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "endTimeUtc": "2019-01-01T13:05:30Z", - "startTimeUtc": "2019-01-01T13:00:30Z", - "labels": [ - "Tag1", - "Tag2" - ], - "description": "This is a demo case", - "title": "My case", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "severity": "High", - "closeReason": "Resolved", - "status": "Closed", - "closedReasonText": "case resolved", - "relatedAlertIds": [ - "cf441808-2d50-4c10-81af-cdd0b908c121" - ], - "relatedAlertProductNames": [ - "Azure Sentinel" - ], - "tactics": [ - "InitialAccess", - "Persistence" - ], - "caseNumber": 3177, - "lastComment": "This is a demo case", - "totalComments": 3, - "metrics": { - "SecurityAlert": 1 - } - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/CreateCaseComment.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/CreateCaseComment.json deleted file mode 100644 index 345e3eb6..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/CreateCaseComment.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "caseId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "caseCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "caseComment": { - "properties": { - "message": "Some message" - } - } - }, - "responses": { - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/cases/comments", - "properties": { - "message": "Some message", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "userInfo": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetAllCaseComments.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetAllCaseComments.json deleted file mode 100644 index 9ca262b1..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetAllCaseComments.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "caseId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/cases/comments", - "properties": { - "message": "Some message", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "userInfo": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - } - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetCaseCommentById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetCaseCommentById.json deleted file mode 100644 index 72aefbb0..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetCaseCommentById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "caseId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "caseCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/cases/comments", - "properties": { - "message": "Some message", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "userInfo": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/CreateCaseRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/CreateCaseRelation.json deleted file mode 100644 index 73a38c85..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/CreateCaseRelation.json +++ /dev/null @@ -1,53 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "caseId": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "relationInputModel": { - "properties": { - "sourceRelationNode": { - "relationNodeId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "targetRelationNode": { - "relationNodeId": "2216d0e1-91e3-4902-89fd-d2df8c535096" - } - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/cases/relations", - "kind": "CasesToBookmarks", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "caseIdentifier": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "bookmarkName": "Test bookmark", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/cases/relations", - "kind": "CasesToBookmarks", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "caseIdentifier": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "bookmarkName": "Test bookmark", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/DeleteCaseRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/DeleteCaseRelation.json deleted file mode 100644 index f2c639b8..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/DeleteCaseRelation.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "caseId": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/GetAllCaseRelations.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/GetAllCaseRelations.json deleted file mode 100644 index eeb5656e..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/GetAllCaseRelations.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "caseId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/cases/relations", - "kind": "CasesToBookmarks", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "caseIdentifier": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "bookmarkName": "Test bookmark", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/GetCaseRelationByName.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/GetCaseRelationByName.json deleted file mode 100644 index 94f60b00..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/relations/GetCaseRelationByName.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "caseId": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/cases/relations", - "kind": "CasesToBookmarks", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "caseIdentifier": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "bookmarkName": "Test bookmark", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json deleted file mode 100644 index 8c1b4a54..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "DataConnectorsCheckRequirements": { - "kind": "AzureActiveDirectory", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - } - } - }, - "responses": { - "200": { - "body": { - "authorizationState": "Valid", - "licenseState": "Valid" - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json deleted file mode 100644 index 8c1b4a54..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "DataConnectorsCheckRequirements": { - "kind": "AzureActiveDirectory", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - } - } - }, - "responses": { - "200": { - "body": { - "authorizationState": "Valid", - "licenseState": "Valid" - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json deleted file mode 100644 index 8c1b4a54..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "DataConnectorsCheckRequirements": { - "kind": "AzureActiveDirectory", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - } - } - }, - "responses": { - "200": { - "body": { - "authorizationState": "Valid", - "licenseState": "Valid" - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json deleted file mode 100644 index 782af2f9..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "DataConnectorsCheckRequirements": { - "kind": "AzureSecurityCenter", - "properties": { - "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" - } - } - }, - "responses": { - "200": { - "body": { - "authorizationState": "Valid", - "licenseState": "Valid" - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json deleted file mode 100644 index 090e4b5b..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "DataConnectorsCheckRequirements": { - "kind": "Dynamics365", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - } - } - }, - "responses": { - "200": { - "body": { - "authorizationState": "Valid", - "licenseState": "Valid" - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json deleted file mode 100644 index f404ff1c..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "DataConnectorsCheckRequirements": { - "kind": "MicrosoftCloudAppSecurity", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - } - } - }, - "responses": { - "200": { - "body": { - "authorizationState": "Valid", - "licenseState": "Valid" - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json deleted file mode 100644 index f404ff1c..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "DataConnectorsCheckRequirements": { - "kind": "MicrosoftCloudAppSecurity", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - } - } - }, - "responses": { - "200": { - "body": { - "authorizationState": "Valid", - "licenseState": "Valid" - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json deleted file mode 100644 index 9f419962..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "DataConnectorsCheckRequirements": { - "kind": "MicrosoftThreatIntelligence", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - } - } - }, - "responses": { - "200": { - "body": { - "authorizationState": "Valid", - "licenseState": "Valid" - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json deleted file mode 100644 index b90142f4..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "DataConnectorsCheckRequirements": { - "kind": "MicrosoftThreatProtection", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - } - } - }, - "responses": { - "200": { - "body": { - "authorizationState": "Valid", - "licenseState": "Valid" - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json deleted file mode 100644 index d84f4b55..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "DataConnectorsCheckRequirements": { - "kind": "OfficeATP", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - } - } - }, - "responses": { - "200": { - "body": { - "authorizationState": "Valid", - "licenseState": "Valid" - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json deleted file mode 100644 index d862f472..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "DataConnectorsCheckRequirements": { - "kind": "ThreatIntelligence", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - } - } - }, - "responses": { - "200": { - "body": { - "authorizationState": "Valid", - "licenseState": "Valid" - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json deleted file mode 100644 index 662be278..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "DataConnectorsCheckRequirements": { - "kind": "ThreatIntelligenceTaxii", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" - } - } - }, - "responses": { - "200": { - "body": { - "authorizationState": "Valid", - "licenseState": "Valid" - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json deleted file mode 100644 index 5ffa8d38..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512", - "dataConnector": { - "kind": "Dynamics365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "dynamics365CdsActivities": { - "state": "Enabled" - } - } - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Dynamics365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "dynamics365CdsActivities": { - "state": "Enabled" - } - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Dynamics365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "dynamics365CdsActivities": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json deleted file mode 100644 index dd359736..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json +++ /dev/null @@ -1,76 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "dataConnector": { - "kind": "Office365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "sharePoint": { - "state": "Enabled" - }, - "exchange": { - "state": "Enabled" - }, - "teams": { - "state": "Enabled" - } - } - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Office365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "sharePoint": { - "state": "Enabled" - }, - "exchange": { - "state": "Enabled" - }, - "teams": { - "state": "Enabled" - } - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Office365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "sharePoint": { - "state": "Enabled" - }, - "exchange": { - "state": "Enabled" - }, - "teams": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json deleted file mode 100644 index ae4f0133..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "dataConnector": { - "kind": "ThreatIntelligence", - "properties": { - "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", - "dataTypes": { - "indicators": { - "state": "Enabled" - } - } - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "ThreatIntelligence", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", - "dataTypes": { - "indicators": { - "state": "Enabled" - } - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "ThreatIntelligence", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", - "dataTypes": { - "indicators": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json deleted file mode 100644 index 923b7bbf..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "dataConnector": { - "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", - "kind": "ThreatIntelligenceTaxii", - "properties": { - "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", - "collectionId": "135", - "workspaceId": "dd124572-4962-4495-9bd2-9dade12314b4", - "friendlyName": "testTaxii", - "userName": "--", - "password": "--", - "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", - "pollingFrequency": "OnceADay", - "dataTypes": { - "taxiiClient": { - "state": "Enabled" - } - } - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", - "kind": "ThreatIntelligenceTaxii", - "properties": { - "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", - "collectionId": "135", - "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871", - "friendlyName": "testTaxii", - "userName": null, - "password": null, - "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", - "pollingFrequency": "OnceADay", - "dataTypes": { - "taxiiClient": { - "state": "Enabled" - } - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", - "kind": "ThreatIntelligenceTaxii", - "properties": { - "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", - "collectionId": "135", - "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871", - "friendlyName": "testTaxii", - "userName": null, - "password": null, - "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", - "pollingFrequency": "OnceADay", - "dataTypes": { - "taxiiClient": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json deleted file mode 100644 index e226cb41..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json deleted file mode 100644 index 9d15d53a..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", - "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", - "type": "Microsoft.SecurityInsights/dataConnectors", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "kind": "AmazonWebServicesCloudTrail", - "properties": { - "awsRoleArn": "myAwsRoleArn", - "dataTypes": { - "logs": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json deleted file mode 100644 index 9d43733d..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", - "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "AzureActiveDirectory", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json deleted file mode 100644 index 642d47eb..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "07e42cb3-e658-4e90-801c-efa0f29d3d44" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", - "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "AzureAdvancedThreatProtection", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json deleted file mode 100644 index 77fa2804..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", - "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "AzureSecurityCenter", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDataConnectors.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDataConnectors.json deleted file mode 100644 index 9c253b18..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDataConnectors.json +++ /dev/null @@ -1,198 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", - "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "AzureSecurityCenter", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", - "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "ThreatIntelligence", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "indicators": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652", - "name": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "ThreatIntelligenceTaxii", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "workspaceId": "8b014a77-4695-4ef4-96bb-6623afb121a2", - "friendlyName": "My TI Taxii Connector", - "taxiiServer": "https://mytaxiiserver.com/taxiing/v2/api", - "collectionId": "e0b1f32d-1188-48f7-a7a3-de71924e4b5e", - "userName": "", - "password": "", - "pollingFrequency": "OnceAMinute", - "dataTypes": { - "taxiiClient": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", - "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "AzureActiveDirectory", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Office365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "sharePoint": { - "state": "Enabled" - }, - "exchange": { - "state": "Enabled" - }, - "teams": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", - "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "MicrosoftCloudAppSecurity", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - }, - "discoveryLogs": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", - "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "AzureAdvancedThreatProtection", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", - "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", - "type": "Microsoft.SecurityInsights/dataConnectors", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "kind": "AmazonWebServicesCloudTrail", - "properties": { - "awsRoleArn": "myAwsRoleArn", - "dataTypes": { - "logs": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "MicrosoftDefenderAdvancedThreatProtection", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", - "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "OfficeATP", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", - "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Dynamics365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "dynamics365CdsActivities": { - "state": "Enabled" - } - } - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json deleted file mode 100644 index e715758c..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", - "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Dynamics365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "dynamics365CdsActivities": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json deleted file mode 100644 index b95ac0e2..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "b96d014d-b5c2-4a01-9aba-a8058f629d42" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", - "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "MicrosoftCloudAppSecurity", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - }, - "discoveryLogs": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json deleted file mode 100644 index 699853dd..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "MicrosoftDefenderAdvancedThreatProtection", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json deleted file mode 100644 index f459ef93..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", - "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "MicrosoftThreatIntelligence", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "bingSafetyPhishingURL": { - "state": "Enabled", - "lookbackPeriod": "example ??" - }, - "microsoftEmergingThreatFeed": { - "state": "Enabled", - "lookbackPeriod": "example" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json deleted file mode 100644 index ffcc45f3..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", - "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "MicrosoftThreatProtection", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "incidents": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json deleted file mode 100644 index cf6f4020..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "3d3e955e-33eb-401d-89a7-251c81ddd660" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", - "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "OfficeATP", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json deleted file mode 100644 index d7b7b59d..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Office365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "sharePoint": { - "state": "Enabled" - }, - "exchange": { - "state": "Enabled" - }, - "teams": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json deleted file mode 100644 index 48c7ef9d..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", - "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "ThreatIntelligence", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", - "dataTypes": { - "indicators": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json deleted file mode 100644 index 5408280f..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "c39bb458-02a7-4b3f-b0c8-71a1d2692652" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652", - "name": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "ThreatIntelligenceTaxii", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "workspaceId": "8b014a77-4695-4ef4-96bb-6623afb121a2", - "friendlyName": "My TI Taxii Connector", - "taxiiServer": "https://mytaxiiserver.com/taxiing/v2/api", - "collectionId": "e0b1f32d-1188-48f7-a7a3-de71924e4b5e", - "userName": "", - "password": "", - "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", - "pollingFrequency": "OnceADay", - "dataTypes": { - "taxiiClient": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json deleted file mode 100644 index a351f5e1..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "ipAddress": "1.2.3.4" - }, - "responses": { - "200": { - "body": { - "asn": "12345", - "carrier": "Microsoft", - "city": "Redmond", - "cityCf": 90, - "continent": "north america", - "country": "united states", - "countryCf": 99, - "ipAddr": "1.2.3.4", - "ipRoutingType": "fixed", - "latitude": "40.2436", - "longitude": "-100.8891", - "organization": "Microsoft", - "organizationType": "tech", - "region": "western usa", - "state": "washington", - "stateCf": null, - "stateCode": "wa" - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json deleted file mode 100644 index 446f5f05..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "domain": "microsoft.com" - }, - "responses": { - "200": { - "body": { - "domain": "microsoft.com", - "server": null, - "created": "2021-02-25T16:15:01.187045Z", - "updated": "2021-02-25T16:15:01.187045Z", - "expires": null, - "parsedWhois": { - "registrar": { - "name": "MarkMonitor, Inc", - "abuseContactPhone": "12083895770", - "abuseContactEmail": "abuse@microsoft.com", - "url": "http://www.markmonitor.com", - "whoisServer": "whois.markmonitor.com" - }, - "contacts": { - "admin": { - "name": "Administrator", - "org": "Microsoft", - "street": [ - "One Microsoft Way" - ], - "city": null, - "state": "WA", - "postal": "98052", - "country": "United States", - "phone": "1-800-555-1234", - "fax": null, - "email": "mail@microsoft.com" - }, - "registrant": null, - "billing": { - "name": "Administrator", - "org": "Microsoft", - "street": [ - "One Microsoft Way" - ], - "city": null, - "state": "WA", - "postal": "98052", - "country": "United States", - "phone": "1-800-555-1234", - "fax": null, - "email": "mail@microsoft.com" - }, - "tech": { - "name": "Administrator", - "org": "Microsoft", - "street": [ - "One Microsoft Way" - ], - "city": null, - "state": "WA", - "postal": "98052", - "country": "United States", - "phone": "1-800-555-1234", - "fax": null, - "email": "mail@microsoft.com" - } - }, - "nameServers": [ - "ns1-205.azure-dns.com", - "ns2-205.azure-dns.net", - "ns3-205.azure-dns.org", - "ns4-205.azure-dns.info" - ], - "statuses": [ - "clientUpdateProhibited", - "clientTransferProhibited", - "clientDeleteProhibited", - "serverUpdateProhibited", - "serverTransferProhibited", - "serverDeleteProhibited" - ] - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAccountEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAccountEntityById.json deleted file mode 100644 index 540c3e71..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAccountEntityById.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", - "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "type": "Microsoft.SecurityInsights/entities", - "kind": "Account", - "properties": { - "friendlyName": "administrator", - "accountName": "administrator", - "ntDomain": "domain", - "upnSuffix": "contoso", - "sid": "S-1-5-18", - "aadTenantId": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", - "aadUserId": "f7033626-2572-46b1-bba0-06646f4f95b3", - "puid": "ee3cb2d8-14ba-45ef-8009-d6f1cacfa04d", - "isDomainJoined": true, - "objectGuid": "11227b78-3c6e-436e-a2a2-02fc7662eca0", - "dnsDomain": "contoso.com" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAzureResourceEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAzureResourceEntityById.json deleted file mode 100644 index 942132f4..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetAzureResourceEntityById.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", - "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "type": "Microsoft.SecurityInsights/entities", - "kind": "AzureResource", - "properties": { - "friendlyName": "vm1", - "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetCloudApplicationEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetCloudApplicationEntityById.json deleted file mode 100644 index 4e1145c9..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetCloudApplicationEntityById.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", - "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "type": "Microsoft.SecurityInsights/entities", - "kind": "CloudApplication", - "properties": { - "friendlyName": "AppName", - "appId": 1, - "appName": "AppName", - "instanceName": "InstanceName" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetDnsEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetDnsEntityById.json deleted file mode 100644 index aafd2be9..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetDnsEntityById.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "f4e74920-f2c0-4412-a45f-66d94fdf01f8" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/f4e74920-f2c0-4412-a45f-66d94fdf01f8", - "name": "f4e74920-f2c0-4412-a45f-66d94fdf01f8", - "type": "Microsoft.SecurityInsights/entities", - "kind": "DnsResolution", - "properties": { - "friendlyName": "domain", - "domainName": "domain", - "ipAddressEntityIds": [ - "475d3120-33e0-4841-9f1c-a8f15a801d19" - ] - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetEntities.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetEntities.json deleted file mode 100644 index 8056f72d..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetEntities.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", - "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "type": "Microsoft.SecurityInsights/entities", - "kind": "Account", - "properties": { - "friendlyName": "administrator", - "accountName": "administrator", - "ntDomain": "domain", - "upnSuffix": "contoso", - "sid": "S-1-5-18", - "aadTenantId": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", - "aadUserId": "f7033626-2572-46b1-bba0-06646f4f95b3", - "puid": "ee3cb2d8-14ba-45ef-8009-d6f1cacfa04d", - "isDomainJoined": true, - "objectGuid": "11227b78-3c6e-436e-a2a2-02fc7662eca0" - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/fed9fe89-dce8-40f2-bf44-70f23fe93b3c", - "name": "fed9fe89-dce8-40f2-bf44-70f23fe93b3c", - "type": "Microsoft.SecurityInsights/entities", - "kind": "Host", - "properties": { - "friendlyName": "vm1", - "dnsDomain": "contoso", - "ntDomain": "domain", - "hostName": "vm1", - "netBiosName": "contoso", - "azureID": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", - "omsAgentID": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", - "osFamily": "Windows", - "osVersion": "1.0", - "isDomainJoined": true - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", - "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", - "type": "Microsoft.SecurityInsights/entities", - "kind": "File", - "properties": { - "friendlyName": "cmd.exe", - "directory": "C:\\Windows\\System32", - "fileName": "cmd.exe" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetFileEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetFileEntityById.json deleted file mode 100644 index c9bd988f..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetFileEntityById.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "af378b21-b4aa-4fe7-bc70-13f8621a322f" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", - "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", - "type": "Microsoft.SecurityInsights/entities", - "kind": "File", - "properties": { - "friendlyName": "cmd.exe", - "directory": "C:\\Windows\\System32", - "fileName": "cmd.exe" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetFileHashEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetFileHashEntityById.json deleted file mode 100644 index 7ca192c6..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetFileHashEntityById.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "ea359fa6-c1e5-f878-e105-6344f3e399a1" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/ea359fa6-c1e5-f878-e105-6344f3e399a1", - "name": "ea359fa6-c1e5-f878-e105-6344f3e399a1", - "type": "Microsoft.SecurityInsights/entities", - "kind": "FileHash", - "properties": { - "friendlyName": "E923636F1093C414AAB39F846E9D7A372BEEFA7B628B28179197E539C56AA0F0(SHA256)", - "hashValue": "E923636F1093C414AAB39F846E9D7A372BEEFA7B628B28179197E539C56AA0F0", - "algorithm": "SHA256" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetHostEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetHostEntityById.json deleted file mode 100644 index 9a958340..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetHostEntityById.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", - "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "type": "Microsoft.SecurityInsights/entities", - "kind": "Host", - "properties": { - "friendlyName": "vm1", - "dnsDomain": "contoso", - "ntDomain": "domain", - "hostName": "vm1", - "netBiosName": "contoso", - "azureID": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", - "omsAgentID": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", - "osFamily": "Windows", - "osVersion": "1.0", - "isDomainJoined": true - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIoTDeviceEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIoTDeviceEntityById.json deleted file mode 100644 index d906f228..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIoTDeviceEntityById.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", - "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "type": "Microsoft.SecurityInsights/entities", - "kind": "IoTDevice", - "properties": { - "friendlyName": "device1", - "deviceId": "device1", - "iotHubEntityId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/8b2d9401-f953-e89d-2583-be9b4975870c" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIpEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIpEntityById.json deleted file mode 100644 index 48dbbc12..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetIpEntityById.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", - "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "type": "Microsoft.SecurityInsights/entities", - "kind": "Ip", - "properties": { - "friendlyName": "10.3.2.8", - "address": "10.3.2.8" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailClusterEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailClusterEntityById.json deleted file mode 100644 index 5c2c5e81..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailClusterEntityById.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", - "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "type": "Microsoft.SecurityInsights/entities", - "kind": "MailCluster", - "properties": { - "friendlyName": "ClusterSourceIdentifier", - "networkMessageIds": [ - "ccfce855-e02f-491b-a1cc-5bafb371ad0c" - ], - "countByDeliveryStatus": { - "deliveryStatus": 5 - }, - "countByThreatType": { - "threatType": 6 - }, - "countByProtectionStatus": { - "protectionStatus": 65 - }, - "threats": [ - "thrreat1", - "thread2" - ], - "query": "kqlFilter", - "queryTime": "2019-06-05T01:42:01.6026755Z", - "source": "ClusterSourceIdentifier", - "clusterSourceIdentifier": "cluster source identifier", - "clusterSourceType": "Similarity", - "clusterGroup": "cluster group" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailMessageEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailMessageEntityById.json deleted file mode 100644 index d0ed8f49..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailMessageEntityById.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", - "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "type": "Microsoft.SecurityInsights/entities", - "kind": "MailMessage", - "properties": { - "friendlyName": "cmd.exe", - "fileEntityIds": [ - "ccfce855-e02f-491b-a1cc-5bafb371ad0c" - ], - "recipient": "recipient", - "urls": [ - "http://moqbrarcwmnk.banxhdcojlg.biz" - ], - "threats": [ - "thrreat1", - "thread2" - ], - "p1Sender": "email@fake.com", - "p1SenderDisplayName": "p1 sender display name", - "p1SenderDomain": "p1 sender domain", - "senderIP": "1.23.34.43", - "p2Sender": "the sender", - "deliveryAction": "Blocked", - "p2SenderDisplayName": "p2 sender display name", - "p2SenderDomain": "p2 Sender Domain", - "internetMessageId": "message id", - "subject": "subject", - "language": "language", - "threatDetectionMethods": [ - "thrreat1", - "thread2" - ] - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailboxEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailboxEntityById.json deleted file mode 100644 index 402117b1..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMailboxEntityById.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", - "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "type": "Microsoft.SecurityInsights/entities", - "kind": "Mailbox", - "properties": { - "friendlyName": "emailAddress1", - "displayName": "display name", - "mailboxPrimaryAddress": "emailAddress1", - "upn": "upn1", - "externalDirectoryObjectId": "18cc8fdc-e169-4451-983a-bd027db286eb" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMalwareEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMalwareEntityById.json deleted file mode 100644 index 95b24ec7..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetMalwareEntityById.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "af378b21-b4aa-4fe7-bc70-13f8621a322f" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", - "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", - "type": "Microsoft.SecurityInsights/entities", - "kind": "Malware", - "properties": { - "malwareName": "Win32/Toga!rfn", - "category": "Trojan", - "friendlyName": "Win32/Toga!rfn" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetProcessEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetProcessEntityById.json deleted file mode 100644 index 911d28f6..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetProcessEntityById.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "7264685c-038c-42c6-948c-38e14ef1fb98" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/7264685c-038c-42c6-948c-38e14ef1fb98", - "name": "7264685c-038c-42c6-948c-38e14ef1fb98", - "type": "Microsoft.SecurityInsights/entities", - "kind": "Process", - "properties": { - "friendlyName": "cmd.exe", - "processId": "0x2aa48", - "commandLine": "\"cmd\"", - "imageFileEntityId": "bba7b47b-c1c1-4021-b568-5b07b9292f5e" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetQueries.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetQueries.json deleted file mode 100644 index 29b22c51..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetQueries.json +++ /dev/null @@ -1,457 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "kind": "Insight" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/6db7f5d1-f41e-46c2-b935-230b36a569e6", - "name": "6db7f5d1-f41e-46c2-b935-230b36a569e6", - "type": "Microsoft.SecurityInsights/entities/queries", - "kind": "Insight", - "properties": { - "displayName": "Actions on account", - "description": "Summary of actions taken on the specified account, grouped by action: password resets and changes, account lockouts (policy or admin), account creation and deletion, account enabled and disabled\n", - "baseQuery": "let GetAccountActions = (v_Account_Name:string, v_Account_NTDomain:string, v_Account_UPNSuffix:string, v_Account_AADUserId:string, v_Account_SID:string){\nAuditLogs\n| where OperationName in~ ('Delete user', 'Change user password', 'Reset user password', 'Change password (self-service)', 'Reset password (by admin)', 'Reset password (self-service)', 'Update user')\n| extend UserPrincipalName = tostring(TargetResources[0].userPrincipalName)\n| extend Account_Name = tostring(split(UserPrincipalName, '@')[0])\n| extend Account_UPNSuffix = tostring(split(UserPrincipalName, '@')[1])\n| extend Action = tostring(parse_json(tostring(parse_json(tostring(TargetResources[0].modifiedProperties))[0])))\n| extend ModifiedProperty = parse_json(Action).displayName\n| extend ModifiedValue = parse_json(Action).newValue\n| extend Account_AADUserId = tostring(TargetResources[0].id)\n| extend DisableUser = iif(ModifiedProperty =~ 'AccountEnabled' and ModifiedValue =~ '[false]', 'True', 'False')\n| union isfuzzy=true (\nSecurityEvent\n| where EventID in (4720, 4722, 4723, 4724, 4725, 4726, 4740)\n| extend OperationName = tostring(EventID)\n| where AccountType =~ \"user\" or isempty(AccountType)\n| extend Account_Name = TargetUserName, Account_NTDomain = TargetDomainName, Account_SID = TargetSid\n)\n| where (Account_Name =~ v_Account_Name and (Account_UPNSuffix =~ v_Account_UPNSuffix or Account_NTDomain =~ v_Account_NTDomain)) or Account_AADUserId =~ v_Account_AADUserId or Account_SID =~ v_Account_SID\n};\nGetAccountActions('CTFFUser4', '', 'seccxp.ninja', '', '')\n", - "tableQuery": { - "columnsDefinitions": [ - { - "header": "Action", - "outputType": "String", - "supportDeepLink": false - }, - { - "header": "Most Recent", - "outputType": "Date", - "supportDeepLink": false - }, - { - "header": "Count", - "outputType": "Number", - "supportDeepLink": true - } - ], - "queriesDefinitions": [ - { - "filter": "where OperationName in~ ('Change user password', 'Reset user password', 'Change password (self-service)', 'Reset password (by admin)', 'Reset password (self-service)', '4724', '4723')", - "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", - "project": "project Title = OperationName, MostRecent, Count", - "linkColumnsDefinitions": [ - { - "projectedName": "Count", - "Query": "{{BaseQuery}} | " - } - ] - }, - { - "filter": "where OperationName in~ ('Blocked from self-service password reset', '4740')", - "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", - "project": "project Title = OperationName, MostRecent, Count", - "linkColumnsDefinitions": [ - { - "projectedName": "Count", - "Query": "{{BaseQuery}} | " - } - ] - }, - { - "filter": "where OperationName == '4725' or (OperationName =~ 'Update user' and DisableUser =~ 'True')", - "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", - "project": "project Title = OperationName, MostRecent, Count", - "linkColumnsDefinitions": [ - { - "projectedName": "Count", - "Query": "{{BaseQuery}} | " - } - ] - }, - { - "filter": "where OperationName in~ ('Add user', '4720')", - "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", - "project": "project Title = OperationName, MostRecent, Count", - "linkColumnsDefinitions": [ - { - "projectedName": "Count", - "Query": "{{BaseQuery}} | " - } - ] - }, - { - "filter": "where OperationName in~ ('Delete user', '4726')", - "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", - "project": "project Title = OperationName, MostRecent, Count", - "linkColumnsDefinitions": [ - { - "projectedName": "Count", - "Query": "{{BaseQuery}} | " - } - ] - }, - { - "filter": "where OperationName in~ ('4725', 'Blocked from self-service password reset', '4740') or (OperationName =~ 'Update user' and DisableUser =~ 'True')", - "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", - "project": "project Title = OperationName, MostRecent, Count", - "linkColumnsDefinitions": [ - { - "projectedName": "Count", - "Query": "{{BaseQuery}} | " - } - ] - }, - { - "filter": "where OperationName in~ ('4722', '4767') or (OperationName =~ 'Update user' and DisableUser =~ 'False')", - "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", - "project": "project Title = OperationName, MostRecent, Count", - "linkColumnsDefinitions": [ - { - "projectedName": "Count", - "Query": "{{BaseQuery}} | " - } - ] - }, - { - "filter": "where OperationName in~ ('Update user','4738')", - "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", - "project": "project Title = OperationName, MostRecent, Count", - "linkColumnsDefinitions": [ - { - "projectedName": "Count", - "Query": "{{BaseQuery}} | " - } - ] - } - ] - }, - "chartQuery": { - "title": "Actions by type", - "dataSets": [ - { - "query": "summarize Count = count() by bin(TimeGenerated, 1h), OperationName", - "xColumnName": "TimeGenerated", - "yColumnName": "Count", - "legendColumnName": "OperationName" - } - ], - "type": "BarChart" - }, - "additionalQuery": { - "text": "See all account activity", - "query": "project TimeGenerated, UserPrincipalName, Account_Name, OperationName, Activity, DisableUser, TargetSid, AADUserId, InitiatedBy, AADTenantId, AccountType, Computer, SubjectAccount, SubjectUserSid, EventData" - }, - "defaultTimeRange": { - "beforeRange": "12h", - "afterRange": "12h" - }, - "referenceTimeRange": null, - "dataTypes": [ - { - "dataType": "AuditLogs" - }, - { - "dataType": "SecurityEvent" - } - ], - "inputEntityType": "Account", - "requiredInputFieldsSets": [ - [ - "Account_Name", - "Account_NTDomain" - ], - [ - "Account_Name", - "Account_UPNSuffix" - ], - [ - "Account_AADUserId" - ], - [ - "Account_SID" - ] - ], - "entitiesFilter": {} - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/0a5d7b14-b485-450a-a0ac-4100c860ac32", - "name": "0a5d7b14-b485-450a-a0ac-4100c860ac32", - "type": "Microsoft.SecurityInsights/entities/queries", - "kind": "Insight", - "properties": { - "displayName": "Anomalously high office operation count", - "description": "Highlight office operations of the user with anomalously high count compared to those observed in the preceding 14 days.", - "baseQuery": "let AScoreThresh = 3; \nlet maxAnomalies = 3;\nlet BeforeRange = 12d; \nlet EndTime = todatetime('{{EndTimeUTC}}'); \nlet StartTime = todatetime('{{StartTimeUTC}}');\nlet numDays = tolong((EndTime-StartTime)/1d); \nlet userData = (v_Account_Name:string, v_Account_UPNSuffix:string) { \n OfficeActivity \n | extend splitUserId=split(UserId, '@')\n | extend Account_Name = tostring(splitUserId[0]), Account_UPNSuffix = tostring(splitUserId[1])\n | where Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix }; \nuserData('CTFFUser4', 'seccxp.ninja')\n", - "tableQuery": { - "columnsDefinitions": [ - { - "header": "Operation", - "outputType": "String", - "supportDeepLink": true - }, - { - "header": "Expected Count", - "outputType": "Number", - "supportDeepLink": false - }, - { - "header": "Actual Count", - "outputType": "Number", - "supportDeepLink": false - } - ], - "queriesDefinitions": [ - { - "filter": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost=maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore-maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc\n", - "summarize": "take 1", - "project": "project Operation, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)", - "linkColumnsDefinitions": [ - { - "projectedName": "Operation", - "Query": "{{BaseQuery}} \n| where TimeGenerated between (StartTime .. EndTime) \n| where Operation == ''\n" - } - ] - } - ] - }, - "chartQuery": { - "title": "Anomalous operation timeline", - "dataSets": [ - { - "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost=maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore-maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,round(postExpectedCount,2)) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| take 1 \n| project Operation, TimeGenerated, count_\n| mvexpand TimeGenerated, count_ | project todatetime(TimeGenerated), toint(count_), Operation\n", - "xColumnName": "TimeGenerated", - "yColumnName": "count_", - "legendColumnName": "Operation" - } - ], - "type": "LineChart" - }, - "additionalQuery": { - "text": "Query all anomalous operations", - "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_\n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies\n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh | order by maxAnomalyScorePost desc \n| project Operation, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)\n" - }, - "defaultTimeRange": { - "beforeRange": "1d", - "afterRange": "0d" - }, - "referenceTimeRange": { - "beforeRange": "12d" - }, - "dataTypes": [ - { - "dataType": "OfficeActivity" - } - ], - "inputEntityType": "Account", - "requiredInputFieldsSets": [ - [ - "Account_Name", - "Account_UPNSuffix" - ] - ], - "entitiesFilter": {} - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/e6cf68e6-1eca-4fbb-9fad-6280f2a9476e", - "name": "e6cf68e6-1eca-4fbb-9fad-6280f2a9476e", - "type": "Microsoft.SecurityInsights/entities/queries", - "kind": "Insight", - "properties": { - "displayName": "Resource access", - "description": "Provides the count and distinct resource accesses by a given user account\n", - "baseQuery": "let Operations = dynamic([\"FileDownloaded\", \"FileUploaded\"]);\nlet UserOperationToSharePoint = (v_Account_Name:string, v_Account_UPNSuffix:string) {\nOfficeActivity\n// Select sharepoint activity that is relevant\n| where RecordType in~ ('SharePointFileOperation')\n| where Operation in~ (Operations)\n| extend Account_Name = tostring(split(UserId, '@')[0])\n| extend Account_UPNSuffix = tostring(split(UserId, '@')[1])\n| where Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix\n| project TimeGenerated, Account_Name, Account_UPNSuffix, UserId, OfficeId, RecordType, Operation, OrganizationId, UserType, UserKey, OfficeWorkload, OfficeObjectId, ClientIP, ItemType, UserAgent, Site_Url, SourceRelativeUrl, SourceFileName, SourceFileExtension , Start_Time , ElevationTime , TenantId, SourceSystem , Type\n};\nUserOperationToSharePoint ('CTFFUser4','seccxp.ninja')\n", - "tableQuery": { - "columnsDefinitions": [ - { - "header": "Resource Type", - "outputType": "String", - "supportDeepLink": false - }, - { - "header": "Distinct Resources", - "outputType": "Number", - "supportDeepLink": true - }, - { - "header": "Total Resources", - "outputType": "Number", - "supportDeepLink": true - }, - { - "header": "IPAddress(es)", - "outputType": "String", - "supportDeepLink": false - } - ], - "queriesDefinitions": [ - { - "filter": "where Operation =~ 'FileUploaded'", - "summarize": "summarize DistinctResources = dcount(SourceFileName), TotalResources = count(SourceFileName), IPAddresses = make_set(ClientIP) by Operation", - "project": "project Title = Operation, DistinctResources, TotalResources, IPAddresses = case(array_length(IPAddresses) == 1, tostring(IPAddresses[0]), array_length(IPAddresses) > 1, 'Many', 'None')", - "linkColumnsDefinitions": [ - { - "projectedName": "DistinctResources", - "Query": "{{BaseQuery}} | " - }, - { - "projectedName": "TotalResources", - "Query": "{{BaseQuery}} | " - } - ] - }, - { - "filter": "where Operation =~ 'FileDownloaded'", - "summarize": "summarize DistinctResources = dcount(SourceFileName), TotalResources = count(SourceFileName), IPAddresses = make_set(ClientIP) by Operation", - "project": "project Title = Operation, DistinctResources, TotalResources, IPAddresses = case(array_length(IPAddresses) == 1, tostring(IPAddresses[0]), array_length(IPAddresses) > 1, 'Many', 'None')", - "linkColumnsDefinitions": [ - { - "projectedName": "DistinctResources", - "Query": "{{BaseQuery}} | " - }, - { - "projectedName": "TotalResources", - "Query": "{{BaseQuery}} | " - } - ] - } - ] - }, - "chartQuery": { - "title": "Resource access over time", - "dataSets": [ - { - "query": "summarize DistinctResources = dcountif(Operation, Operation =~ 'FileUploaded'), TotalResources = countif(Operation =~ 'FileUploaded') by bin(TimeGenerated, 1h) | extend Legend = 'File Uploads'", - "xColumnName": "TimeGenerated", - "yColumnName": "TotalResources", - "legendColumnName": "Legend" - }, - { - "query": "summarize DistinctResources = dcountif(Operation, Operation =~ 'FileDownloaded'), TotalResources = countif(Operation =~ 'FileDownloaded') by bin(TimeGenerated, 1h) | extend Legend = 'File Downloads'", - "xColumnName": "TimeGenerated", - "yColumnName": "TotalResources", - "legendColumnName": "Legend" - } - ], - "type": "LineChart" - }, - "additionalQuery": { - "text": "See all resource activity", - "query": "where Operation in~ (Operations)" - }, - "defaultTimeRange": { - "beforeRange": "12h", - "afterRange": "12h" - }, - "referenceTimeRange": null, - "dataTypes": [ - { - "dataType": "OfficeActivity" - } - ], - "inputEntityType": "Account", - "requiredInputFieldsSets": [ - [ - "Account_Name", - "Account_UPNSuffix" - ], - [ - "Account_AADUserId" - ] - ], - "entitiesFilter": {} - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4", - "name": "cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4", - "type": "Microsoft.SecurityInsights/entities/queries", - "kind": "Insight", - "properties": { - "displayName": "Anomalously high Azure sign-in result count", - "description": "Highlight Azure sign-in results by the user principal with anomalously high count compared to those observed in the preceding 14 days.", - "baseQuery": "let AScoreThresh=3; \nlet maxAnomalies=3; \nlet BeforeRange = 12d; \nlet EndTime=todatetime('{{EndTimeUTC}}');\nlet StartTime = todatetime('{{StartTimeUTC}}'); \nlet numDays = tolong((EndTime-StartTime)/1d); \nlet userData = (v_Account_Name:string, v_Account_UPNSuffix:string, v_Account_AADUserId:string) { \n SigninLogs \n | where TimeGenerated between ((StartTime-BeforeRange) .. EndTime)\n | extend splitUserId=split(UserPrincipalName, '@')\n | extend Account_Name = tostring(splitUserId[0]), Account_UPNSuffix = tostring(splitUserId[1])\n | where (Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix) or UserId =~ v_Account_AADUserId };\nuserData('CTFFUser4', 'seccxp.ninja', '')\n", - "tableQuery": { - "columnsDefinitions": [ - { - "header": "Result Description", - "outputType": "String", - "supportDeepLink": true - }, - { - "header": "Expected Count", - "outputType": "Number", - "supportDeepLink": false - }, - { - "header": "Actual Count", - "outputType": "Number", - "supportDeepLink": false - } - ], - "queriesDefinitions": [ - { - "filter": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc\n", - "summarize": "take 1", - "project": "project ResultDescription, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)", - "linkColumnsDefinitions": [ - { - "projectedName": "ResultDescription", - "Query": "{{BaseQuery}} \n| where TimeGenerated between (StartTime .. EndTime) \n| where ResultDescription == ''\n" - } - ] - } - ] - }, - "chartQuery": { - "title": "Anomalous sign-in result timeline", - "dataSets": [ - { - "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,round(postExpectedCount,2)) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| take 1 \n| project ResultDescription, TimeGenerated, count_ \n| mvexpand TimeGenerated, count_ \n| project todatetime(TimeGenerated), toint(count_), ResultDescription \n", - "xColumnName": "TimeGenerated", - "yColumnName": "count_", - "legendColumnName": "ResultDescription" - } - ], - "type": "LineChart" - }, - "additionalQuery": { - "text": "Query all anomalous sign-in results", - "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_\n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies\n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| project ResultDescription, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)\n" - }, - "defaultTimeRange": { - "beforeRange": "1d", - "afterRange": "0d" - }, - "referenceTimeRange": { - "beforeRange": "12d" - }, - "dataTypes": [ - { - "dataType": "SigninLogs" - } - ], - "inputEntityType": "Account", - "requiredInputFieldsSets": [ - [ - "Account_Name", - "Account_UPNSuffix" - ], - [ - "Account_AADUserId" - ] - ], - "entitiesFilter": {} - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetRegistryKeyEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetRegistryKeyEntityById.json deleted file mode 100644 index 1b5078f4..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetRegistryKeyEntityById.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", - "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "type": "Microsoft.SecurityInsights/entities", - "kind": "RegistryKey", - "properties": { - "friendlyName": "SOFTWARE", - "hive": "HKEY_LOCAL_MACHINE", - "key": "SOFTWARE" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetRegistryValueEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetRegistryValueEntityById.json deleted file mode 100644 index 726b6098..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetRegistryValueEntityById.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "dc44bd11-b348-4d76-ad29-37bf7aa41356" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/dc44bd11-b348-4d76-ad29-37bf7aa41356", - "name": "dc44bd11-b348-4d76-ad29-37bf7aa41356", - "type": "Microsoft.SecurityInsights/entities", - "kind": "RegistryValue", - "properties": { - "friendlyName": "Data", - "valueName": "Name", - "valueData": "Data", - "valueType": "String", - "keyEntityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityAlertEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityAlertEntityById.json deleted file mode 100644 index 1f5f0d3b..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityAlertEntityById.json +++ /dev/null @@ -1,52 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "4aa486e0-6f85-41af-99ea-7acdce7be6c8" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/4aa486e0-6f85-41af-99ea-7acdce7be6c8", - "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "type": "Microsoft.SecurityInsights/entities", - "kind": "SecurityAlert", - "properties": { - "systemAlertId": "4aa486e0-6f85-41af-99ea-7acdce7be6c8", - "intent": "Unknown", - "alertDisplayName": "Suspicious account detected", - "description": "", - "confidenceLevel": "Unknown", - "severity": "Medium", - "vendorName": "Microsoft", - "productName": "Azure Sentinel", - "productComponentName": "Scheduled Alerts", - "alertType": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b_46c7b6c0-ff43-44dd-8b4d-ceffff7aa7df", - "providerAlertId": "c2bafff9-fb31-41d0-a177-ecbff7a02ffe", - "processingEndTime": "2019-07-06T13:56:53.5392366Z", - "status": "New", - "endTimeUtc": "2019-07-06T13:21:45.926185Z", - "startTimeUtc": "2019-07-06T08:21:45.926185Z", - "timeGenerated": "2019-07-06T13:56:53.5392366Z", - "tactics": [ - "Persistence", - "LateralMovement" - ], - "additionalData": { - "Query": "Heartbeat \n| extend AccountCustomEntity = \"administrator\"", - "Query Period": "05:00:00", - "Trigger Operator": "GreaterThan", - "Trigger Threshold": "200", - "Search Query Results Overall Count": "203", - "Total Account Entities": "1" - }, - "friendlyName": "Suspicious account detected", - "alertLink": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518119885989999999_4aa486e0-6f85-41af-99ea-7acdce7be6c8/subscriptionId/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/myRg/myWorkspace/referencedFrom/alertDeepLink/location/centralus" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityGroupEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityGroupEntityById.json deleted file mode 100644 index 63726bc3..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSecurityGroupEntityById.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", - "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "type": "Microsoft.SecurityInsights/entities", - "kind": "SecurityGroup", - "properties": { - "friendlyName": "Name", - "distinguishedName": "Name", - "sid": "Sid", - "objectGuid": "fb1b8e04-d944-4986-b39a-1ce9adedcd98" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSubmissionMailEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSubmissionMailEntityById.json deleted file mode 100644 index 70c52747..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetSubmissionMailEntityById.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", - "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "type": "Microsoft.SecurityInsights/entities", - "kind": "SubmissionMail", - "properties": { - "friendlyName": "recipient", - "submissionId": "5bb3d8fe-54bc-499c-bc21-86fe8df2a184", - "submitter": "submitter", - "recipient": "recipient", - "sender": "sender", - "senderIp": "1.4.35.34", - "subject": "subject", - "reportType": "report type" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetUrlEntityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetUrlEntityById.json deleted file mode 100644 index de7ef67a..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/GetUrlEntityById.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", - "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "type": "Microsoft.SecurityInsights/entities", - "kind": "Url", - "properties": { - "friendlyName": "https://bing.com", - "url": "https://bing.com" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/expand/PostExpandEntity.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/expand/PostExpandEntity.json deleted file mode 100644 index 699aca47..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/expand/PostExpandEntity.json +++ /dev/null @@ -1,53 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "parameters": { - "expansionId": "a77992f3-25e9-4d01-99a4-5ff606cc410a", - "startTime": "2019-04-25T00:00:00.000Z", - "endTime": "2019-05-26T00:00:00.000Z" - } - }, - "responses": { - "200": { - "body": { - "value": { - "entities": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", - "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "type": "Microsoft.SecurityInsights/entities", - "kind": "Ip", - "properties": { - "address": "13.89.108.248", - "friendlyName": "13.89.108.248" - } - } - ], - "edges": [ - { - "targetEntityId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/c1d60d86-5988-11eb-ae93-0242ac130002", - "additionalData": { - "EpochTimestamp": "1608289949", - "FirstSeen": "2020-12-18T11:12:29.597Z", - "Source": "Heartbeat" - } - } - ] - }, - "metaData": { - "aggregations": [ - { - "entityKind": "Account", - "count": 1 - } - ] - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/insights/PostGetInsights.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/insights/PostGetInsights.json deleted file mode 100644 index 50f29030..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/insights/PostGetInsights.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "parameters": { - "addDefaultExtendedTimeRange": false, - "startTime": "2019-04-25T00:00:00.000Z", - "endTime": "2019-05-26T00:00:00.000Z", - "insightQueryIds": [ - "cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4" - ] - } - }, - "responses": { - "200": { - "body": { - "value": [ - { - "tableQueryResults": { - "columns": [ - { - "name": "Title", - "type": "string" - }, - { - "name": "NameCount", - "type": "long" - }, - { - "name": "SIDCount", - "type": "long" - }, - { - "name": "InternalOrder", - "type": "long" - }, - { - "name": "Index", - "type": "long" - } - ], - "rows": [ - [ - "MyTitle", - "15", - "SID", - "1", - "1" - ] - ] - }, - "chartQueryResults": [ - { - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime" - }, - { - "name": "Count", - "type": "long" - }, - { - "name": "Legend", - "type": "string" - } - ], - "rows": [ - [ - "2019-04-25T00:00:00.000Z", - "55", - "SomeLegend" - ] - ] - } - ], - "queryTimeInterval": { - "startTime": "2020-07-07T23:35:20Z", - "endTime": "2020-11-11T23:35:20Z" - }, - "queryId": "e29ee1ef-7445-455e-85f1-269f2d536d61" - } - ], - "metaData": { - "totalCount": 7, - "errors": [ - { - "kind": "Insight", - "queryId": "4a70a63d-25c4-6312-b73e-4f302a90c06a", - "errorMessage": "Internal server error" - } - ] - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/relations/GetAllEntityRelations.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/relations/GetAllEntityRelations.json deleted file mode 100644 index c26b0b1d..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/relations/GetAllEntityRelations.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/entities/relations", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceType": "Microsoft.SecurityInsights/incidents" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/relations/GetEntityRelationByName.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/relations/GetEntityRelationByName.json deleted file mode 100644 index c7a18b9d..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/relations/GetEntityRelationByName.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/entities/relations", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceType": "Microsoft.SecurityInsights/incidents" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/timeline/PostTimelineEntity.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/timeline/PostTimelineEntity.json deleted file mode 100644 index 6f9eb731..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entities/timeline/PostTimelineEntity.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "parameters": { - "numberOfBucket": 4, - "startTime": "2019-04-25T00:00:00.000Z", - "endTime": "2019-05-26T00:00:00.000Z" - } - }, - "responses": { - "200": { - "body": { - "value": [ - { - "kind": "SecurityAlert", - "description": "The alert description", - "azureResourceId": "4467341f-fb73-4f99-a9b3-29473532cf5a_bf7c3a2f-b743-6410-3ff0-ec64b5995d50", - "productName": "Azure Sentinel", - "displayName": "Alert display name", - "severity": "Medium", - "endTimeUtc": "2020-08-29T23:31:28.02Z", - "startTimeUtc": "2020-08-28T23:32:28.01Z", - "timeGenerated": "2020-08-29T23:37:25.8136594Z", - "alertType": "4467341f-fb73-4f99-a9b3-29473532cf5a_c93bf33e-055e-4972-9e7d-f84fe3fb61ae" - }, - { - "kind": "Activity", - "queryId": "e0459780-ac9d-4b72-8bd4-fecf6b46a0a1", - "bucketStartTimeUTC": "2020-08-29T21:31:28.02Z", - "bucketEndTimeUTC": "2020-08-29T23:31:28.02Z", - "firstActivityTimeUTC": "2020-08-29T21:35:28.02Z", - "lastActivityTimeUTC": "2020-08-29T21:35:28.02Z", - "content": "he user has deleted the account 3 time(s)", - "title": "The user has deleted an account" - } - ], - "metaData": { - "totalCount": 6, - "aggregations": [ - { - "count": 4, - "kind": "Activity" - }, - { - "count": 2, - "kind": "SecurityAlert" - } - ], - "errors": [ - { - "kind": "Activity", - "queryId": "11067f9f-d6a7-4488-887f-0ba564268879", - "errorMessage": "syntax error" - }, - { - "kind": "SecurityAlert", - "errorMessage": "internal server error" - } - ] - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entityQueries/GetEntityQueries.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entityQueries/GetEntityQueries.json deleted file mode 100644 index 1d78fee1..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entityQueries/GetEntityQueries.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/37ca3555-c135-4a73-a65e-9c1d00323f5d", - "name": "37ca3555-c135-4a73-a65e-9c1d00323f5d", - "type": "Microsoft.SecurityInsights/entityQueries", - "etag": null, - "kind": "Expansion", - "properties": { - "queryTemplate": "let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count asc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')", - "inputFields": [ - "address" - ], - "outputEntityTypes": [ - "Account" - ], - "dataSources": [ - "AzureActivity" - ], - "inputEntityType": "IP", - "displayName": "Least active accounts on Azure from this IP" - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/97a1d515-abf2-4231-9a35-985f9de0bb91", - "name": "97a1d515-abf2-4231-9a35-985f9de0bb91", - "type": "Microsoft.SecurityInsights/entityQueries", - "etag": null, - "kind": "Expansion", - "properties": { - "queryTemplate": "let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count desc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')", - "inputFields": [ - "address" - ], - "outputEntityTypes": [ - "Account" - ], - "dataSources": [ - "AzureActivity" - ], - "inputEntityType": "IP", - "displayName": "Most active accounts on Azure from this IP" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json deleted file mode 100644 index 08ccab6f..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", - "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", - "type": "Microsoft.SecurityInsights/entityQueries", - "etag": null, - "kind": "Expansion", - "properties": { - "queryTemplate": "let GetParentProcessesOnHost = (v_Host_HostName:string){\r\n SecurityEvent \r\n | where EventID == 4688 \r\n | where isnotempty(ParentProcessName)\r\n | where NewProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe' and ParentProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe'\r\n and NewProcessName!contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe' and ParentProcessName !contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe'\r\n and ParentProcessName !contains ':\\\\Windows\\\\CCM\\\\CcmExec.exe'\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\svchost.exe' and (NewProcessName !contains ':\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe' or NewProcessName !contains ':\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe'))\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\services.exe' and NewProcessName !contains ':\\\\Windows\\\\servicing\\\\TrustedInstaller.exe')\r\n | where toupper(Computer) contains v_Host_HostName or toupper(WorkstationName) contains v_Host_HostName\r\n | summarize min(TimeGenerated), max(TimeGenerated) by Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project min_TimeGenerated, max_TimeGenerated, Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project-rename Process_Host_UnstructuredName=Computer, Process_Account_UnstructuredName=Account, Process_CommandLine=CommandLine, Process_ProcessId=ProcessId, Process_ImageFile_FullPath=NewProcessName, Process_ParentProcess_ImageFile_FullPath=ParentProcessName\r\n | top 10 by min_TimeGenerated asc};\r\n GetParentProcessesOnHost(toupper(''))", - "inputFields": [ - "hostName" - ], - "outputEntityTypes": [ - "Process" - ], - "dataSources": [ - "SecurityEvent" - ], - "inputEntityType": "Host", - "displayName": "Parent processes running on host" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json deleted file mode 100644 index d81fa959..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json +++ /dev/null @@ -1,109 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incident": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "IncorrectAlertLogic", - "status": "Closed" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", - "properties": { - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "assignedTo": "john doe" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "IncorrectAlertLogic", - "status": "Closed", - "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentNumber": 3177, - "labels": [], - "providerName": "Azure Sentinel", - "providerIncidentId": "3177", - "relatedAnalyticRuleIds": [], - "additionalData": { - "alertsCount": 0, - "bookmarksCount": 0, - "commentsCount": 3, - "alertProductNames": [], - "tactics": [] - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", - "properties": { - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "assignedTo": "john doe" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "IncorrectAlertLogic", - "status": "Closed", - "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentNumber": 3177, - "labels": [], - "providerName": "Azure Sentinel", - "providerIncidentId": "3177", - "relatedAnalyticRuleIds": [], - "additionalData": { - "alertsCount": 0, - "bookmarksCount": 0, - "commentsCount": 3, - "alertProductNames": [], - "tactics": [] - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/DeleteIncident.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/DeleteIncident.json deleted file mode 100644 index 84a5d11b..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/DeleteIncident.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetAllIncidentAlerts.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetAllIncidentAlerts.json deleted file mode 100644 index 1cb622e0..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetAllIncidentAlerts.json +++ /dev/null @@ -1,51 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/baa8a239-6fde-4ab7-a093-d09f7b75c58c", - "name": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", - "type": "Microsoft.SecurityInsights/Entities", - "kind": "SecurityAlert", - "properties": { - "systemAlertId": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", - "tactics": [], - "alertDisplayName": "myAlert", - "confidenceLevel": "Unknown", - "severity": "Low", - "vendorName": "Microsoft", - "productName": "Azure Security Center", - "alertType": "myAlert", - "processingEndTime": "2020-07-20T18:21:53.6158361Z", - "status": "New", - "endTimeUtc": "2020-07-20T18:21:53.6158361Z", - "startTimeUtc": "2020-07-20T18:21:53.6158361Z", - "timeGenerated": "2020-07-20T18:21:53.6158361Z", - "resourceIdentifiers": [ - { - "type": "LogAnalytics", - "workspaceId": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroup": "myRG" - } - ], - "additionalData": { - "AlertMessageEnqueueTime": "2020-07-20T18:21:57.304Z" - }, - "friendlyName": "myAlert" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetAllIncidentBookmarks.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetAllIncidentBookmarks.json deleted file mode 100644 index e8d5421a..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetAllIncidentBookmarks.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/afbd324f-6c48-459c-8710-8d1e1cd03812", - "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "type": "Microsoft.SecurityInsights/Entities", - "kind": "Bookmark", - "properties": { - "displayName": "SecurityEvent - 868f40f4698d", - "created": "2020-06-17T15:34:01.4265524+00:00", - "updated": "2020-06-17T15:34:01.4265524+00:00", - "createdBy": { - "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", - "email": "user@microsoft.com", - "name": "user" - }, - "updatedBy": { - "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", - "email": "user@microsoft.com", - "name": "user" - }, - "eventTime": "2020-06-17T15:34:01.4265524+00:00", - "labels": [], - "query": "SecurityEvent\r\n| take 1\n", - "queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}", - "additionalData": { - "ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", - "EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "friendlyName": "SecurityEvent - 868f40f4698d" - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/bbbd324f-6c48-459c-8710-8d1e1cd03812", - "name": "bbbd324f-6c48-459c-8710-8d1e1cd03812", - "type": "Microsoft.SecurityInsights/Entities", - "kind": "Bookmark", - "properties": { - "displayName": "SecurityEvent - 868f40f4698d", - "created": "2020-06-17T15:34:01.4265524+00:00", - "updated": "2020-06-17T15:34:01.4265524+00:00", - "createdBy": { - "objectId": "303ca914-5eb6-45e5-9417-fe0797c372fd", - "email": "user@microsoft.com", - "name": "user" - }, - "updatedBy": { - "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", - "email": "user@microsoft.com", - "name": "user" - }, - "eventTime": "2020-06-17T15:34:01.4265524+00:00", - "labels": [], - "query": "SecurityEvent\r\n| take 1\n", - "queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}", - "additionalData": { - "ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", - "EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "friendlyName": "SecurityEvent - 868f40f4698d" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidentById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidentById.json deleted file mode 100644 index 60d2581a..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidentById.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "assignedTo": "john doe" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "InaccurateData", - "status": "Closed", - "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentNumber": 3177, - "labels": [], - "providerName": "Azure Sentinel", - "providerIncidentId": "3177", - "relatedAnalyticRuleIds": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" - ], - "additionalData": { - "alertsCount": 0, - "bookmarksCount": 0, - "commentsCount": 3, - "alertProductNames": [], - "tactics": [ - "InitialAccess", - "Persistence" - ] - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidents.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidents.json deleted file mode 100644 index 2a3f27a0..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidents.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "$orderby": "properties/createdTimeUtc desc", - "$top": 1 - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "assignedTo": "john doe" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "IncorrectAlertLogic", - "status": "Closed", - "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentNumber": 3177, - "labels": [], - "providerName": "Azure Sentinel", - "providerIncidentId": "3177", - "relatedAnalyticRuleIds": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" - ], - "additionalData": { - "alertsCount": 0, - "bookmarksCount": 0, - "commentsCount": 3, - "alertProductNames": [], - "tactics": [ - "Persistence" - ] - } - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/CreateIncidentComment.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/CreateIncidentComment.json deleted file mode 100644 index 70c0f0bb..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/CreateIncidentComment.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "incidentComment": { - "properties": { - "message": "Some message" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/comments", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "message": "Some message", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", - "author": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/comments", - "etag": "190057d0-0000-0d00-0000-5c622adb0000", - "properties": { - "message": "Some message", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "author": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/DeleteIncidentComment.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/DeleteIncidentComment.json deleted file mode 100644 index 77d29e52..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/DeleteIncidentComment.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/GetAllIncidentComments.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/GetAllIncidentComments.json deleted file mode 100644 index b94e350a..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/GetAllIncidentComments.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/comments", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "message": "Some message", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", - "author": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - } - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/GetIncidentCommentById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/GetIncidentCommentById.json deleted file mode 100644 index 54e77267..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/comments/GetIncidentCommentById.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/comments", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "message": "Some message", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", - "author": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/entities/GetAllIncidentEntities.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/entities/GetAllIncidentEntities.json deleted file mode 100644 index 723c7f13..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/entities/GetAllIncidentEntities.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "responses": { - "200": { - "body": { - "entities": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", - "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "type": "Microsoft.SecurityInsights/Entities", - "kind": "Account", - "properties": { - "friendlyName": "administrator", - "accountName": "administrator", - "ntDomain": "domain" - } - } - ], - "metaData": [ - { - "entityKind": "Account", - "count": 1 - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/CreateIncidentRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/CreateIncidentRelation.json deleted file mode 100644 index b0f4b0f6..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/CreateIncidentRelation.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "relation": { - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/relations", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/relations", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/DeleteIncidentRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/DeleteIncidentRelation.json deleted file mode 100644 index 49a82ea4..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/DeleteIncidentRelation.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/GetAllIncidentRelations.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/GetAllIncidentRelations.json deleted file mode 100644 index 47fb4993..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/GetAllIncidentRelations.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/relations", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/9673a17d-8bc7-4ca6-88ee-38a4f3efc032", - "name": "9673a17d-8bc7-4ca6-88ee-38a4f3efc032", - "type": "Microsoft.SecurityInsights/incidents/relations", - "etag": "6f714025-dd7c-46aa-b5d0-b9857488d060", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/1dd267cd-8a1f-4f6f-b92c-da43ac8819af", - "relatedResourceName": "1dd267cd-8a1f-4f6f-b92c-da43ac8819af", - "relatedResourceType": "Microsoft.SecurityInsights/entities", - "relatedResourceKind": "SecurityAlert" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/GetIncidentRelationByName.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/GetIncidentRelationByName.json deleted file mode 100644 index cf5b863b..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/relations/GetIncidentRelationByName.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/relations", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/DeleteOfficeConsents.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/DeleteOfficeConsents.json deleted file mode 100644 index 91d4447f..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/DeleteOfficeConsents.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/GetOfficeConsents.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/GetOfficeConsents.json deleted file mode 100644 index 02c01221..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/GetOfficeConsents.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/officeConsents/04e5fd05-ff86-4b97-b8d2-1c20933cb46c", - "name": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", - "type": "Microsoft.SecurityInsights/officeConsents", - "properties": { - "tenantId": "5460b3d2-1e7b-4757-ad54-c858c7e3f252", - "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/GetOfficeConsentsById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/GetOfficeConsentsById.json deleted file mode 100644 index 90004231..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/officeConsents/GetOfficeConsentsById.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/officeConsents/04e5fd05-ff86-4b97-b8d2-1c20933cb46c", - "name": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", - "type": "Microsoft.SecurityInsights/officeConsents", - "properties": { - "tenantId": "5460b3d2-1e7b-4757-ad54-c858c7e3f252", - "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/DeleteEyesOnSetting.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/DeleteEyesOnSetting.json deleted file mode 100644 index 345b4494..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/DeleteEyesOnSetting.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "settingsName": "EyesOn" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/GetAllSettings.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/GetAllSettings.json deleted file mode 100644 index 1149edfc..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/GetAllSettings.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", - "name": "EyesOn", - "type": "Microsoft.SecurityInsights/settings", - "kind": "EyesOn", - "properties": { - "isEnabled": true - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/GetEyesOnSetting.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/GetEyesOnSetting.json deleted file mode 100644 index 0f31f01a..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/GetEyesOnSetting.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "settingsName": "EyesOn" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", - "name": "EyesOn", - "type": "Microsoft.SecurityInsights/settings", - "kind": "EyesOn", - "properties": { - "isEnabled": true - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/UpdateEyesOnSetting.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/UpdateEyesOnSetting.json deleted file mode 100644 index 6da0f3ed..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/settings/UpdateEyesOnSetting.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "settingsName": "EyesOn", - "settings": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "kind": "EyesOn", - "properties": {} - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", - "name": "EyesOn", - "type": "Microsoft.SecurityInsights/settings", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "kind": "EyesOn", - "properties": { - "isEnabled": true - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json deleted file mode 100644 index 8fa8ec5f..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", - "ThreatIntelligenceAppendTags": { - "threatIntelligenceTags": [ - "tag1", - "tag2" - ] - } - }, - "responses": { - "200": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json deleted file mode 100644 index 098d87df..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "properties": { - "lastUpdatedTimeUtc": "2020-09-01T19:44:44.117403Z", - "threatTypeMetrics": [ - { - "metricName": "compromised", - "metricValue": 20 - } - ], - "patternTypeMetrics": [ - { - "metricName": "url", - "metricValue": 20 - } - ], - "sourceMetrics": [ - { - "metricName": "Azure Sentinel", - "metricValue": 10315 - }, - { - "metricName": "zinga", - "metricValue": 2 - } - ] - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CreateThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CreateThreatIntelligence.json deleted file mode 100644 index 09b3d081..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CreateThreatIntelligence.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ThreatIntelligenceProperties": { - "kind": "indicator", - "properties": { - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "new schema" - ], - "displayName": "new schema", - "confidence": 78, - "createdByRef": "contoso@contoso.com", - "description": "debugging indicators", - "externalReferences": [], - "granularMarkings": [], - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "labels": [], - "modified": "", - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "revoked": false, - "validFrom": "2020-04-15T17:44:00.114052Z", - "validUntil": "" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", - "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", - "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 78, - "created": "2020-04-15T20:20:38.6160949Z", - "createdByRef": "contoso@contoso.com", - "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "new schema" - ], - "displayName": "new schema", - "description": "debugging indicators", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", - "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", - "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 78, - "created": "2020-04-15T20:20:38.6160949Z", - "createdByRef": "aztestConnectors@contoso.com", - "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "new schema" - ], - "displayName": "new schema", - "description": "debugging indicators", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json deleted file mode 100644 index e9f6856c..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/GetThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/GetThreatIntelligence.json deleted file mode 100644 index b207abfd..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/GetThreatIntelligence.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", - "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", - "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 90, - "created": "2020-04-15T20:11:57.9666134Z", - "createdByRef": "contoso@contoso.com", - "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T20:15:11.0746926Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "new schema" - ], - "displayName": "new schema 2", - "description": "debugging indicators", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z" - } - }, - { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", - "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", - "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 78, - "created": "2020-04-15T19:51:17.1050923Z", - "createdByRef": "contoso@contoso.com", - "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T20:15:11.074903Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "patching tags" - ], - "displayName": "updated indicator", - "description": "debugging indicators", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json deleted file mode 100644 index cefa9f4b..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", - "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", - "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 78, - "created": "2020-04-15T19:51:17.1050923Z", - "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", - "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T20:18:49.2259902Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "patching tags" - ], - "displayName": "updated indicator", - "description": "debugging indicators", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://abc.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/QueryThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/QueryThreatIntelligence.json deleted file mode 100644 index 5b36dd94..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/QueryThreatIntelligence.json +++ /dev/null @@ -1,108 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ThreatIntelligenceFilteringCriteria": { - "pageSize": 100, - "minConfidence": 25, - "maxConfidence": 80, - "minValidUntil": "2020-04-05T17:44:00.114052Z", - "maxValidUntil": "2020-04-25T17:44:00.114052Z", - "sources": [ - "Azure Sentinel" - ], - "sortBy": [ - { - "itemKey": "lastUpdatedTimeUtc", - "sortOrder": "descending" - } - ] - } - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", - "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", - "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 90, - "created": "2020-04-15T20:11:57.9666134Z", - "createdByRef": "contoso@contoso.com", - "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T20:15:11.0746926Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "new schema" - ], - "displayName": "new schema 2", - "description": "debugging indicators 2", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z", - "parsedPattern": [ - { - "patternTypeKey": "network-traffic", - "patternTypeValues": [ - { - "valueType": "0", - "value": "SSH-2.0-PuTTY_Release_0.64" - }, - { - "valueType": "1", - "value": "194.88.106.146" - } - ] - } - ] - } - }, - { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", - "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", - "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 78, - "created": "2020-04-15T19:51:17.1050923Z", - "createdByRef": "contoso@contoso.com", - "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T20:15:11.074903Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "patching tags" - ], - "displayName": "updated indicator", - "description": "debugging indicators", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json deleted file mode 100644 index e787f08b..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json +++ /dev/null @@ -1,53 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", - "ThreatIntelligenceReplaceTags": { - "etag": "\"0000262c-0000-0800-0000-5e9767060000\"", - "kind": "indicator", - "properties": { - "threatIntelligenceTags": [ - "patching tags" - ] - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", - "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", - "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 78, - "created": "2020-04-15T19:51:17.1050923Z", - "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", - "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T19:56:08.828946Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "patching tags" - ], - "displayName": "updated indicator", - "description": "debugging indicators", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://abc.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json deleted file mode 100644 index 0ccf1b9f..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json +++ /dev/null @@ -1,102 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", - "ThreatIntelligenceProperties": { - "kind": "indicator", - "properties": { - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "new schema" - ], - "displayName": "new schema", - "confidence": 78, - "createdByRef": "contoso@contoso.com", - "description": "debugging indicators", - "externalReferences": [], - "granularMarkings": [], - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "labels": [], - "modified": "", - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "revoked": false, - "validFrom": "2020-04-15T17:44:00.114052Z", - "validUntil": "" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", - "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", - "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 78, - "created": "2020-04-15T20:20:38.6160949Z", - "createdByRef": "contoso@contoso.com", - "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "new schema" - ], - "displayName": "new schema", - "description": "debugging indicators", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", - "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", - "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 78, - "created": "2020-04-15T20:20:38.6160949Z", - "createdByRef": "aztestConnectors@contoso.com", - "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "new schema" - ], - "displayName": "new schema", - "description": "debugging indicators", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlist.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlist.json deleted file mode 100644 index cf140d6b..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlist.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset", - "watchlist": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "displayName": "High Value Assets Watchlist", - "source": "Local file", - "provider": "Microsoft", - "description": "Watchlist from CSV content", - "numberOfLinesToSkip": 1, - "rawContent": "This line will be skipped\nheader1,header2\nvalue1,value2", - "contentType": "text/csv" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", - "name": "highValueAsset", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "type": "Microsoft.SecurityInsights/Watchlists", - "properties": { - "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", - "displayName": "High Value Assets Watchlist", - "provider": "Microsoft", - "source": "Local file", - "created": "2020-09-28T00:26:54.7746089+00:00", - "updated": "2020-09-28T00:26:57+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "description": "Watchlist from CSV content", - "watchlistType": "watchlist", - "watchlistAlias": "highValueAsset", - "isDeleted": false, - "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", - "name": "highValueAsset", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "type": "Microsoft.SecurityInsights/Watchlists", - "properties": { - "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", - "displayName": "High Value Assets Watchlist", - "provider": "Microsoft", - "source": "Local file", - "created": "2020-09-28T00:26:54.7746089+00:00", - "updated": "2020-09-28T00:26:57+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "description": "Watchlist from CSV content", - "watchlistType": "watchlist", - "watchlistAlias": "highValueAsset", - "isDeleted": false, - "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlistItem.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlistItem.json deleted file mode 100644 index 294fb55d..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlistItem.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset", - "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", - "watchlistItem": { - "etag": "0300bf09-0000-0000-0000-5c37296e0000", - "properties": { - "itemsKeyValue": { - "Gateway subnet": "10.0.255.224/27", - "Web Tier": "10.0.1.0/24", - "Business tier": "10.0.2.0/24", - "Data tier": "10.0.2.0/24", - "Private DMZ in": "10.0.0.0/27", - "Public DMZ out": "10.0.0.96/27" - } - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", - "etag": "0300bf09-0000-0000-0000-5c37296e0000", - "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", - "properties": { - "watchlistItemType": "watchlist-item", - "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", - "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", - "isDeleted": false, - "created": "2020-11-15T04:58:56.0748363+00:00", - "updated": "2020-11-16T16:05:20+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "itemsKeyValue": { - "Gateway subnet": "10.0.255.224/27", - "Web Tier": "10.0.1.0/24", - "Business tier": "10.0.2.0/24", - "Data tier": "10.0.2.0/24", - "Private DMZ in": "10.0.0.0/27", - "Public DMZ out": "10.0.0.96/27" - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", - "etag": "0300bf09-0000-0000-0000-5c37296e0000", - "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", - "properties": { - "watchlistItemType": "watchlist-item", - "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", - "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", - "isDeleted": false, - "created": "2020-11-15T04:58:56.0748363+00:00", - "updated": "2020-11-16T16:05:20+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "itemsKeyValue": { - "Gateway subnet": "10.0.255.224/27", - "Web Tier": "10.0.1.0/24", - "Business tier": "10.0.2.0/24", - "Data tier": "10.0.2.0/24", - "Private DMZ in": "10.0.0.0/27", - "Public DMZ out": "10.0.0.96/27" - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlist.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlist.json deleted file mode 100644 index 9ee1aed0..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlist.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlistItem.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlistItem.json deleted file mode 100644 index dcdd676c..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlistItem.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset", - "watchlistItemId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistByAlias.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistByAlias.json deleted file mode 100644 index f697357b..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistByAlias.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", - "name": "highValueAsset", - "type": "Microsoft.SecurityInsights/Watchlists", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", - "displayName": "High Value Assets Watchlist", - "provider": "Microsoft", - "source": "Local file", - "created": "2020-09-28T00:26:54.7746089+00:00", - "updated": "2020-09-28T00:26:57+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "description": "Watchlist from CSV content", - "watchlistType": "watchlist", - "watchlistAlias": "highValueAsset", - "isDeleted": false, - "labels": [ - "Tag1", - "Tag2" - ], - "defaultDuration": "P1279DT12H30M5S", - "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistItemById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistItemById.json deleted file mode 100644 index 97a74265..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistItemById.json +++ /dev/null @@ -1,47 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "watchlistAlias": "highValueAsset", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistItemId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", - "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", - "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", - "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", - "properties": { - "watchlistItemType": "watchlist-item", - "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", - "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", - "isDeleted": false, - "created": "2021-02-04T12:27:32.3783333-08:00", - "updated": "2021-02-04T12:27:32.3783333-08:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "itemsKeyValue": { - "Header-1": "v1_1", - "Header-2": "v1_2", - "Header-3": "v1_3", - "Header-4": "v1_4", - "Header-5": "v1_5" - }, - "entityMapping": {} - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistItems.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistItems.json deleted file mode 100644 index 65306acc..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlistItems.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", - "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", - "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", - "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", - "properties": { - "watchlistItemType": "watchlist-item", - "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", - "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", - "isDeleted": false, - "created": "2021-02-04T12:27:32.3783333-08:00", - "updated": "2021-02-04T12:27:32.3783333-08:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "itemsKeyValue": { - "Header-1": "v1_1", - "Header-2": "v1_2", - "Header-3": "v1_3", - "Header-4": "v1_4", - "Header-5": "v1_5" - }, - "entityMapping": {} - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlists.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlists.json deleted file mode 100644 index b1020c26..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/GetWatchlists.json +++ /dev/null @@ -1,51 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", - "name": "highValueAsset", - "type": "Microsoft.SecurityInsights/Watchlists", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", - "displayName": "High Value Assets Watchlist", - "provider": "Microsoft", - "source": "Local file", - "created": "2020-09-28T00:26:54.7746089+00:00", - "updated": "2020-09-28T00:26:57+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "description": "Watchlist from CSV content", - "watchlistType": "watchlist", - "watchlistAlias": "highValueAsset", - "isDeleted": false, - "labels": [ - "Tag1", - "Tag2" - ], - "defaultDuration": "P1279DT12H30M5S", - "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/CreateActionOfAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/CreateActionOfAlertRule.json deleted file mode 100644 index 70983078..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/CreateActionOfAlertRule.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "action": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "triggerUri": "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", - "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "type": "Microsoft.SecurityInsights/alertRules/actions", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "workflowId": "cd3765391efd48549fd7681ded1d48d7", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", - "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "type": "Microsoft.SecurityInsights/alertRules/actions", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "workflowId": "cd3765391efd48549fd7681ded1d48d7", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/DeleteActionOfAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/DeleteActionOfAlertRule.json deleted file mode 100644 index af1bd0d0..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/DeleteActionOfAlertRule.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/GetActionOfAlertRuleById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/GetActionOfAlertRuleById.json deleted file mode 100644 index 4501f69a..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/GetActionOfAlertRuleById.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", - "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "type": "Microsoft.SecurityInsights/alertRules/actions", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "workflowId": "cd3765391efd48549fd7681ded1d48d7", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/GetAllActionsByAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/GetAllActionsByAlertRule.json deleted file mode 100644 index f6e415ce..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/actions/GetAllActionsByAlertRule.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", - "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "type": "Microsoft.SecurityInsights/alertRules/actions", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "workflowId": "cd3765391efd48549fd7681ded1d48d7", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json deleted file mode 100644 index 3104c570..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "alertRuleTemplateId": "65360bb0-8986-4ade-a89d-af3cf44d28aa" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", - "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "kind": "Scheduled", - "properties": { - "severity": "Low", - "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", - "queryFrequency": "P1D", - "queryPeriod": "P1D", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "displayName": "Changes to Amazon VPC settings", - "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "tactics": [ - "PrivilegeEscalation", - "LateralMovement" - ], - "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", - "createdDateUTC": "2019-02-27T00:00:00Z", - "status": "Available", - "requiredDataConnectors": [ - { - "connectorId": "AWS", - "dataTypes": [ - "AWSCloudTrail" - ] - } - ], - "alertRulesCreatedByTemplateCount": 0 - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json deleted file mode 100644 index f974891b..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", - "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "kind": "Scheduled", - "properties": { - "severity": "Low", - "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", - "queryFrequency": "P1D", - "queryPeriod": "P1D", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "displayName": "Changes to Amazon VPC settings", - "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", - "tactics": [ - "PrivilegeEscalation", - "LateralMovement" - ], - "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", - "createdDateUTC": "2019-02-27T00:00:00Z", - "status": "Available", - "requiredDataConnectors": [ - { - "connectorId": "AWS", - "dataTypes": [ - "AWSCloudTrail" - ] - } - ], - "alertRulesCreatedByTemplateCount": 0 - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/f71aba3d-28fb-450b-b192-4e76a83015c8", - "name": "f71aba3d-28fb-450b-b192-4e76a83015c8", - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "kind": "Fusion", - "properties": { - "displayName": "Advanced Multi-Stage Attack Detection", - "description": "Place holder: Fusion uses graph powered machine learning algorithms to correlate between millions of lower fidelity anomalous activities from different products such as Azure AD Identity Protection, and Microsoft Cloud App Security, to combine them into a manageable number of interesting security cases.\n", - "tactics": [ - "Persistence", - "LateralMovement", - "Exfiltration", - "CommandAndControl" - ], - "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", - "createdDateUTC": "2019-07-25T00:00:00Z", - "status": "Available", - "severity": "High", - "alertRulesCreatedByTemplateCount": 0 - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/b3cfc7c0-092c-481c-a55b-34a3979758cb", - "name": "b3cfc7c0-092c-481c-a55b-34a3979758cb", - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "kind": "MicrosoftSecurityIncidentCreation", - "properties": { - "productFilter": "Microsoft Cloud App Security", - "displayName": "Create incidents based on Microsoft Cloud App Security alerts", - "description": "Create incidents based on all alerts generated in Microsoft Cloud App Security", - "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", - "createdDateUTC": "2019-07-16T00:00:00Z", - "status": "Available", - "alertRulesCreatedByTemplateCount": 0 - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateFusionAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateFusionAlertRule.json deleted file mode 100644 index b07ed1bd..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateFusionAlertRule.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "myFirstFusionRule", - "alertRule": { - "kind": "Fusion", - "etag": "3d00c3ca-0000-0100-0000-5d42d5010000", - "properties": { - "enabled": true, - "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", - "name": "myFirstFusionRule", - "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Fusion", - "properties": { - "displayName": "Advanced Multi-Stage Attack Detection", - "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", - "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", - "tactics": [ - "Persistence", - "LateralMovement", - "Exfiltration", - "CommandAndControl" - ], - "severity": "High", - "enabled": true, - "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", - "name": "myFirstFusionRule", - "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Fusion", - "properties": { - "displayName": "Advanced Multi-Stage Attack Detection", - "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", - "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", - "tactics": [ - "Persistence", - "LateralMovement", - "Exfiltration", - "CommandAndControl" - ], - "severity": "High", - "enabled": true, - "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json deleted file mode 100644 index 2115f91f..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "microsoftSecurityIncidentCreationRuleExample", - "alertRule": { - "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", - "kind": "MicrosoftSecurityIncidentCreation", - "properties": { - "productFilter": "Microsoft Cloud App Security", - "displayName": "testing displayname", - "enabled": true - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", - "name": "microsoftSecurityIncidentCreationRuleExample", - "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "MicrosoftSecurityIncidentCreation", - "properties": { - "productFilter": "Microsoft Cloud App Security", - "severitiesFilter": null, - "displayNamesFilter": null, - "displayName": "testing displayname", - "enabled": true, - "description": null, - "alertRuleTemplateName": null, - "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", - "name": "microsoftSecurityIncidentCreationRuleExample", - "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "MicrosoftSecurityIncidentCreation", - "properties": { - "productFilter": "Microsoft Cloud App Security", - "severitiesFilter": null, - "displayNamesFilter": null, - "displayName": "testing displayname", - "enabled": true, - "description": null, - "alertRuleTemplateName": null, - "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateScheduledAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateScheduledAlertRule.json deleted file mode 100644 index 1d10486d..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/CreateScheduledAlertRule.json +++ /dev/null @@ -1,240 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "alertRule": { - "kind": "Scheduled", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "displayName": "My scheduled rule", - "description": "An example for a scheduled rule", - "severity": "High", - "enabled": true, - "tactics": [ - "Persistence", - "LateralMovement" - ], - "query": "Heartbeat", - "queryFrequency": "PT1H", - "queryPeriod": "P2DT1H30M", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "customDetails": { - "OperatingSystemName": "OSName", - "OperatingSystemType": "OSType" - }, - "entityMappings": [ - { - "entityType": "Host", - "fieldMappings": [ - { - "identifier": "FullName", - "columnName": "Computer" - } - ] - }, - { - "entityType": "IP", - "fieldMappings": [ - { - "identifier": "Address", - "columnName": "ComputerIP" - } - ] - } - ], - "alertDetailsOverride": { - "alertDisplayNameFormat": "Alert from {{Computer}}", - "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}" - }, - "incidentConfiguration": { - "createIncident": true, - "groupingConfiguration": { - "enabled": true, - "reopenClosedIncident": false, - "lookbackDuration": "PT5H", - "matchingMethod": "Selected", - "groupByEntities": [ - "Host" - ], - "groupByAlertDetails": [ - "DisplayName" - ], - "groupByCustomDetails": [ - "OperatingSystemType", - "OperatingSystemName" - ] - } - } - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Scheduled", - "etag": "\"01005144-0000-0d00-0000-6058632c0000\"", - "properties": { - "alertRuleTemplateName": null, - "displayName": "My scheduled rule", - "description": "An example for a scheduled rule", - "severity": "High", - "enabled": true, - "tactics": [ - "Persistence", - "LateralMovement" - ], - "query": "Heartbeat", - "queryFrequency": "PT1H", - "queryPeriod": "P2DT1H30M", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "lastModifiedUtc": "2021-03-01T13:17:30Z", - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "customDetails": { - "OperatingSystemName": "OSName", - "OperatingSystemType": "OSType" - }, - "entityMappings": [ - { - "entityType": "Host", - "fieldMappings": [ - { - "identifier": "FullName", - "columnName": "Computer" - } - ] - }, - { - "entityType": "IP", - "fieldMappings": [ - { - "identifier": "Address", - "columnName": "ComputerIP" - } - ] - } - ], - "alertDetailsOverride": { - "alertDisplayNameFormat": "Alert from {{Computer}}", - "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", - "alertTacticsColumnName": null, - "alertSeverityColumnName": null - }, - "incidentConfiguration": { - "createIncident": true, - "groupingConfiguration": { - "enabled": true, - "reopenClosedIncident": false, - "lookbackDuration": "PT5H", - "matchingMethod": "Selected", - "groupByEntities": [ - "Host" - ], - "groupByAlertDetails": [ - "DisplayName" - ], - "groupByCustomDetails": [ - "OperatingSystemType", - "OperatingSystemName" - ] - } - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Scheduled", - "etag": "\"01007444-0000-0d00-0000-605863a70000\"", - "properties": { - "alertRuleTemplateName": null, - "displayName": "My scheduled rule", - "description": "An example for a scheduled rule", - "severity": "High", - "enabled": true, - "tactics": [ - "Persistence", - "LateralMovement" - ], - "query": "Heartbeat", - "queryFrequency": "PT1H", - "queryPeriod": "P2DT1H30M", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "lastModifiedUtc": "2021-03-01T13:15:30Z", - "customDetails": { - "OperatingSystemName": "OSName", - "OperatingSystemType": "OSType" - }, - "entityMappings": [ - { - "entityType": "Host", - "fieldMappings": [ - { - "identifier": "FullName", - "columnName": "Computer" - } - ] - }, - { - "entityType": "IP", - "fieldMappings": [ - { - "identifier": "Address", - "columnName": "ComputerIP" - } - ] - } - ], - "alertDetailsOverride": { - "alertDisplayNameFormat": "Alert from {{Computer}}", - "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", - "alertTacticsColumnName": null, - "alertSeverityColumnName": null - }, - "incidentConfiguration": { - "createIncident": true, - "groupingConfiguration": { - "enabled": true, - "reopenClosedIncident": false, - "lookbackDuration": "PT5H", - "matchingMethod": "Selected", - "groupByEntities": [ - "Host" - ], - "groupByAlertDetails": [ - "DisplayName" - ], - "groupByCustomDetails": [ - "OperatingSystemType", - "OperatingSystemName" - ] - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/DeleteAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/DeleteAlertRule.json deleted file mode 100644 index f86985a8..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/DeleteAlertRule.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetAllAlertRules.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetAllAlertRules.json deleted file mode 100644 index 5b60a159..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetAllAlertRules.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Scheduled", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "alertRuleTemplateName": null, - "displayName": "My scheduled rule", - "description": "An example for a scheduled rule", - "severity": "High", - "enabled": true, - "tactics": [ - "Persistence", - "LateralMovement" - ], - "query": "Heartbeat", - "queryFrequency": "PT1H", - "queryPeriod": "P2DT1H30M", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "lastModifiedUtc": "2021-03-01T13:17:30Z", - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "customDetails": { - "OperatingSystemName": "OSName", - "OperatingSystemType": "OSType" - }, - "entityMappings": [ - { - "entityType": "Host", - "fieldMappings": [ - { - "identifier": "FullName", - "columnName": "Computer" - } - ] - }, - { - "entityType": "IP", - "fieldMappings": [ - { - "identifier": "Address", - "columnName": "ComputerIP" - } - ] - } - ], - "alertDetailsOverride": { - "alertDisplayNameFormat": "Alert from {{Computer}}", - "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", - "alertTacticsColumnName": null, - "alertSeverityColumnName": null - }, - "incidentConfiguration": { - "createIncident": true, - "groupingConfiguration": { - "enabled": true, - "reopenClosedIncident": false, - "lookbackDuration": "PT5H", - "matchingMethod": "Selected", - "groupByEntities": [ - "Host" - ], - "groupByAlertDetails": [ - "DisplayName" - ], - "groupByCustomDetails": [ - "OperatingSystemType", - "OperatingSystemName" - ] - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", - "name": "microsoftSecurityIncidentCreationRuleExample", - "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "MicrosoftSecurityIncidentCreation", - "properties": { - "productFilter": "Microsoft Cloud App Security", - "severitiesFilter": null, - "displayNamesFilter": null, - "displayName": "testing displayname", - "enabled": true, - "description": null, - "alertRuleTemplateName": null, - "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", - "name": "myFirstFusionRule", - "etag": "\"25005c11-0000-0d00-0000-5d6cc0e20000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Fusion", - "properties": { - "displayName": "Advanced Multi-Stage Attack Detection", - "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", - "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", - "tactics": [ - "Persistence", - "LateralMovement", - "Exfiltration", - "CommandAndControl" - ], - "severity": "High", - "enabled": false, - "lastModifiedUtc": "2019-09-02T07:12:34.9065092Z" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetFusionAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetFusionAlertRule.json deleted file mode 100644 index b98ea0d7..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetFusionAlertRule.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "ruleId": "myFirstFusionRule" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", - "name": "myFirstFusionRule", - "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Fusion", - "properties": { - "displayName": "Advanced Multi-Stage Attack Detection", - "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", - "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", - "tactics": [ - "Persistence", - "LateralMovement", - "Exfiltration", - "CommandAndControl" - ], - "severity": "High", - "enabled": true, - "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json deleted file mode 100644 index cadcb475..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "ruleId": "microsoftSecurityIncidentCreationRuleExample" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", - "name": "microsoftSecurityIncidentCreationRuleExample", - "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "MicrosoftSecurityIncidentCreation", - "properties": { - "productFilter": "Microsoft Cloud App Security", - "severitiesFilter": null, - "displayNamesFilter": null, - "displayName": "testing displayname", - "enabled": true, - "description": null, - "alertRuleTemplateName": null, - "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetScheduledAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetScheduledAlertRule.json deleted file mode 100644 index f92241e9..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/alertRules/GetScheduledAlertRule.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Scheduled", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "alertRuleTemplateName": null, - "displayName": "My scheduled rule", - "description": "An example for a scheduled rule", - "severity": "High", - "enabled": true, - "tactics": [ - "Persistence", - "LateralMovement" - ], - "query": "Heartbeat", - "queryFrequency": "PT1H", - "queryPeriod": "P2DT1H30M", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "lastModifiedUtc": "2021-03-01T13:17:30Z", - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "customDetails": { - "OperatingSystemName": "OSName", - "OperatingSystemType": "OSType" - }, - "entityMappings": [ - { - "entityType": "Host", - "fieldMappings": [ - { - "identifier": "FullName", - "columnName": "Computer" - } - ] - }, - { - "entityType": "IP", - "fieldMappings": [ - { - "identifier": "Address", - "columnName": "ComputerIP" - } - ] - } - ], - "alertDetailsOverride": { - "alertDisplayNameFormat": "Alert from {{Computer}}", - "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", - "alertTacticsColumnName": null, - "alertSeverityColumnName": null - }, - "incidentConfiguration": { - "createIncident": true, - "groupingConfiguration": { - "enabled": true, - "reopenClosedIncident": false, - "lookbackDuration": "PT5H", - "matchingMethod": "Selected", - "groupByEntities": [ - "Host" - ], - "groupByAlertDetails": [ - "DisplayName" - ], - "groupByCustomDetails": [ - "OperatingSystemType", - "OperatingSystemName" - ] - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json deleted file mode 100644 index e93f2f48..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512", - "dataConnector": { - "kind": "Dynamics365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "dynamics365CdsActivities": { - "state": "Enabled" - } - } - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Dynamics365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "dynamics365CdsActivities": { - "state": "Enabled" - } - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Dynamics365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "dynamics365CdsActivities": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateGenericUI.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateGenericUI.json deleted file mode 100644 index a99de411..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateGenericUI.json +++ /dev/null @@ -1,438 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", - "dataConnector": { - "kind": "GenericUI", - "properties": { - "connectorUiConfig": { - "title": "Qualys Vulnerability Management (CCP DEMO)", - "publisher": "Qualys", - "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", - "graphQueriesTableName": "QualysHostDetection_CL", - "graphQueries": [ - { - "metricName": "Total data received", - "legend": "{{graphQueriesTableName}}", - "baseQuery": "{{graphQueriesTableName}}" - } - ], - "sampleQueries": [ - { - "description": "Top 10 Vulerabilities detected", - "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" - } - ], - "dataTypes": [ - { - "name": "{{graphQueriesTableName}}", - "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - } - ], - "availability": { - "status": 1, - "isPreview": true - }, - "connectivityCriteria": [ - { - "type": "IsConnectedQuery", - "value": [ - "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - } - ], - "permissions": { - "resourceProvider": [ - { - "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "read and write permissions on the workspace are required.", - "providerDisplayName": "Workspace", - "scope": "Workspace", - "requiredPermissions": { - "write": true, - "read": true, - "delete": true - } - }, - { - "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", - "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", - "providerDisplayName": "Keys", - "scope": "Workspace", - "requiredPermissions": { - "action": true - } - } - ], - "customs": [ - { - "name": "Microsoft.Web/sites permissions", - "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." - }, - { - "name": "Qualys API Key", - "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." - } - ] - }, - "instructionSteps": [ - { - "title": "", - "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." - }, - { - "title": "", - "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." - }, - { - "title": "", - "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." - }, - { - "title": "", - "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", - "instructions": [ - { - "parameters": { - "fillWith": [ - "WorkspaceId" - ], - "label": "Workspace ID" - }, - "type": "CopyableLabel" - }, - { - "parameters": { - "fillWith": [ - "PrimaryKey" - ], - "label": "Primary Key" - }, - "type": "CopyableLabel" - } - ] - }, - { - "title": "Option 1 - Azure Resource Manager (ARM) Template", - "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." - }, - { - "title": "Option 2 - Manual Deployment of Azure Functions", - "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." - }, - { - "title": "", - "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." - }, - { - "title": "", - "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." - }, - { - "title": "", - "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." - }, - { - "title": "", - "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" - } - ] - } - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", - "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", - "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "GenericUI", - "properties": { - "connectorUiConfig": { - "title": "Qualys Vulnerability Management (CCP DEMO)", - "publisher": "Qualys", - "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", - "graphQueriesTableName": "QualysHostDetection_CL", - "graphQueries": [ - { - "metricName": "Total data received", - "legend": "{{graphQueriesTableName}}", - "baseQuery": "{{graphQueriesTableName}}" - } - ], - "sampleQueries": [ - { - "description": "Top 10 Vulerabilities detected", - "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" - } - ], - "dataTypes": [ - { - "name": "{{graphQueriesTableName}}", - "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - } - ], - "connectivityCriteria": [ - { - "type": "IsConnectedQuery", - "value": [ - "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - } - ], - "availability": { - "status": 1, - "isPreview": true - }, - "permissions": { - "resourceProvider": [ - { - "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "read and write permissions on the workspace are required.", - "providerDisplayName": "Workspace", - "scope": "Workspace", - "requiredPermissions": { - "write": true, - "read": true, - "delete": true - } - }, - { - "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", - "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", - "providerDisplayName": "Keys", - "scope": "Workspace", - "requiredPermissions": { - "action": true - } - } - ], - "customs": [ - { - "name": "Microsoft.Web/sites permissions", - "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." - }, - { - "name": "Qualys API Key", - "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." - } - ] - }, - "instructionSteps": [ - { - "title": "", - "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." - }, - { - "title": "", - "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." - }, - { - "title": "", - "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." - }, - { - "title": "", - "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", - "instructions": [ - { - "parameters": { - "fillWith": [ - "WorkspaceId" - ], - "label": "Workspace ID" - }, - "type": "CopyableLabel" - }, - { - "parameters": { - "fillWith": [ - "PrimaryKey" - ], - "label": "Primary Key" - }, - "type": "CopyableLabel" - } - ] - }, - { - "title": "Option 1 - Azure Resource Manager (ARM) Template", - "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." - }, - { - "title": "Option 2 - Manual Deployment of Azure Functions", - "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." - }, - { - "title": "", - "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." - }, - { - "title": "", - "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." - }, - { - "title": "", - "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." - }, - { - "title": "", - "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" - } - ] - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", - "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", - "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "GenericUI", - "properties": { - "connectorUiConfig": { - "title": "Qualys Vulnerability Management (CCP DEMO)", - "publisher": "Qualys", - "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", - "graphQueriesTableName": "QualysHostDetection_CL", - "graphQueries": [ - { - "metricName": "Total data received", - "legend": "{{graphQueriesTableName}}", - "baseQuery": "{{graphQueriesTableName}}" - } - ], - "sampleQueries": [ - { - "description": "Top 10 Vulerabilities detected", - "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" - } - ], - "dataTypes": [ - { - "name": "{{graphQueriesTableName}}", - "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - } - ], - "connectivityCriteria": [ - { - "type": "IsConnectedQuery", - "value": [ - "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - } - ], - "availability": { - "status": 1, - "isPreview": true - }, - "permissions": { - "resourceProvider": [ - { - "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "read and write permissions on the workspace are required.", - "providerDisplayName": "Workspace", - "scope": "Workspace", - "requiredPermissions": { - "write": true, - "read": true, - "delete": true - } - }, - { - "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", - "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", - "providerDisplayName": "Keys", - "scope": "Workspace", - "requiredPermissions": { - "action": true - } - } - ], - "customs": [ - { - "name": "Microsoft.Web/sites permissions", - "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." - }, - { - "name": "Qualys API Key", - "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." - } - ] - }, - "instructionSteps": [ - { - "title": "", - "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." - }, - { - "title": "", - "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." - }, - { - "title": "", - "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." - }, - { - "title": "", - "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", - "instructions": [ - { - "parameters": { - "fillWith": [ - "WorkspaceId" - ], - "label": "Workspace ID" - }, - "type": "CopyableLabel" - }, - { - "parameters": { - "fillWith": [ - "PrimaryKey" - ], - "label": "Primary Key" - }, - "type": "CopyableLabel" - } - ] - }, - { - "title": "Option 1 - Azure Resource Manager (ARM) Template", - "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." - }, - { - "title": "Option 2 - Manual Deployment of Azure Functions", - "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." - }, - { - "title": "", - "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." - }, - { - "title": "", - "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." - }, - { - "title": "", - "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." - }, - { - "title": "", - "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" - } - ] - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json deleted file mode 100644 index 4f3e9abe..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json +++ /dev/null @@ -1,76 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "dataConnector": { - "kind": "Office365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "sharePoint": { - "state": "Enabled" - }, - "exchange": { - "state": "Enabled" - }, - "teams": { - "state": "Enabled" - } - } - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Office365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "sharePoint": { - "state": "Enabled" - }, - "exchange": { - "state": "Enabled" - }, - "teams": { - "state": "Enabled" - } - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Office365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "sharePoint": { - "state": "Enabled" - }, - "exchange": { - "state": "Enabled" - }, - "teams": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json deleted file mode 100644 index e80e83a2..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "dataConnector": { - "kind": "ThreatIntelligence", - "properties": { - "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", - "dataTypes": { - "indicators": { - "state": "Enabled" - } - } - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "ThreatIntelligence", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", - "dataTypes": { - "indicators": { - "state": "Enabled" - } - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "ThreatIntelligence", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", - "dataTypes": { - "indicators": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json deleted file mode 100644 index 32042fc3..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "dataConnector": { - "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", - "kind": "ThreatIntelligenceTaxii", - "properties": { - "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", - "collectionId": "135", - "workspaceId": "dd124572-4962-4495-9bd2-9dade12314b4", - "friendlyName": "testTaxii", - "userName": "--", - "password": "--", - "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", - "pollingFrequency": "OnceADay", - "dataTypes": { - "taxiiClient": { - "state": "Enabled" - } - } - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", - "kind": "ThreatIntelligenceTaxii", - "properties": { - "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", - "collectionId": "135", - "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871", - "friendlyName": "testTaxii", - "userName": null, - "password": null, - "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", - "pollingFrequency": "OnceADay", - "dataTypes": { - "taxiiClient": { - "state": "Enabled" - } - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", - "kind": "ThreatIntelligenceTaxii", - "properties": { - "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", - "collectionId": "135", - "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871", - "friendlyName": "testTaxii", - "userName": null, - "password": null, - "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", - "pollingFrequency": "OnceADay", - "dataTypes": { - "taxiiClient": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/DeleteGenericUI.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/DeleteGenericUI.json deleted file mode 100644 index 5e8dda49..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/DeleteGenericUI.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json deleted file mode 100644 index 499e3c81..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json deleted file mode 100644 index 1fcae507..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", - "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", - "type": "Microsoft.SecurityInsights/dataConnectors", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "kind": "AmazonWebServicesCloudTrail", - "properties": { - "awsRoleArn": "myAwsRoleArn", - "dataTypes": { - "logs": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json deleted file mode 100644 index 965eabf0..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", - "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "AzureActiveDirectory", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json deleted file mode 100644 index 3c45b6a7..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "07e42cb3-e658-4e90-801c-efa0f29d3d44" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", - "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "AzureAdvancedThreatProtection", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json deleted file mode 100644 index 79aecf3b..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", - "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "AzureSecurityCenter", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetDataConnectors.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetDataConnectors.json deleted file mode 100644 index b76e74db..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetDataConnectors.json +++ /dev/null @@ -1,341 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", - "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "AzureSecurityCenter", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", - "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "ThreatIntelligence", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "indicators": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652", - "name": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "ThreatIntelligenceTaxii", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "workspaceId": "8b014a77-4695-4ef4-96bb-6623afb121a2", - "friendlyName": "My TI Taxii Connector", - "taxiiServer": "https://mytaxiiserver.com/taxiing/v2/api", - "collectionId": "e0b1f32d-1188-48f7-a7a3-de71924e4b5e", - "userName": "", - "password": "", - "pollingFrequency": "OnceAMinute", - "dataTypes": { - "taxiiClient": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", - "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "AzureActiveDirectory", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Office365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "sharePoint": { - "state": "Enabled" - }, - "exchange": { - "state": "Enabled" - }, - "teams": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", - "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "MicrosoftCloudAppSecurity", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - }, - "discoveryLogs": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", - "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "AzureAdvancedThreatProtection", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", - "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", - "type": "Microsoft.SecurityInsights/dataConnectors", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "kind": "AmazonWebServicesCloudTrail", - "properties": { - "awsRoleArn": "myAwsRoleArn", - "dataTypes": { - "logs": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "MicrosoftDefenderAdvancedThreatProtection", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", - "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "OfficeATP", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", - "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Dynamics365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "dynamics365CdsActivities": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", - "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", - "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "GenericUI", - "properties": { - "connectorUiConfig": { - "title": "Qualys Vulnerability Management (CCP DEMO)", - "publisher": "Qualys", - "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", - "customImage": "The image connector content", - "graphQueriesTableName": "QualysHostDetection_CL", - "graphQueries": [ - { - "metricName": "Total data received", - "legend": "{{graphQueriesTableName}}", - "baseQuery": "{{graphQueriesTableName}}" - } - ], - "sampleQueries": [ - { - "description": "Top 10 Vulerabilities detected", - "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" - } - ], - "dataTypes": [ - { - "name": "{{graphQueriesTableName}}", - "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - } - ], - "connectivityCriteria": [ - { - "type": "IsConnectedQuery", - "value": [ - "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - } - ], - "availability": { - "status": 1, - "isPreview": true - }, - "permissions": { - "resourceProvider": [ - { - "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "read and write permissions on the workspace are required.", - "providerDisplayName": "Workspace", - "scope": "Workspace", - "requiredPermissions": { - "write": true, - "read": true, - "delete": true - } - }, - { - "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", - "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", - "providerDisplayName": "Keys", - "scope": "Workspace", - "requiredPermissions": { - "action": true - } - } - ], - "customs": [ - { - "name": "Microsoft.Web/sites permissions", - "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." - }, - { - "name": "Qualys API Key", - "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." - } - ] - }, - "instructionSteps": [ - { - "title": "", - "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." - }, - { - "title": "", - "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." - }, - { - "title": "", - "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." - }, - { - "title": "", - "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", - "instructions": [ - { - "parameters": { - "fillWith": [ - "WorkspaceId" - ], - "label": "Workspace ID" - }, - "type": "CopyableLabel" - }, - { - "parameters": { - "fillWith": [ - "PrimaryKey" - ], - "label": "Primary Key" - }, - "type": "CopyableLabel" - } - ] - }, - { - "title": "Option 1 - Azure Resource Manager (ARM) Template", - "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." - }, - { - "title": "Option 2 - Manual Deployment of Azure Functions", - "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." - }, - { - "title": "", - "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." - }, - { - "title": "", - "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." - }, - { - "title": "", - "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." - }, - { - "title": "", - "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" - } - ] - } - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json deleted file mode 100644 index b56379df..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", - "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Dynamics365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "dynamics365CdsActivities": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetGenericUI.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetGenericUI.json deleted file mode 100644 index 8fde364a..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetGenericUI.json +++ /dev/null @@ -1,157 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", - "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", - "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "GenericUI", - "properties": { - "connectorUiConfig": { - "title": "Qualys Vulnerability Management (CCP DEMO)", - "publisher": "Qualys", - "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", - "customImage": "The image connector content", - "graphQueriesTableName": "QualysHostDetection_CL", - "graphQueries": [ - { - "metricName": "Total data received", - "legend": "{{graphQueriesTableName}}", - "baseQuery": "{{graphQueriesTableName}}" - } - ], - "sampleQueries": [ - { - "description": "Top 10 Vulerabilities detected", - "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" - } - ], - "dataTypes": [ - { - "name": "{{graphQueriesTableName}}", - "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - } - ], - "connectivityCriteria": [ - { - "type": "IsConnectedQuery", - "value": [ - "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - } - ], - "availability": { - "status": 1, - "isPreview": true - }, - "permissions": { - "resourceProvider": [ - { - "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "read and write permissions on the workspace are required.", - "providerDisplayName": "Workspace", - "scope": "Workspace", - "requiredPermissions": { - "write": true, - "read": true, - "delete": true - } - }, - { - "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", - "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", - "providerDisplayName": "Keys", - "scope": "Workspace", - "requiredPermissions": { - "action": true - } - } - ], - "customs": [ - { - "name": "Microsoft.Web/sites permissions", - "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." - }, - { - "name": "Qualys API Key", - "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." - } - ] - }, - "instructionSteps": [ - { - "title": "", - "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." - }, - { - "title": "", - "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." - }, - { - "title": "", - "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." - }, - { - "title": "", - "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", - "instructions": [ - { - "parameters": { - "fillWith": [ - "WorkspaceId" - ], - "label": "Workspace ID" - }, - "type": "CopyableLabel" - }, - { - "parameters": { - "fillWith": [ - "PrimaryKey" - ], - "label": "Primary Key" - }, - "type": "CopyableLabel" - } - ] - }, - { - "title": "Option 1 - Azure Resource Manager (ARM) Template", - "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." - }, - { - "title": "Option 2 - Manual Deployment of Azure Functions", - "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." - }, - { - "title": "", - "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." - }, - { - "title": "", - "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." - }, - { - "title": "", - "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." - }, - { - "title": "", - "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" - } - ] - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json deleted file mode 100644 index 1ceb73dd..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "b96d014d-b5c2-4a01-9aba-a8058f629d42" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", - "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "MicrosoftCloudAppSecurity", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - }, - "discoveryLogs": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json deleted file mode 100644 index b057f538..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "MicrosoftDefenderAdvancedThreatProtection", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json deleted file mode 100644 index 8ef8b6f8..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", - "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "MicrosoftThreatIntelligence", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "bingSafetyPhishingURL": { - "state": "Enabled", - "lookbackPeriod": "example ??" - }, - "microsoftEmergingThreatFeed": { - "state": "Enabled", - "lookbackPeriod": "example" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json deleted file mode 100644 index 5b5bf817..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", - "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "MicrosoftThreatProtection", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "incidents": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json deleted file mode 100644 index 5688997c..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "3d3e955e-33eb-401d-89a7-251c81ddd660" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", - "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "OfficeATP", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json deleted file mode 100644 index 25bfdbd3..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Office365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "sharePoint": { - "state": "Enabled" - }, - "exchange": { - "state": "Enabled" - }, - "teams": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json deleted file mode 100644 index 9671cc9a..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", - "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "ThreatIntelligence", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", - "dataTypes": { - "indicators": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json deleted file mode 100644 index f3a8ae0f..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "c39bb458-02a7-4b3f-b0c8-71a1d2692652" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652", - "name": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "ThreatIntelligenceTaxii", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "workspaceId": "8b014a77-4695-4ef4-96bb-6623afb121a2", - "friendlyName": "My TI Taxii Connector", - "taxiiServer": "https://mytaxiiserver.com/taxiing/v2/api", - "collectionId": "e0b1f32d-1188-48f7-a7a3-de71924e4b5e", - "userName": "", - "password": "", - "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", - "pollingFrequency": "OnceADay", - "dataTypes": { - "taxiiClient": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/CreateEntityQueryActivity.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/CreateEntityQueryActivity.json deleted file mode 100644 index e4cf9a4e..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/CreateEntityQueryActivity.json +++ /dev/null @@ -1,134 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", - "entityQuery": { - "kind": "Activity", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "title": "An account was deleted on this host", - "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", - "description": "Account deleted on host", - "queryDefinitions": { - "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " - }, - "inputEntityType": "Host", - "requiredInputFieldsSets": [ - [ - "Host_HostName", - "Host_NTDomain" - ], - [ - "Host_HostName", - "Host_DnsDomain" - ], - [ - "Host_AzureID" - ], - [ - "Host_OMSAgentID" - ] - ], - "entitiesFilter": { - "Host_OsFamily": [ - "Windows" - ] - }, - "enabled": true, - "templateName": null - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", - "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", - "type": "Microsoft.SecurityInsights/entityQueries", - "kind": "Activity", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "title": "An account was deleted on this host", - "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", - "description": "Account deleted on host", - "queryDefinitions": { - "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " - }, - "inputEntityType": "Host", - "requiredInputFieldsSets": [ - [ - "Host_HostName", - "Host_NTDomain" - ], - [ - "Host_HostName", - "Host_DnsDomain" - ], - [ - "Host_AzureID" - ], - [ - "Host_OMSAgentID" - ] - ], - "entitiesFilter": { - "Host_OsFamily": [ - "Windows" - ] - }, - "enabled": true, - "templateName": null, - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", - "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", - "type": "Microsoft.SecurityInsights/entityQueries", - "kind": "Activity", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "title": "An account was deleted on this host", - "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", - "description": "Account deleted on host", - "queryDefinitions": { - "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " - }, - "inputEntityType": "Host", - "requiredInputFieldsSets": [ - [ - "Host_HostName", - "Host_NTDomain" - ], - [ - "Host_HostName", - "Host_DnsDomain" - ], - [ - "Host_AzureID" - ], - [ - "Host_OMSAgentID" - ] - ], - "entitiesFilter": { - "Host_OsFamily": [ - "Windows" - ] - }, - "enabled": true, - "templateName": null, - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/DeleteEntityQuery.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/DeleteEntityQuery.json deleted file mode 100644 index 0a7f73c3..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/DeleteEntityQuery.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetActivityEntityQueryById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetActivityEntityQueryById.json deleted file mode 100644 index e1c3cee8..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetActivityEntityQueryById.json +++ /dev/null @@ -1,55 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", - "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", - "type": "Microsoft.SecurityInsights/entityQueries", - "etag": null, - "kind": "Activity", - "properties": { - "title": "An account was deleted on this host", - "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", - "description": "Account deleted on host", - "queryDefinitions": { - "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " - }, - "inputEntityType": "Host", - "requiredInputFieldsSets": [ - [ - "Host_HostName", - "Host_NTDomain" - ], - [ - "Host_HostName", - "Host_DnsDomain" - ], - [ - "Host_AzureID" - ], - [ - "Host_OMSAgentID" - ] - ], - "entitiesFilter": { - "Host_OsFamily": [ - "Windows" - ] - }, - "enabled": true, - "templateName": null, - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetEntityQueries.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetEntityQueries.json deleted file mode 100644 index 0a2e2376..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetEntityQueries.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "kind": "Expansion", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/37ca3555-c135-4a73-a65e-9c1d00323f5d", - "name": "37ca3555-c135-4a73-a65e-9c1d00323f5d", - "type": "Microsoft.SecurityInsights/entityQueries", - "etag": null, - "kind": "Expansion", - "properties": { - "queryTemplate": "let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count asc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')", - "inputFields": [ - "address" - ], - "outputEntityTypes": [ - "Account" - ], - "dataSources": [ - "AzureActivity" - ], - "inputEntityType": "IP", - "displayName": "Least active accounts on Azure from this IP" - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/97a1d515-abf2-4231-9a35-985f9de0bb91", - "name": "97a1d515-abf2-4231-9a35-985f9de0bb91", - "type": "Microsoft.SecurityInsights/entityQueries", - "etag": null, - "kind": "Expansion", - "properties": { - "queryTemplate": "let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count desc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')", - "inputFields": [ - "address" - ], - "outputEntityTypes": [ - "Account" - ], - "dataSources": [ - "AzureActivity" - ], - "inputEntityType": "IP", - "displayName": "Most active accounts on Azure from this IP" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json deleted file mode 100644 index f33d16ea..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", - "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", - "type": "Microsoft.SecurityInsights/entityQueries", - "etag": null, - "kind": "Expansion", - "properties": { - "queryTemplate": "let GetParentProcessesOnHost = (v_Host_HostName:string){\r\n SecurityEvent \r\n | where EventID == 4688 \r\n | where isnotempty(ParentProcessName)\r\n | where NewProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe' and ParentProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe'\r\n and NewProcessName!contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe' and ParentProcessName !contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe'\r\n and ParentProcessName !contains ':\\\\Windows\\\\CCM\\\\CcmExec.exe'\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\svchost.exe' and (NewProcessName !contains ':\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe' or NewProcessName !contains ':\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe'))\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\services.exe' and NewProcessName !contains ':\\\\Windows\\\\servicing\\\\TrustedInstaller.exe')\r\n | where toupper(Computer) contains v_Host_HostName or toupper(WorkstationName) contains v_Host_HostName\r\n | summarize min(TimeGenerated), max(TimeGenerated) by Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project min_TimeGenerated, max_TimeGenerated, Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project-rename Process_Host_UnstructuredName=Computer, Process_Account_UnstructuredName=Account, Process_CommandLine=CommandLine, Process_ProcessId=ProcessId, Process_ImageFile_FullPath=NewProcessName, Process_ParentProcess_ImageFile_FullPath=ParentProcessName\r\n | top 10 by min_TimeGenerated asc};\r\n GetParentProcessesOnHost(toupper(''))", - "inputFields": [ - "hostName" - ], - "outputEntityTypes": [ - "Process" - ], - "dataSources": [ - "SecurityEvent" - ], - "inputEntityType": "Host", - "displayName": "Parent processes running on host" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/CreateIncident.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/CreateIncident.json deleted file mode 100644 index f7af0efc..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/CreateIncident.json +++ /dev/null @@ -1,110 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incident": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "IncorrectAlertLogic", - "status": "Closed" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", - "properties": { - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "assignedTo": "john doe", - "ownerType": "User" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "IncorrectAlertLogic", - "status": "Closed", - "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentNumber": 3177, - "labels": [], - "providerName": "Azure Sentinel", - "providerIncidentId": "3177", - "relatedAnalyticRuleIds": [], - "additionalData": { - "alertsCount": 0, - "bookmarksCount": 0, - "commentsCount": 3, - "alertProductNames": [], - "tactics": [] - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", - "properties": { - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "assignedTo": "john doe" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "IncorrectAlertLogic", - "status": "Closed", - "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentNumber": 3177, - "labels": [], - "providerName": "Azure Sentinel", - "providerIncidentId": "3177", - "relatedAnalyticRuleIds": [], - "additionalData": { - "alertsCount": 0, - "bookmarksCount": 0, - "commentsCount": 3, - "alertProductNames": [], - "tactics": [] - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/CreateTeam.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/CreateTeam.json deleted file mode 100644 index b3ce2c63..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/CreateTeam.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "9023f5b5-df22-4313-8fbf-b4b75af8a6d9", - "resourceGroupName": "ambawolvese5resourcegroup", - "workspaceName": "AmbaE5WestCentralUS", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600", - "teamProperties": { - "teamName": "Team name", - "teamDescription": "Team description" - } - }, - "responses": { - "200": { - "body": { - "teamId": "99978838-9bda-4ad4-8f93-4cf7ebc50ca5", - "primaryChannelUrl": "https://teams.microsoft.com/l/team/19:80bf3b25485b4067b7d2dc4eec9e1578%40thread.tacv2/conversations?groupId=99978838-9bda-4ad4-8f93-4cf7ebc50ca5&tenantId=5b5a146c-eba8-46af-96f8-e31b50d15a3f", - "teamCreationTimeUtc": "2021-03-15T17:08:21.9954238+02:00", - "name": "Team name", - "description": "Team description" - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/DeleteIncident.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/DeleteIncident.json deleted file mode 100644 index cea1f39e..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/DeleteIncident.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetAllIncidentAlerts.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetAllIncidentAlerts.json deleted file mode 100644 index e5ee9a39..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetAllIncidentAlerts.json +++ /dev/null @@ -1,51 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/baa8a239-6fde-4ab7-a093-d09f7b75c58c", - "name": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", - "type": "Microsoft.SecurityInsights/Entities", - "kind": "SecurityAlert", - "properties": { - "systemAlertId": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", - "tactics": [], - "alertDisplayName": "myAlert", - "confidenceLevel": "Unknown", - "severity": "Low", - "vendorName": "Microsoft", - "productName": "Azure Security Center", - "alertType": "myAlert", - "processingEndTime": "2020-07-20T18:21:53.6158361Z", - "status": "New", - "endTimeUtc": "2020-07-20T18:21:53.6158361Z", - "startTimeUtc": "2020-07-20T18:21:53.6158361Z", - "timeGenerated": "2020-07-20T18:21:53.6158361Z", - "resourceIdentifiers": [ - { - "type": "LogAnalytics", - "workspaceId": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroup": "myRG" - } - ], - "additionalData": { - "AlertMessageEnqueueTime": "2020-07-20T18:21:57.304Z" - }, - "friendlyName": "myAlert" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetAllIncidentBookmarks.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetAllIncidentBookmarks.json deleted file mode 100644 index 25c40737..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetAllIncidentBookmarks.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/afbd324f-6c48-459c-8710-8d1e1cd03812", - "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "type": "Microsoft.SecurityInsights/Entities", - "kind": "Bookmark", - "properties": { - "displayName": "SecurityEvent - 868f40f4698d", - "created": "2020-06-17T15:34:01.4265524+00:00", - "updated": "2020-06-17T15:34:01.4265524+00:00", - "createdBy": { - "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", - "email": "user@microsoft.com", - "name": "user" - }, - "updatedBy": { - "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", - "email": "user@microsoft.com", - "name": "user" - }, - "eventTime": "2020-06-17T15:34:01.4265524+00:00", - "labels": [], - "query": "SecurityEvent\r\n| take 1\n", - "queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}", - "additionalData": { - "ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", - "EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "friendlyName": "SecurityEvent - 868f40f4698d" - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/bbbd324f-6c48-459c-8710-8d1e1cd03812", - "name": "bbbd324f-6c48-459c-8710-8d1e1cd03812", - "type": "Microsoft.SecurityInsights/Entities", - "kind": "Bookmark", - "properties": { - "displayName": "SecurityEvent - 868f40f4698d", - "created": "2020-06-17T15:34:01.4265524+00:00", - "updated": "2020-06-17T15:34:01.4265524+00:00", - "createdBy": { - "objectId": "303ca914-5eb6-45e5-9417-fe0797c372fd", - "email": "user@microsoft.com", - "name": "user" - }, - "updatedBy": { - "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", - "email": "user@microsoft.com", - "name": "user" - }, - "eventTime": "2020-06-17T15:34:01.4265524+00:00", - "labels": [], - "query": "SecurityEvent\r\n| take 1\n", - "queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}", - "additionalData": { - "ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", - "EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "friendlyName": "SecurityEvent - 868f40f4698d" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetIncidentById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetIncidentById.json deleted file mode 100644 index 8b24a8a6..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetIncidentById.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "assignedTo": "john doe", - "ownerType": "User" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "InaccurateData", - "status": "Closed", - "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentNumber": 3177, - "labels": [], - "providerName": "Azure Sentinel", - "providerIncidentId": "3177", - "relatedAnalyticRuleIds": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" - ], - "additionalData": { - "alertsCount": 0, - "bookmarksCount": 0, - "commentsCount": 3, - "alertProductNames": [], - "tactics": [ - "InitialAccess", - "Persistence" - ] - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetIncidents.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetIncidents.json deleted file mode 100644 index 7c10cba0..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/GetIncidents.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "$orderby": "properties/createdTimeUtc desc", - "$top": 1 - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "assignedTo": "john doe", - "ownerType": "User" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "IncorrectAlertLogic", - "status": "Closed", - "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentNumber": 3177, - "labels": [], - "providerName": "Azure Sentinel", - "providerIncidentId": "3177", - "relatedAnalyticRuleIds": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" - ], - "additionalData": { - "alertsCount": 0, - "bookmarksCount": 0, - "commentsCount": 3, - "alertProductNames": [], - "tactics": [ - "Persistence" - ] - } - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/CreateIncidentComment.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/CreateIncidentComment.json deleted file mode 100644 index be5b4a51..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/CreateIncidentComment.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "incidentComment": { - "properties": { - "message": "Some message" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/comments", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "message": "Some message", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", - "author": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/comments", - "etag": "190057d0-0000-0d00-0000-5c622adb0000", - "properties": { - "message": "Some message", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "author": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/DeleteIncidentComment.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/DeleteIncidentComment.json deleted file mode 100644 index 77aadc8b..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/DeleteIncidentComment.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "parameters": { - "api-version": "2023-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/GetAllIncidentComments.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/GetAllIncidentComments.json deleted file mode 100644 index c3c1ab85..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/GetAllIncidentComments.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/comments", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "message": "Some message", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", - "author": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - } - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/GetIncidentCommentById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/GetIncidentCommentById.json deleted file mode 100644 index f92cba74..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/comments/GetIncidentCommentById.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/comments", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "message": "Some message", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", - "author": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/entities/GetAllIncidentEntities.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/entities/GetAllIncidentEntities.json deleted file mode 100644 index ad0641a2..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/entities/GetAllIncidentEntities.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "responses": { - "200": { - "body": { - "entities": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", - "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "type": "Microsoft.SecurityInsights/Entities", - "kind": "Account", - "properties": { - "friendlyName": "administrator", - "accountName": "administrator", - "ntDomain": "domain" - } - } - ], - "metaData": [ - { - "entityKind": "Account", - "count": 1 - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/CreateIncidentRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/CreateIncidentRelation.json deleted file mode 100644 index 434bdf33..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/CreateIncidentRelation.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "relation": { - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/relations", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/relations", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/DeleteIncidentRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/DeleteIncidentRelation.json deleted file mode 100644 index c172e23e..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/DeleteIncidentRelation.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/GetAllIncidentRelations.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/GetAllIncidentRelations.json deleted file mode 100644 index c6e50f67..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/GetAllIncidentRelations.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/relations", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/9673a17d-8bc7-4ca6-88ee-38a4f3efc032", - "name": "9673a17d-8bc7-4ca6-88ee-38a4f3efc032", - "type": "Microsoft.SecurityInsights/incidents/relations", - "etag": "6f714025-dd7c-46aa-b5d0-b9857488d060", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/1dd267cd-8a1f-4f6f-b92c-da43ac8819af", - "relatedResourceName": "1dd267cd-8a1f-4f6f-b92c-da43ac8819af", - "relatedResourceType": "Microsoft.SecurityInsights/entities", - "relatedResourceKind": "SecurityAlert" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/GetIncidentRelationByName.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/GetIncidentRelationByName.json deleted file mode 100644 index 5f5d3d34..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/incidents/relations/GetIncidentRelationByName.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/relations", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/DeleteMetadata.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/DeleteMetadata.json deleted file mode 100644 index 6aa14153..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/DeleteMetadata.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "metadataName": "metadataName" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetAllMetadata.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetAllMetadata.json deleted file mode 100644 index 22cf619d..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetAllMetadata.json +++ /dev/null @@ -1,65 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1", - "name": "metadataName1", - "type": "Microsoft.SecurityInsights/metadata", - "properties": { - "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", - "version": "1.0.0.0", - "kind": "AnalyticsRule", - "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", - "source": { - "kind": "Solution", - "name": "Contoso Solution 1.0", - "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" - } - } - }, - { - "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2", - "name": "metadataName2", - "type": "Microsoft.SecurityInsights/metadata", - "properties": { - "contentId": "f5160682-0e10-4e23-8fcf-df3df49c5522", - "version": "1.0.0.0", - "kind": "AnalyticsRule", - "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2", - "source": { - "kind": "Solution", - "name": "Contoso Solution 1.0", - "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" - } - } - }, - { - "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName3", - "name": "metadataName3", - "type": "Microsoft.SecurityInsights/metadata", - "properties": { - "contentId": "f593501d-ec01-4057-8146-a1de35c461ef", - "version": "1.0.0.0", - "kind": "Workbook", - "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/workbookName", - "source": { - "kind": "Solution", - "name": "Contoso Solution 1.0", - "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" - } - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetAllMetadataOData.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetAllMetadataOData.json deleted file mode 100644 index 7eb696f2..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetAllMetadataOData.json +++ /dev/null @@ -1,53 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ODataFilter": "properties/kind eq 'AnalyticsRule'", - "ODataOrderBy": "properties/parentId desc", - "ODataSkip": "2", - "ODataTop": "2" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1", - "name": "metadataName1", - "type": "Microsoft.SecurityInsights/metadata", - "properties": { - "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", - "version": "1.0.0.0", - "kind": "AnalyticsRule", - "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName1", - "source": { - "kind": "Solution", - "name": "Contoso Solution 1.0", - "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" - } - } - }, - { - "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2", - "name": "metadataName2", - "type": "Microsoft.SecurityInsights/metadata", - "properties": { - "contentId": "f5160682-0e10-4e23-8fcf-df3df49c5522", - "version": "1.0.0.0", - "kind": "AnalyticsRule", - "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2", - "source": { - "kind": "Solution", - "name": "Contoso Solution 1.0", - "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" - } - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetMetadata.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetMetadata.json deleted file mode 100644 index 5753c829..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/GetMetadata.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "2e1dc338-d04d-4443-b721-037eff4fdcac", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "metadataName": "metadataName" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", - "name": "metadataName", - "type": "Microsoft.SecurityInsights/metadata", - "properties": { - "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", - "version": "1.0.0.0", - "kind": "AnalyticsRule", - "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", - "source": { - "kind": "Solution", - "name": "Contoso Solution 1.0", - "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" - }, - "author": { - "name": "User Name", - "email": "email@microsoft.com" - }, - "support": { - "name": "Microsoft", - "email": "support@microsoft.com", - "link": "https://support.microsoft.com/", - "tier": "Partner" - }, - "dependencies": { - "operator": "AND", - "criteria": [ - { - "operator": "OR", - "criteria": [ - { - "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", - "kind": "DataConnector" - }, - { - "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", - "kind": "DataConnector" - }, - { - "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", - "kind": "DataConnector", - "version": "2.0" - } - ] - }, - { - "kind": "Playbook", - "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", - "version": "1.0" - }, - { - "kind": "Parser", - "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" - } - ] - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PatchMetadata.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PatchMetadata.json deleted file mode 100644 index f9efe722..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PatchMetadata.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "metadataName": "metadataName", - "metadataPatch": { - "properties": { - "author": { - "name": "User Name", - "email": "email@microsoft.com" - } - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", - "name": "metadataName", - "type": "Microsoft.SecurityInsights/metadata", - "properties": { - "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", - "kind": "AnalyticsRule", - "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", - "author": { - "name": "User Name", - "email": "email@microsoft.com" - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PutMetadata.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PutMetadata.json deleted file mode 100644 index a6bbd138..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PutMetadata.json +++ /dev/null @@ -1,188 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "metadataName": "metadataName", - "metadata": { - "properties": { - "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", - "version": "1.0.0.0", - "kind": "AnalyticsRule", - "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", - "source": { - "kind": "Solution", - "name": "Contoso Solution 1.0", - "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" - }, - "author": { - "name": "User Name", - "email": "email@microsoft.com" - }, - "support": { - "name": "Microsoft", - "email": "support@microsoft.com", - "link": "https://support.microsoft.com/", - "tier": "Partner" - }, - "dependencies": { - "operator": "AND", - "criteria": [ - { - "operator": "OR", - "criteria": [ - { - "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", - "kind": "DataConnector", - "name": "Microsoft Defender for Endpoint" - }, - { - "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", - "kind": "DataConnector" - }, - { - "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", - "kind": "DataConnector", - "version": "2.0" - } - ] - }, - { - "kind": "Playbook", - "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", - "version": "1.0" - }, - { - "kind": "Parser", - "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" - } - ] - } - } - } - }, - "responses": { - "201": { - "body": { - "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", - "name": "metadataName", - "type": "Microsoft.SecurityInsights/metadata", - "properties": { - "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", - "version": "1.0.0.0", - "kind": "AnalyticsRule", - "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", - "source": { - "kind": "Solution", - "name": "Contoso Solution 1.0", - "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" - }, - "author": { - "name": "User Name", - "email": "email@microsoft.com" - }, - "support": { - "name": "Microsoft", - "email": "support@microsoft.com", - "link": "https://support.microsoft.com/", - "tier": "Partner" - }, - "dependencies": { - "operator": "AND", - "criteria": [ - { - "operator": "OR", - "criteria": [ - { - "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", - "kind": "DataConnector" - }, - { - "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", - "kind": "DataConnector" - }, - { - "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", - "kind": "DataConnector", - "version": "2.0" - } - ] - }, - { - "kind": "Playbook", - "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", - "version": "1.0" - }, - { - "kind": "Parser", - "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" - } - ] - } - } - } - }, - "200": { - "body": { - "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", - "name": "metadataName", - "type": "Microsoft.SecurityInsights/metadata", - "properties": { - "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", - "version": "1.0.0.0", - "kind": "AnalyticsRule", - "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", - "source": { - "kind": "Solution", - "name": "Contoso Solution 1.0", - "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" - }, - "author": { - "name": "User Name", - "email": "email@microsoft.com" - }, - "support": { - "name": "Microsoft", - "email": "support@microsoft.com", - "link": "https://support.microsoft.com/", - "tier": "Partner" - }, - "dependencies": { - "operator": "AND", - "criteria": [ - { - "operator": "OR", - "criteria": [ - { - "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", - "kind": "DataConnector" - }, - { - "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", - "kind": "DataConnector" - }, - { - "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", - "kind": "DataConnector", - "version": "2.0" - } - ] - }, - { - "kind": "Playbook", - "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", - "version": "1.0" - }, - { - "kind": "Parser", - "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" - } - ] - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PutMetadataMinimal.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PutMetadataMinimal.json deleted file mode 100644 index ecb3ffd0..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/metadata/PutMetadataMinimal.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "metadataName": "metadataName", - "metadata": { - "properties": { - "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", - "kind": "AnalyticsRule", - "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" - } - } - }, - "responses": { - "201": { - "body": { - "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", - "name": "metadataName", - "type": "Microsoft.SecurityInsights/metadata", - "properties": { - "kind": "AnalyticsRule", - "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" - } - } - }, - "200": { - "body": { - "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", - "name": "metadataName", - "type": "Microsoft.SecurityInsights/metadata", - "properties": { - "kind": "AnalyticsRule", - "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json deleted file mode 100644 index eade28e2..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "sentinelOnboardingStateName": "default", - "sentinelOnboardingStateParameter": { - "properties": { - "customerManagedKey": false - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", - "name": "default", - "type": "Microsoft.SecurityInsights/onboardingStates", - "properties": { - "customerManagedKey": false - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", - "name": "default", - "type": "Microsoft.SecurityInsights/onboardingStates", - "properties": { - "customerManagedKey": false - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json deleted file mode 100644 index f35e9c9c..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "sentinelOnboardingStateName": "default" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json deleted file mode 100644 index 18ce172d..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", - "name": "default", - "type": "Microsoft.SecurityInsights/onboardingStates", - "properties": { - "customerManagedKey": false - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json deleted file mode 100644 index 723a842a..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "sentinelOnboardingStateName": "default" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", - "name": "default", - "type": "Microsoft.SecurityInsights/onboardingStates", - "properties": { - "customerManagedKey": false - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/repositories/GetRepositories.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/repositories/GetRepositories.json deleted file mode 100644 index 5f29c4f3..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/repositories/GetRepositories.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "repoType": "Github", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "repoUrl": "https://api.github.com/repos/user/reponame", - "fullName": "reponame", - "branches": [ - "master", - "develop" - ] - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/DeleteEyesOnSetting.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/DeleteEyesOnSetting.json deleted file mode 100644 index 9120c9f8..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/DeleteEyesOnSetting.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "settingsName": "EyesOn" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/GetAllSettings.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/GetAllSettings.json deleted file mode 100644 index 98fbfb45..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/GetAllSettings.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", - "name": "EyesOn", - "type": "Microsoft.SecurityInsights/settings", - "kind": "EyesOn", - "properties": { - "isEnabled": true - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/GetEyesOnSetting.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/GetEyesOnSetting.json deleted file mode 100644 index b4b8e56e..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/GetEyesOnSetting.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "settingsName": "EyesOn" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", - "name": "EyesOn", - "type": "Microsoft.SecurityInsights/settings", - "kind": "EyesOn", - "properties": { - "isEnabled": true - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/UpdateEyesOnSetting.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/UpdateEyesOnSetting.json deleted file mode 100644 index 57289b7f..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/settings/UpdateEyesOnSetting.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "settingsName": "EyesOn", - "settings": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "kind": "EyesOn", - "properties": {} - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", - "name": "EyesOn", - "type": "Microsoft.SecurityInsights/settings", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "kind": "EyesOn", - "properties": { - "isEnabled": true - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/CreateSourceControl.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/CreateSourceControl.json deleted file mode 100644 index 006c6dba..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/CreateSourceControl.json +++ /dev/null @@ -1,118 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", - "sourceControl": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "displayName": "My Source Control", - "description": "This is a source control", - "repoType": "Github", - "contentTypes": [ - "AnalyticRules", - "Workbook" - ], - "repository": { - "url": "https://github.com/user/repo", - "branch": "master", - "pathMapping": [ - { - "contentType": "AnalyticRules", - "path": "path/to/rules" - }, - { - "contentType": "Workbook", - "path": "path/to/workbooks" - } - ] - } - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", - "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", - "type": "Microsoft.SecurityInsights/SourceControls", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", - "displayName": "My Source Control", - "description": "this is a source control", - "repoType": "Github", - "contentTypes": [ - "AnalyticRules", - "Workbook" - ], - "repository": { - "url": "https://github.com/user/repo", - "branch": "master", - "pathMapping": [ - { - "contentType": "AnalyticRules", - "path": "path/to/rules" - }, - { - "contentType": "Workbook", - "path": "path/to/workbooks" - } - ] - } - }, - "systemData": { - "createdBy": "string", - "createdByType": "User", - "createdAt": "2020-04-27T21:53:29.0928001Z", - "lastModifiedBy": "string", - "lastModifiedByType": "User", - "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", - "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", - "type": "Microsoft.SecurityInsights/SourceControls", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", - "displayName": "My Source Control", - "description": "this is a source control", - "repoType": "Github", - "contentTypes": [ - "AnalyticRules", - "Workbook" - ], - "repository": { - "url": "https://github.com/user/repo", - "branch": "master", - "pathMapping": [ - { - "contentType": "AnalyticRules", - "path": "path/to/rules" - }, - { - "contentType": "Workbook", - "path": "path/to/workbooks" - } - ] - } - }, - "systemData": { - "createdBy": "string", - "createdByType": "User", - "createdAt": "2020-04-27T21:53:29.0928001Z", - "lastModifiedBy": "string", - "lastModifiedByType": "User", - "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/DeleteSourceControl.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/DeleteSourceControl.json deleted file mode 100644 index 45c070ae..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/DeleteSourceControl.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/GetSourceControlById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/GetSourceControlById.json deleted file mode 100644 index f23a1875..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/GetSourceControlById.json +++ /dev/null @@ -1,52 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", - "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", - "type": "Microsoft.SecurityInsights/SourceControls", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", - "displayName": "My Source Control", - "description": "this is a source control", - "repoType": "Github", - "contentTypes": [ - "AnalyticRules", - "Workbook" - ], - "repository": { - "url": "https://github.com/user/repo", - "branch": "master", - "pathMapping": [ - { - "contentType": "AnalyticRules", - "path": "path/to/rules" - }, - { - "contentType": "Workbook", - "path": "path/to/workbooks" - } - ] - } - }, - "systemData": { - "createdBy": "string", - "createdByType": "User", - "createdAt": "2020-04-27T21:53:29.0928001Z", - "lastModifiedBy": "string", - "lastModifiedByType": "User", - "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/GetSourceControls.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/GetSourceControls.json deleted file mode 100644 index fe9547ec..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/sourcecontrols/GetSourceControls.json +++ /dev/null @@ -1,55 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", - "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", - "type": "Microsoft.SecurityInsights/SourceControls", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", - "displayName": "My Source Control", - "description": "this is a source control", - "repoType": "Github", - "contentTypes": [ - "AnalyticRules", - "Workbook" - ], - "repository": { - "url": "https://github.com/user/repo", - "branch": "master", - "pathMapping": [ - { - "contentType": "AnalyticRules", - "path": "path/to/rules" - }, - { - "contentType": "Workbook", - "path": "path/to/workbooks" - } - ] - } - }, - "systemData": { - "createdBy": "string", - "createdByType": "User", - "createdAt": "2020-04-27T21:53:29.0928001Z", - "lastModifiedBy": "string", - "lastModifiedByType": "User", - "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlist.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlist.json deleted file mode 100644 index baa0dc9d..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlist.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset", - "watchlist": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "displayName": "High Value Assets Watchlist", - "source": "Local file", - "provider": "Microsoft", - "description": "Watchlist from CSV content", - "itemsSearchKey": "header1" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", - "name": "highValueAsset", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "type": "Microsoft.SecurityInsights/Watchlists", - "properties": { - "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", - "displayName": "High Value Assets Watchlist", - "provider": "Microsoft", - "source": "Local file", - "created": "2020-09-28T00:26:54.7746089+00:00", - "updated": "2020-09-28T00:26:57+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "description": "Watchlist from CSV content", - "watchlistType": "watchlist", - "watchlistAlias": "highValueAsset", - "itemsSearchKey": "header1", - "isDeleted": false, - "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", - "name": "highValueAsset", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "type": "Microsoft.SecurityInsights/Watchlists", - "properties": { - "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", - "displayName": "High Value Assets Watchlist", - "provider": "Microsoft", - "source": "Local file", - "created": "2020-09-28T00:26:54.7746089+00:00", - "updated": "2020-09-28T00:26:57+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "description": "Watchlist from CSV content", - "watchlistType": "watchlist", - "watchlistAlias": "highValueAsset", - "itemsSearchKey": "header1", - "isDeleted": false, - "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json deleted file mode 100644 index d852b0ff..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset", - "watchlist": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "displayName": "High Value Assets Watchlist", - "source": "Local file", - "provider": "Microsoft", - "description": "Watchlist from CSV content", - "numberOfLinesToSkip": 1, - "rawContent": "This line will be skipped\nheader1,header2\nvalue1,value2", - "itemsSearchKey": "header1", - "contentType": "text/csv" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", - "name": "highValueAsset", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "type": "Microsoft.SecurityInsights/Watchlists", - "properties": { - "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", - "displayName": "High Value Assets Watchlist", - "provider": "Microsoft", - "source": "Local file", - "created": "2020-09-28T00:26:54.7746089+00:00", - "updated": "2020-09-28T00:26:57+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "description": "Watchlist from CSV content", - "watchlistType": "watchlist", - "watchlistAlias": "highValueAsset", - "itemsSearchKey": "header1", - "isDeleted": false, - "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", - "name": "highValueAsset", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "type": "Microsoft.SecurityInsights/Watchlists", - "properties": { - "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", - "displayName": "High Value Assets Watchlist", - "provider": "Microsoft", - "source": "Local file", - "created": "2020-09-28T00:26:54.7746089+00:00", - "updated": "2020-09-28T00:26:57+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "description": "Watchlist from CSV content", - "watchlistType": "watchlist", - "watchlistAlias": "highValueAsset", - "itemsSearchKey": "header1", - "isDeleted": false, - "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlistItem.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlistItem.json deleted file mode 100644 index e83eab48..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/CreateWatchlistItem.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset", - "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", - "watchlistItem": { - "etag": "0300bf09-0000-0000-0000-5c37296e0000", - "properties": { - "itemsKeyValue": { - "Gateway subnet": "10.0.255.224/27", - "Web Tier": "10.0.1.0/24", - "Business tier": "10.0.2.0/24", - "Data tier": "10.0.2.0/24", - "Private DMZ in": "10.0.0.0/27", - "Public DMZ out": "10.0.0.96/27" - } - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", - "etag": "0300bf09-0000-0000-0000-5c37296e0000", - "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", - "properties": { - "watchlistItemType": "watchlist-item", - "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", - "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", - "isDeleted": false, - "created": "2020-11-15T04:58:56.0748363+00:00", - "updated": "2020-11-16T16:05:20+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "itemsKeyValue": { - "Gateway subnet": "10.0.255.224/27", - "Web Tier": "10.0.1.0/24", - "Business tier": "10.0.2.0/24", - "Data tier": "10.0.2.0/24", - "Private DMZ in": "10.0.0.0/27", - "Public DMZ out": "10.0.0.96/27" - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", - "etag": "0300bf09-0000-0000-0000-5c37296e0000", - "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", - "properties": { - "watchlistItemType": "watchlist-item", - "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", - "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", - "isDeleted": false, - "created": "2020-11-15T04:58:56.0748363+00:00", - "updated": "2020-11-16T16:05:20+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "itemsKeyValue": { - "Gateway subnet": "10.0.255.224/27", - "Web Tier": "10.0.1.0/24", - "Business tier": "10.0.2.0/24", - "Data tier": "10.0.2.0/24", - "Private DMZ in": "10.0.0.0/27", - "Public DMZ out": "10.0.0.96/27" - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/DeleteWatchlist.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/DeleteWatchlist.json deleted file mode 100644 index eebf3d55..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/DeleteWatchlist.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/DeleteWatchlistItem.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/DeleteWatchlistItem.json deleted file mode 100644 index a645a5ae..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/DeleteWatchlistItem.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset", - "watchlistItemId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistByAlias.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistByAlias.json deleted file mode 100644 index 401ffa61..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistByAlias.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", - "name": "highValueAsset", - "type": "Microsoft.SecurityInsights/Watchlists", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", - "displayName": "High Value Assets Watchlist", - "provider": "Microsoft", - "source": "Local file", - "created": "2020-09-28T00:26:54.7746089+00:00", - "updated": "2020-09-28T00:26:57+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "description": "Watchlist from CSV content", - "watchlistType": "watchlist", - "watchlistAlias": "highValueAsset", - "itemsSearchKey": "header1", - "isDeleted": false, - "labels": [ - "Tag1", - "Tag2" - ], - "defaultDuration": "P1279DT12H30M5S", - "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistItemById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistItemById.json deleted file mode 100644 index e189c471..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistItemById.json +++ /dev/null @@ -1,47 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "watchlistAlias": "highValueAsset", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistItemId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", - "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", - "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", - "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", - "properties": { - "watchlistItemType": "watchlist-item", - "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", - "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", - "isDeleted": false, - "created": "2021-02-04T12:27:32.3783333-08:00", - "updated": "2021-02-04T12:27:32.3783333-08:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "itemsKeyValue": { - "Header-1": "v1_1", - "Header-2": "v1_2", - "Header-3": "v1_3", - "Header-4": "v1_4", - "Header-5": "v1_5" - }, - "entityMapping": {} - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistItems.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistItems.json deleted file mode 100644 index 35b6c846..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlistItems.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", - "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", - "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", - "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", - "properties": { - "watchlistItemType": "watchlist-item", - "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", - "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", - "isDeleted": false, - "created": "2021-02-04T12:27:32.3783333-08:00", - "updated": "2021-02-04T12:27:32.3783333-08:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "itemsKeyValue": { - "Header-1": "v1_1", - "Header-2": "v1_2", - "Header-3": "v1_3", - "Header-4": "v1_4", - "Header-5": "v1_5" - }, - "entityMapping": {} - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlists.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlists.json deleted file mode 100644 index 2d7b8c05..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview/examples/watchlists/GetWatchlists.json +++ /dev/null @@ -1,52 +0,0 @@ -{ - "parameters": { - "api-version": "2021-03-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", - "name": "highValueAsset", - "type": "Microsoft.SecurityInsights/Watchlists", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", - "displayName": "High Value Assets Watchlist", - "provider": "Microsoft", - "source": "Local file", - "created": "2020-09-28T00:26:54.7746089+00:00", - "updated": "2020-09-28T00:26:57+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "description": "Watchlist from CSV content", - "watchlistType": "watchlist", - "watchlistAlias": "highValueAsset", - "itemsSearchKey": "header1", - "isDeleted": false, - "labels": [ - "Tag1", - "Tag2" - ], - "defaultDuration": "P1279DT12H30M5S", - "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/CreateActionOfAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/CreateActionOfAlertRule.json deleted file mode 100644 index 80172712..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/CreateActionOfAlertRule.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "action": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "triggerUri": "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", - "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "type": "Microsoft.SecurityInsights/alertRules/actions", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "workflowId": "cd3765391efd48549fd7681ded1d48d7", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", - "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "type": "Microsoft.SecurityInsights/alertRules/actions", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "workflowId": "cd3765391efd48549fd7681ded1d48d7", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/DeleteActionOfAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/DeleteActionOfAlertRule.json deleted file mode 100644 index 9b2972bf..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/DeleteActionOfAlertRule.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/GetActionOfAlertRuleById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/GetActionOfAlertRuleById.json deleted file mode 100644 index 065f9e92..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/GetActionOfAlertRuleById.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", - "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "type": "Microsoft.SecurityInsights/alertRules/actions", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "workflowId": "cd3765391efd48549fd7681ded1d48d7", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/GetAllActionsByAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/GetAllActionsByAlertRule.json deleted file mode 100644 index d0292df5..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/actions/GetAllActionsByAlertRule.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", - "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", - "type": "Microsoft.SecurityInsights/alertRules/actions", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "workflowId": "cd3765391efd48549fd7681ded1d48d7", - "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRuleTemplates/GetAlertRuleTemplateById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRuleTemplates/GetAlertRuleTemplateById.json deleted file mode 100644 index 4dbca192..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRuleTemplates/GetAlertRuleTemplateById.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "alertRuleTemplateId": "65360bb0-8986-4ade-a89d-af3cf44d28aa" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", - "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "kind": "Scheduled", - "properties": { - "severity": "Low", - "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", - "queryFrequency": "P1D", - "queryPeriod": "P1D", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "displayName": "Changes to Amazon VPC settings", - "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", - "tactics": [ - "PrivilegeEscalation", - "LateralMovement" - ], - "createdDateUTC": "2019-02-27T00:00:00Z", - "status": "Available", - "requiredDataConnectors": [ - { - "connectorId": "AWS", - "dataTypes": [ - "AWSCloudTrail" - ] - } - ], - "alertRulesCreatedByTemplateCount": 0 - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRuleTemplates/GetAlertRuleTemplates.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRuleTemplates/GetAlertRuleTemplates.json deleted file mode 100644 index df498bf5..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRuleTemplates/GetAlertRuleTemplates.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", - "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "kind": "Scheduled", - "properties": { - "severity": "Low", - "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", - "queryFrequency": "P1D", - "queryPeriod": "P1D", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "displayName": "Changes to Amazon VPC settings", - "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", - "tactics": [ - "PrivilegeEscalation", - "LateralMovement" - ], - "createdDateUTC": "2019-02-27T00:00:00Z", - "status": "Available", - "requiredDataConnectors": [ - { - "connectorId": "AWS", - "dataTypes": [ - "AWSCloudTrail" - ] - } - ], - "alertRulesCreatedByTemplateCount": 0 - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/f71aba3d-28fb-450b-b192-4e76a83015c8", - "name": "f71aba3d-28fb-450b-b192-4e76a83015c8", - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "kind": "Fusion", - "properties": { - "displayName": "Advanced Multi-Stage Attack Detection", - "description": "Place holder: Fusion uses graph powered machine learning algorithms to correlate between millions of lower fidelity anomalous activities from different products such as Azure AD Identity Protection, and Microsoft Cloud App Security, to combine them into a manageable number of interesting security cases.\n", - "tactics": [ - "Persistence", - "LateralMovement", - "Exfiltration", - "CommandAndControl" - ], - "createdDateUTC": "2019-07-25T00:00:00Z", - "status": "Available", - "severity": "High", - "alertRulesCreatedByTemplateCount": 0 - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/b3cfc7c0-092c-481c-a55b-34a3979758cb", - "name": "b3cfc7c0-092c-481c-a55b-34a3979758cb", - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "kind": "MicrosoftSecurityIncidentCreation", - "properties": { - "productFilter": "Microsoft Cloud App Security", - "displayName": "Create incidents based on Microsoft Cloud App Security alerts", - "description": "Create incidents based on all alerts generated in Microsoft Cloud App Security", - "createdDateUTC": "2019-07-16T00:00:00Z", - "status": "Available", - "alertRulesCreatedByTemplateCount": 0 - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateFusionAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateFusionAlertRule.json deleted file mode 100644 index 6bcf080c..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateFusionAlertRule.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "myFirstFusionRule", - "alertRule": { - "kind": "Fusion", - "etag": "3d00c3ca-0000-0100-0000-5d42d5010000", - "properties": { - "enabled": true, - "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", - "name": "myFirstFusionRule", - "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Fusion", - "properties": { - "displayName": "Advanced Multi-Stage Attack Detection", - "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", - "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", - "tactics": [ - "Persistence", - "LateralMovement", - "Exfiltration", - "CommandAndControl" - ], - "severity": "High", - "enabled": true, - "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", - "name": "myFirstFusionRule", - "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Fusion", - "properties": { - "displayName": "Advanced Multi-Stage Attack Detection", - "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", - "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", - "tactics": [ - "Persistence", - "LateralMovement", - "Exfiltration", - "CommandAndControl" - ], - "severity": "High", - "enabled": true, - "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json deleted file mode 100644 index a3014434..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "microsoftSecurityIncidentCreationRuleExample", - "alertRule": { - "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", - "kind": "MicrosoftSecurityIncidentCreation", - "properties": { - "productFilter": "Microsoft Cloud App Security", - "displayName": "testing displayname", - "enabled": true - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", - "name": "microsoftSecurityIncidentCreationRuleExample", - "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "MicrosoftSecurityIncidentCreation", - "properties": { - "productFilter": "Microsoft Cloud App Security", - "severitiesFilter": null, - "displayNamesFilter": null, - "displayName": "testing displayname", - "enabled": true, - "description": null, - "alertRuleTemplateName": null, - "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", - "name": "microsoftSecurityIncidentCreationRuleExample", - "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "MicrosoftSecurityIncidentCreation", - "properties": { - "productFilter": "Microsoft Cloud App Security", - "severitiesFilter": null, - "displayNamesFilter": null, - "displayName": "testing displayname", - "enabled": true, - "description": null, - "alertRuleTemplateName": null, - "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateScheduledAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateScheduledAlertRule.json deleted file mode 100644 index d00bc205..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/CreateScheduledAlertRule.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "alertRule": { - "kind": "Scheduled", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "displayName": "Rule2", - "description": "", - "severity": "High", - "enabled": true, - "tactics": [ - "Persistence", - "LateralMovement" - ], - "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", - "queryFrequency": "PT1H", - "queryPeriod": "P2DT1H30M", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "suppressionDuration": "PT1H", - "suppressionEnabled": false - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Scheduled", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "alertRuleTemplateName": null, - "displayName": "Rule2", - "description": "", - "severity": "High", - "enabled": true, - "tactics": [ - "Persistence", - "LateralMovement" - ], - "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", - "queryFrequency": "PT1H", - "queryPeriod": "P2DT1H30M", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "lastModifiedUtc": "2019-01-01T13:15:30Z" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Scheduled", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "alertRuleTemplateName": null, - "displayName": "Rule2", - "description": "", - "severity": "High", - "enabled": true, - "tactics": [ - "Persistence", - "LateralMovement" - ], - "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", - "queryFrequency": "PT1H", - "queryPeriod": "P2DT1H30M", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "lastModifiedUtc": "2019-01-01T13:15:30Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/DeleteAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/DeleteAlertRule.json deleted file mode 100644 index e9aed01e..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/DeleteAlertRule.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetAllAlertRules.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetAllAlertRules.json deleted file mode 100644 index 4ee69180..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetAllAlertRules.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Scheduled", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "alertRuleTemplateName": null, - "displayName": "Rule2", - "description": "", - "severity": "High", - "enabled": true, - "tactics": [ - "Persistence", - "LateralMovement" - ], - "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", - "queryFrequency": "PT1H", - "queryPeriod": "P2DT1H30M", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "lastModifiedUtc": "2019-01-01T13:15:30Z" - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", - "name": "microsoftSecurityIncidentCreationRuleExample", - "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "MicrosoftSecurityIncidentCreation", - "properties": { - "productFilter": "Microsoft Cloud App Security", - "severitiesFilter": null, - "displayNamesFilter": null, - "displayName": "testing displayname", - "enabled": true, - "description": null, - "alertRuleTemplateName": null, - "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", - "name": "myFirstFusionRule", - "etag": "\"25005c11-0000-0d00-0000-5d6cc0e20000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Fusion", - "properties": { - "displayName": "Advanced Multi-Stage Attack Detection", - "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", - "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", - "tactics": [ - "Persistence", - "LateralMovement", - "Exfiltration", - "CommandAndControl" - ], - "severity": "High", - "enabled": false, - "lastModifiedUtc": "2019-09-02T07:12:34.9065092Z" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetFusionAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetFusionAlertRule.json deleted file mode 100644 index c0406f4f..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetFusionAlertRule.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "myFirstFusionRule" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", - "name": "myFirstFusionRule", - "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Fusion", - "properties": { - "displayName": "Advanced Multi-Stage Attack Detection", - "description": "In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion", - "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", - "tactics": [ - "Persistence", - "LateralMovement", - "Exfiltration", - "CommandAndControl" - ], - "severity": "High", - "enabled": true, - "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json deleted file mode 100644 index fa0aed9b..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "microsoftSecurityIncidentCreationRuleExample" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", - "name": "microsoftSecurityIncidentCreationRuleExample", - "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "MicrosoftSecurityIncidentCreation", - "properties": { - "productFilter": "Microsoft Cloud App Security", - "severitiesFilter": null, - "displayNamesFilter": null, - "displayName": "testing displayname", - "enabled": true, - "description": null, - "alertRuleTemplateName": null, - "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetScheduledAlertRule.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetScheduledAlertRule.json deleted file mode 100644 index f2012877..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/alertRules/GetScheduledAlertRule.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/alertRules", - "kind": "Scheduled", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "alertRuleTemplateName": null, - "displayName": "Rule2", - "description": "", - "severity": "High", - "enabled": true, - "tactics": [ - "Persistence", - "LateralMovement" - ], - "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", - "queryFrequency": "PT1H", - "queryPeriod": "P2DT1H30M", - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "lastModifiedUtc": "2019-01-01T13:15:30Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/CreateBookmark.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/CreateBookmark.json deleted file mode 100644 index 42dc461a..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/CreateBookmark.json +++ /dev/null @@ -1,93 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "bookmark": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "displayName": "My bookmark", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" - }, - "updated": "2019-01-01T13:15:30Z", - "created": "2019-01-01T13:15:30Z", - "notes": "Found a suspicious activity", - "labels": [ - "Tag1", - "Tag2" - ], - "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", - "queryResult": "Security Event query result" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/bookmarks", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "displayName": "My bookmark", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updated": "2019-01-01T13:15:30Z", - "created": "2019-01-01T13:15:30Z", - "notes": "Found a suspicious activity", - "labels": [ - "Tag1", - "Tag2" - ], - "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", - "queryResult": "Security Event query result" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/bookmarks", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "displayName": "My bookmark", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updated": "2019-01-01T13:15:30Z", - "created": "2019-01-01T13:15:30Z", - "notes": "Found a suspicious activity", - "labels": [ - "Tag1", - "Tag2" - ], - "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", - "queryResult": "Security Event query result" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/DeleteBookmark.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/DeleteBookmark.json deleted file mode 100644 index f8357a11..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/DeleteBookmark.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/GetBookmarkById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/GetBookmarkById.json deleted file mode 100644 index d38d2d2e..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/GetBookmarkById.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/bookmarks", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "displayName": "My bookmark", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updated": "2019-01-01T13:15:30Z", - "created": "2019-01-01T13:15:30Z", - "notes": "Found a suspicious activity", - "labels": [ - "Tag1", - "Tag2" - ], - "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", - "queryResult": "Security Event query result", - "incidentInfo": { - "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", - "severity": "Low", - "title": "New case 1", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018" - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/GetBookmarks.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/GetBookmarks.json deleted file mode 100644 index 78612f89..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/bookmarks/GetBookmarks.json +++ /dev/null @@ -1,51 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/bookmarks", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "displayName": "My bookmark", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updated": "2019-01-01T13:15:30Z", - "created": "2019-01-01T13:15:30Z", - "notes": "Found a suspicious activity", - "labels": [ - "Tag1", - "Tag2" - ], - "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", - "queryResult": "Security Event query result", - "incidentInfo": { - "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", - "severity": "Low", - "title": "New case 1", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018" - } - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/CreateOfficeDataConnetor.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/CreateOfficeDataConnetor.json deleted file mode 100644 index 51d132bc..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/CreateOfficeDataConnetor.json +++ /dev/null @@ -1,76 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "dataConnector": { - "kind": "Office365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "sharePoint": { - "state": "Enabled" - }, - "exchange": { - "state": "Enabled" - }, - "teams": { - "state": "Enabled" - } - } - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Office365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "sharePoint": { - "state": "Enabled" - }, - "exchange": { - "state": "Enabled" - }, - "teams": { - "state": "Enabled" - } - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Office365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "sharePoint": { - "state": "Enabled" - }, - "exchange": { - "state": "Enabled" - }, - "teams": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json deleted file mode 100644 index 200254b1..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "dataConnector": { - "kind": "ThreatIntelligence", - "properties": { - "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", - "dataTypes": { - "indicators": { - "state": "Enabled" - } - } - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "ThreatIntelligence", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", - "dataTypes": { - "indicators": { - "state": "Enabled" - } - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "ThreatIntelligence", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", - "dataTypes": { - "indicators": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/DeleteOfficeDataConnetor.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/DeleteOfficeDataConnetor.json deleted file mode 100644 index e279bf43..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/DeleteOfficeDataConnetor.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json deleted file mode 100644 index fdcae392..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", - "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", - "type": "Microsoft.SecurityInsights/dataConnectors", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "kind": "AmazonWebServicesCloudTrail", - "properties": { - "awsRoleArn": "myAwsRoleArn", - "dataTypes": { - "logs": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureActiveDirectoryById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureActiveDirectoryById.json deleted file mode 100644 index ceab1826..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureActiveDirectoryById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", - "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "AzureActiveDirectory", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json deleted file mode 100644 index 08991fc9..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "07e42cb3-e658-4e90-801c-efa0f29d3d44" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", - "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "AzureAdvancedThreatProtection", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureSecurityCenterById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureSecurityCenterById.json deleted file mode 100644 index 6fba0c43..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetAzureSecurityCenterById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", - "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "AzureSecurityCenter", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetDataConnectors.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetDataConnectors.json deleted file mode 100644 index 0f46da36..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetDataConnectors.json +++ /dev/null @@ -1,143 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", - "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "AzureSecurityCenter", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", - "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "ThreatIntelligence", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "indicators": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", - "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "AzureActiveDirectory", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Office365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "sharePoint": { - "state": "Enabled" - }, - "exchange": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", - "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "MicrosoftCloudAppSecurity", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - }, - "discoveryLogs": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", - "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "AzureAdvancedThreatProtection", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", - "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", - "type": "Microsoft.SecurityInsights/dataConnectors", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "kind": "AmazonWebServicesCloudTrail", - "properties": { - "awsRoleArn": "myAwsRoleArn", - "dataTypes": { - "logs": { - "state": "Enabled" - } - } - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "MicrosoftDefenderAdvancedThreatProtection", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json deleted file mode 100644 index 8dab3597..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "b96d014d-b5c2-4a01-9aba-a8058f629d42" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", - "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "MicrosoftCloudAppSecurity", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - }, - "discoveryLogs": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json deleted file mode 100644 index 57d265c3..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "MicrosoftDefenderAdvancedThreatProtection", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "alerts": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetOfficeDataConnetorById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetOfficeDataConnetorById.json deleted file mode 100644 index a696c737..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetOfficeDataConnetorById.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "Office365", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "dataTypes": { - "sharePoint": { - "state": "Enabled" - }, - "exchange": { - "state": "Enabled" - }, - "teams": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetThreatIntelligenceById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetThreatIntelligenceById.json deleted file mode 100644 index 2fd7052c..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetThreatIntelligenceById.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", - "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", - "type": "Microsoft.SecurityInsights/dataConnectors", - "kind": "ThreatIntelligence", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", - "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", - "dataTypes": { - "indicators": { - "state": "Enabled" - } - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/CreateIncident.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/CreateIncident.json deleted file mode 100644 index 3225ca91..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/CreateIncident.json +++ /dev/null @@ -1,104 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incident": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "IncorrectAlertLogic", - "status": "Closed" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", - "properties": { - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "assignedTo": "john doe" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "IncorrectAlertLogic", - "status": "Closed", - "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentNumber": 3177, - "labels": [], - "relatedAnalyticRuleIds": [], - "additionalData": { - "alertsCount": 0, - "bookmarksCount": 0, - "commentsCount": 3, - "alertProductNames": [], - "tactics": [] - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", - "properties": { - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "assignedTo": "john doe" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "IncorrectAlertLogic", - "status": "Closed", - "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentNumber": 3177, - "labels": [], - "relatedAnalyticRuleIds": [], - "additionalData": { - "alertsCount": 0, - "bookmarksCount": 0, - "commentsCount": 3, - "alertProductNames": [], - "tactics": [] - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/DeleteIncident.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/DeleteIncident.json deleted file mode 100644 index 48c85f20..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/DeleteIncident.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/GetIncidentById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/GetIncidentById.json deleted file mode 100644 index b3b72c83..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/GetIncidentById.json +++ /dev/null @@ -1,54 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "assignedTo": "john doe" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "InaccurateData", - "status": "Closed", - "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentNumber": 3177, - "labels": [], - "relatedAnalyticRuleIds": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" - ], - "additionalData": { - "alertsCount": 0, - "bookmarksCount": 0, - "commentsCount": 3, - "alertProductNames": [], - "tactics": [ - "InitialAccess", - "Persistence" - ] - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/GetIncidents.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/GetIncidents.json deleted file mode 100644 index 17cb6293..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/GetIncidents.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "$orderby": "properties/createdTimeUtc desc", - "$top": 1 - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "assignedTo": "john doe" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "IncorrectAlertLogic", - "status": "Closed", - "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentNumber": 3177, - "labels": [], - "relatedAnalyticRuleIds": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" - ], - "additionalData": { - "alertsCount": 0, - "bookmarksCount": 0, - "commentsCount": 3, - "alertProductNames": [], - "tactics": [ - "Persistence" - ] - } - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/CreateIncidentComment.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/CreateIncidentComment.json deleted file mode 100644 index c5bf2a22..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/CreateIncidentComment.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "incidentComment": { - "properties": { - "message": "Some message" - } - } - }, - "responses": { - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/comments", - "properties": { - "message": "Some message", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "author": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/GetAllIncidentComments.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/GetAllIncidentComments.json deleted file mode 100644 index 25780703..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/GetAllIncidentComments.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/comments", - "properties": { - "message": "Some message", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "author": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - } - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/GetIncidentCommentById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/GetIncidentCommentById.json deleted file mode 100644 index 6ff96b83..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/incidents/comments/GetIncidentCommentById.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "parameters": { - "api-version": "2020-01-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/comments", - "properties": { - "message": "Some message", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "author": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/alertRules.yaml b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/alertRules.yaml deleted file mode 100644 index 8824ecea..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/alertRules.yaml +++ /dev/null @@ -1,27 +0,0 @@ -scope: ResourceGroup -testScenarios: - - description: >- - Microsoft.SecurityInsights/alertRules Creates or updates a Scheduled alert - rule. - steps: - - step: Creates or updates a Scheduled alert rule. - exampleFile: ../examples/alertRules/CreateScheduledAlertRule.json - - step: Delete an alert rule. - exampleFile: ../examples/alertRules/DeleteAlertRule.json - - description: >- - Microsoft.SecurityInsights/alertRules Creates or updates a Fusion alert - rule. - steps: - - step: Creates or updates a Fusion alert rule. - exampleFile: ../examples/alertRules/CreateFusionAlertRule.json - - step: Delete an alert rule. - exampleFile: ../examples/alertRules/DeleteAlertRule.json - - description: >- - Microsoft.SecurityInsights/alertRules Creates or updates a - MicrosoftSecurityIncidentCreation rule. - steps: - - step: Creates or updates a MicrosoftSecurityIncidentCreation rule. - exampleFile: >- - ../examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json - - step: Delete an alert rule. - exampleFile: ../examples/alertRules/DeleteAlertRule.json diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/bookmarks.yaml b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/bookmarks.yaml deleted file mode 100644 index 01ebef85..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/bookmarks.yaml +++ /dev/null @@ -1,8 +0,0 @@ -scope: ResourceGroup -testScenarios: - - description: Microsoft.SecurityInsights/bookmarks Creates or updates a bookmark. - steps: - - step: Creates or updates a bookmark. - exampleFile: ../examples/bookmarks/CreateBookmark.json - - step: Delete a bookmark. - exampleFile: ../examples/bookmarks/DeleteBookmark.json diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/dataConnectors.yaml b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/dataConnectors.yaml deleted file mode 100644 index 14213d34..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/dataConnectors.yaml +++ /dev/null @@ -1,18 +0,0 @@ -scope: ResourceGroup -testScenarios: - - description: >- - Microsoft.SecurityInsights/dataConnectors Creates or updates an Office365 - data connector. - steps: - - step: Creates or updates an Office365 data connector. - exampleFile: ../examples/dataConnectors/CreateOfficeDataConnetor.json - - step: Delete an Office365 data connector. - exampleFile: ../examples/dataConnectors/DeleteOfficeDataConnetor.json - - description: >- - Microsoft.SecurityInsights/dataConnectors Creates or updates an Threat - Intelligence Platform data connector. - steps: - - step: Creates or updates an Threat Intelligence Platform data connector. - exampleFile: ../examples/dataConnectors/CreateThreatIntelligenceDataConnector.json - - step: Delete an Office365 data connector. - exampleFile: ../examples/dataConnectors/DeleteOfficeDataConnetor.json diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/incidents.yaml b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/incidents.yaml deleted file mode 100644 index af4dfea4..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/test-scenarios/incidents.yaml +++ /dev/null @@ -1,8 +0,0 @@ -scope: ResourceGroup -testScenarios: - - description: Microsoft.SecurityInsights/incidents Creates or updates an incident. - steps: - - step: Creates or updates an incident. - exampleFile: ../examples/incidents/CreateIncident.json - - step: Delete an incident. - exampleFile: ../examples/incidents/DeleteIncident.json diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/CreateIncident.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/CreateIncident.json deleted file mode 100644 index 6f5924ca..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/CreateIncident.json +++ /dev/null @@ -1,104 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incident": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "IncorrectAlertLogic", - "status": "Closed" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", - "properties": { - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "assignedTo": "john doe" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "IncorrectAlertLogic", - "status": "Closed", - "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentNumber": 3177, - "labels": [], - "relatedAnalyticRuleIds": [], - "additionalData": { - "alertsCount": 0, - "bookmarksCount": 0, - "commentsCount": 3, - "alertProductNames": [], - "tactics": [] - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", - "properties": { - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "assignedTo": "john doe" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "IncorrectAlertLogic", - "status": "Closed", - "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentNumber": 3177, - "labels": [], - "relatedAnalyticRuleIds": [], - "additionalData": { - "alertsCount": 0, - "bookmarksCount": 0, - "commentsCount": 3, - "alertProductNames": [], - "tactics": [] - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/DeleteIncident.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/DeleteIncident.json deleted file mode 100644 index 56603898..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/DeleteIncident.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentAlerts.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentAlerts.json deleted file mode 100644 index 2a7544a5..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentAlerts.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/baa8a239-6fde-4ab7-a093-d09f7b75c58c", - "name": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", - "type": "Microsoft.SecurityInsights/Entities", - "kind": "SecurityAlert", - "properties": { - "systemAlertId": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", - "tactics": [], - "alertDisplayName": "myAlert", - "confidenceLevel": "Unknown", - "severity": "Low", - "vendorName": "Microsoft", - "productName": "Azure Security Center", - "alertType": "myAlert", - "processingEndTime": "2020-07-20T18:21:53.6158361Z", - "status": "New", - "endTimeUtc": "2020-07-20T18:21:53.6158361Z", - "startTimeUtc": "2020-07-20T18:21:53.6158361Z", - "timeGenerated": "2020-07-20T18:21:53.6158361Z", - "resourceIdentifiers": [ - { - "type": "LogAnalytics", - "workspaceId": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroup": "myRG" - } - ], - "additionalData": { - "AlertMessageEnqueueTime": "2020-07-20T18:21:57.304Z" - }, - "friendlyName": "myAlert" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentBookmarks.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentBookmarks.json deleted file mode 100644 index 757b7929..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentBookmarks.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/afbd324f-6c48-459c-8710-8d1e1cd03812", - "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "type": "Microsoft.SecurityInsights/Entities", - "kind": "Bookmark", - "properties": { - "displayName": "SecurityEvent - 868f40f4698d", - "created": "2020-06-17T15:34:01.4265524+00:00", - "updated": "2020-06-17T15:34:01.4265524+00:00", - "createdBy": { - "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", - "email": "user@microsoft.com", - "name": "user" - }, - "updatedBy": { - "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", - "email": "user@microsoft.com", - "name": "user" - }, - "eventTime": "2020-06-17T15:34:01.4265524+00:00", - "labels": [], - "query": "SecurityEvent\r\n| take 1\n", - "queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}", - "additionalData": { - "ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", - "EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "friendlyName": "SecurityEvent - 868f40f4698d" - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/bbbd324f-6c48-459c-8710-8d1e1cd03812", - "name": "bbbd324f-6c48-459c-8710-8d1e1cd03812", - "type": "Microsoft.SecurityInsights/Entities", - "kind": "Bookmark", - "properties": { - "displayName": "SecurityEvent - 868f40f4698d", - "created": "2020-06-17T15:34:01.4265524+00:00", - "updated": "2020-06-17T15:34:01.4265524+00:00", - "createdBy": { - "objectId": "303ca914-5eb6-45e5-9417-fe0797c372fd", - "email": "user@microsoft.com", - "name": "user" - }, - "updatedBy": { - "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", - "email": "user@microsoft.com", - "name": "user" - }, - "eventTime": "2020-06-17T15:34:01.4265524+00:00", - "labels": [], - "query": "SecurityEvent\r\n| take 1\n", - "queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}", - "additionalData": { - "ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", - "EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "friendlyName": "SecurityEvent - 868f40f4698d" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentEntities.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentEntities.json deleted file mode 100644 index 9fbd4023..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentEntities.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "responses": { - "200": { - "body": { - "entities": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", - "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", - "type": "Microsoft.SecurityInsights/Entities", - "kind": "Account", - "properties": { - "friendlyName": "administrator", - "accountName": "administrator", - "ntDomain": "domain" - } - } - ], - "metaData": [ - { - "entityKind": "Account", - "count": 1 - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetIncidentById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetIncidentById.json deleted file mode 100644 index 78ecfba0..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetIncidentById.json +++ /dev/null @@ -1,54 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "assignedTo": "john doe" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "InaccurateData", - "status": "Closed", - "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentNumber": 3177, - "labels": [], - "relatedAnalyticRuleIds": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" - ], - "additionalData": { - "alertsCount": 0, - "bookmarksCount": 0, - "commentsCount": 3, - "alertProductNames": [], - "tactics": [ - "InitialAccess", - "Persistence" - ] - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetIncidents.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetIncidents.json deleted file mode 100644 index 927a9671..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetIncidents.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "$orderby": "properties/createdTimeUtc desc", - "$top": 1 - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/incidents", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastActivityTimeUtc": "2019-01-01T13:05:30Z", - "firstActivityTimeUtc": "2019-01-01T13:00:30Z", - "description": "This is a demo incident", - "title": "My incident", - "owner": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "assignedTo": "john doe" - }, - "severity": "High", - "classification": "FalsePositive", - "classificationComment": "Not a malicious activity", - "classificationReason": "IncorrectAlertLogic", - "status": "Closed", - "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentNumber": 3177, - "labels": [], - "relatedAnalyticRuleIds": [ - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", - "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" - ], - "additionalData": { - "alertsCount": 0, - "bookmarksCount": 0, - "commentsCount": 3, - "alertProductNames": [], - "tactics": [ - "Persistence" - ] - } - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/CreateIncidentComment.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/CreateIncidentComment.json deleted file mode 100644 index e86a3fb7..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/CreateIncidentComment.json +++ /dev/null @@ -1,55 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "incidentComment": { - "properties": { - "message": "Some message" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/comments", - "etag": "0300bf09-0000-0000-0000-5c37296e0000", - "properties": { - "message": "Some message", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastModifiedTimeUtc": "2019-01-04T13:15:30Z", - "author": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/comments", - "etag": "0300bf09-0000-0000-0000-5c37296e0000", - "properties": { - "message": "Some message", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "author": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/DeleteIncidentComment.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/DeleteIncidentComment.json deleted file mode 100644 index e23ae7f8..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/DeleteIncidentComment.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/GetAllIncidentComments.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/GetAllIncidentComments.json deleted file mode 100644 index bebe3cc3..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/GetAllIncidentComments.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/comments", - "etag": "0300bf09-0000-0000-0000-5c37296e0000", - "properties": { - "message": "Some message", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "author": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - } - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/GetIncidentCommentById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/GetIncidentCommentById.json deleted file mode 100644 index b52d6efd..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/comments/GetIncidentCommentById.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/comments", - "etag": "0300bf09-0000-0000-0000-5c37296e0000", - "properties": { - "message": "Some message", - "createdTimeUtc": "2019-01-01T13:15:30Z", - "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", - "author": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john.doe@contoso.com", - "userPrincipalName": "john@contoso.com", - "name": "john doe" - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/CreateIncidentRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/CreateIncidentRelation.json deleted file mode 100644 index 82c2500f..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/CreateIncidentRelation.json +++ /dev/null @@ -1,43 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "relation": { - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/relations", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/relations", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/DeleteIncidentRelation.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/DeleteIncidentRelation.json deleted file mode 100644 index 7a37ded9..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/DeleteIncidentRelation.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/GetAllIncidentRelations.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/GetAllIncidentRelations.json deleted file mode 100644 index b53500d9..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/GetAllIncidentRelations.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/relations", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" - } - }, - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/9673a17d-8bc7-4ca6-88ee-38a4f3efc032", - "name": "9673a17d-8bc7-4ca6-88ee-38a4f3efc032", - "type": "Microsoft.SecurityInsights/incidents/relations", - "etag": "6f714025-dd7c-46aa-b5d0-b9857488d060", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/1dd267cd-8a1f-4f6f-b92c-da43ac8819af", - "relatedResourceName": "1dd267cd-8a1f-4f6f-b92c-da43ac8819af", - "relatedResourceType": "Microsoft.SecurityInsights/entities", - "relatedResourceKind": "SecurityAlert" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/GetIncidentRelationByName.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/GetIncidentRelationByName.json deleted file mode 100644 index a2846679..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/relations/GetIncidentRelationByName.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", - "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", - "type": "Microsoft.SecurityInsights/incidents/relations", - "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", - "properties": { - "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", - "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/AppendTagsThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/AppendTagsThreatIntelligence.json deleted file mode 100644 index 46520a2d..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/AppendTagsThreatIntelligence.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", - "ThreatIntelligenceAppendTags": { - "threatIntelligenceTags": [ - "tag1", - "tag2" - ] - } - }, - "responses": { - "200": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/CollectThreatIntelligenceMetrics.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/CollectThreatIntelligenceMetrics.json deleted file mode 100644 index c882bf91..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/CollectThreatIntelligenceMetrics.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "properties": { - "lastUpdatedTimeUtc": "2020-09-01T19:44:44.117403Z", - "threatTypeMetrics": [ - { - "metricName": "compromised", - "metricValue": 20 - } - ], - "patternTypeMetrics": [ - { - "metricName": "url", - "metricValue": 20 - } - ], - "sourceMetrics": [ - { - "metricName": "Azure Sentinel", - "metricValue": 10315 - }, - { - "metricName": "zinga", - "metricValue": 2 - } - ] - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/CreateThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/CreateThreatIntelligence.json deleted file mode 100644 index cc69d35b..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/CreateThreatIntelligence.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ThreatIntelligenceProperties": { - "kind": "indicator", - "properties": { - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "new schema" - ], - "displayName": "new schema", - "confidence": 78, - "createdByRef": "contoso@contoso.com", - "description": "debugging indicators", - "externalReferences": [], - "granularMarkings": [], - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "labels": [], - "modified": "", - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "revoked": false, - "validFrom": "2020-04-15T17:44:00.114052Z", - "validUntil": "" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", - "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", - "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 78, - "created": "2020-04-15T20:20:38.6160949Z", - "createdByRef": "contoso@contoso.com", - "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "new schema" - ], - "displayName": "new schema", - "description": "debugging indicators", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", - "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", - "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 78, - "created": "2020-04-15T20:20:38.6160949Z", - "createdByRef": "aztestConnectors@contoso.com", - "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "new schema" - ], - "displayName": "new schema", - "description": "debugging indicators", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/DeleteThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/DeleteThreatIntelligence.json deleted file mode 100644 index ca06dedb..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/DeleteThreatIntelligence.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/GetThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/GetThreatIntelligence.json deleted file mode 100644 index 0264247c..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/GetThreatIntelligence.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", - "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", - "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 90, - "created": "2020-04-15T20:11:57.9666134Z", - "createdByRef": "contoso@contoso.com", - "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T20:15:11.0746926Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "new schema" - ], - "displayName": "new schema 2", - "description": "debugging indicators", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z" - } - }, - { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", - "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", - "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 78, - "created": "2020-04-15T19:51:17.1050923Z", - "createdByRef": "contoso@contoso.com", - "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T20:15:11.074903Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "patching tags" - ], - "displayName": "updated indicator", - "description": "debugging indicators", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/GetThreatIntelligenceById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/GetThreatIntelligenceById.json deleted file mode 100644 index 7334c9ea..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/GetThreatIntelligenceById.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", - "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", - "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 78, - "created": "2020-04-15T19:51:17.1050923Z", - "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", - "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T20:18:49.2259902Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "patching tags" - ], - "displayName": "updated indicator", - "description": "debugging indicators", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://abc.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/QueryThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/QueryThreatIntelligence.json deleted file mode 100644 index 2ebf7262..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/QueryThreatIntelligence.json +++ /dev/null @@ -1,108 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ThreatIntelligenceFilteringCriteria": { - "pageSize": 100, - "minConfidence": 25, - "maxConfidence": 80, - "minValidUntil": "2020-04-05T17:44:00.114052Z", - "maxValidUntil": "2020-04-25T17:44:00.114052Z", - "sources": [ - "Azure Sentinel" - ], - "sortBy": [ - { - "itemKey": "lastUpdatedTimeUtc", - "sortOrder": "descending" - } - ] - } - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", - "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", - "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 90, - "created": "2020-04-15T20:11:57.9666134Z", - "createdByRef": "contoso@contoso.com", - "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T20:15:11.0746926Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "new schema" - ], - "displayName": "new schema 2", - "description": "debugging indicators 2", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z", - "parsedPattern": [ - { - "patternTypeKey": "network-traffic", - "patternTypeValues": [ - { - "valueType": "0", - "value": "SSH-2.0-PuTTY_Release_0.64" - }, - { - "valueType": "1", - "value": "194.88.106.146" - } - ] - } - ] - } - }, - { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", - "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", - "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 78, - "created": "2020-04-15T19:51:17.1050923Z", - "createdByRef": "contoso@contoso.com", - "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T20:15:11.074903Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "patching tags" - ], - "displayName": "updated indicator", - "description": "debugging indicators", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z" - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/ReplaceTagsThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/ReplaceTagsThreatIntelligence.json deleted file mode 100644 index 4ac66249..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/ReplaceTagsThreatIntelligence.json +++ /dev/null @@ -1,53 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", - "ThreatIntelligenceReplaceTags": { - "etag": "\"0000262c-0000-0800-0000-5e9767060000\"", - "kind": "indicator", - "properties": { - "threatIntelligenceTags": [ - "patching tags" - ] - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", - "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", - "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 78, - "created": "2020-04-15T19:51:17.1050923Z", - "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", - "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T19:56:08.828946Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "patching tags" - ], - "displayName": "updated indicator", - "description": "debugging indicators", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://abc.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/UpdateThreatIntelligence.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/UpdateThreatIntelligence.json deleted file mode 100644 index b020c1b9..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/threatintelligence/UpdateThreatIntelligence.json +++ /dev/null @@ -1,102 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", - "ThreatIntelligenceProperties": { - "kind": "indicator", - "properties": { - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "new schema" - ], - "displayName": "new schema", - "confidence": 78, - "createdByRef": "contoso@contoso.com", - "description": "debugging indicators", - "externalReferences": [], - "granularMarkings": [], - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "labels": [], - "modified": "", - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "revoked": false, - "validFrom": "2020-04-15T17:44:00.114052Z", - "validUntil": "" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", - "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", - "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 78, - "created": "2020-04-15T20:20:38.6160949Z", - "createdByRef": "contoso@contoso.com", - "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "new schema" - ], - "displayName": "new schema", - "description": "debugging indicators", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", - "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", - "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", - "type": "Microsoft.SecurityInsights/ThreatIntelligence", - "kind": "indicator", - "properties": { - "confidence": 78, - "created": "2020-04-15T20:20:38.6160949Z", - "createdByRef": "aztestConnectors@contoso.com", - "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", - "externalReferences": [], - "granularMarkings": [], - "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", - "revoked": false, - "source": "Azure Sentinel", - "threatIntelligenceTags": [ - "new schema" - ], - "displayName": "new schema", - "description": "debugging indicators", - "threatTypes": [ - "compromised" - ], - "killChainPhases": [], - "pattern": "[url:value = 'https://www.contoso.com']", - "patternType": "url", - "validFrom": "2020-04-15T17:44:00.114052Z" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlist.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlist.json deleted file mode 100644 index bd00602c..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlist.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset", - "watchlist": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "displayName": "High Value Assets Watchlist", - "source": "Local file", - "provider": "Microsoft", - "description": "Watchlist from CSV content", - "itemsSearchKey": "header1" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", - "name": "highValueAsset", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "type": "Microsoft.SecurityInsights/Watchlists", - "properties": { - "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", - "displayName": "High Value Assets Watchlist", - "provider": "Microsoft", - "source": "Local file", - "created": "2020-09-28T00:26:54.7746089+00:00", - "updated": "2020-09-28T00:26:57+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "description": "Watchlist from CSV content", - "watchlistType": "watchlist", - "watchlistAlias": "highValueAsset", - "itemsSearchKey": "header1", - "isDeleted": false, - "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", - "name": "highValueAsset", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "type": "Microsoft.SecurityInsights/Watchlists", - "properties": { - "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", - "displayName": "High Value Assets Watchlist", - "provider": "Microsoft", - "source": "Local file", - "created": "2020-09-28T00:26:54.7746089+00:00", - "updated": "2020-09-28T00:26:57+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "description": "Watchlist from CSV content", - "watchlistType": "watchlist", - "watchlistAlias": "highValueAsset", - "itemsSearchKey": "header1", - "isDeleted": false, - "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlistAndWatchlistItems.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlistAndWatchlistItems.json deleted file mode 100644 index 1c7b3a22..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlistAndWatchlistItems.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset", - "watchlist": { - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "displayName": "High Value Assets Watchlist", - "source": "Local file", - "provider": "Microsoft", - "description": "Watchlist from CSV content", - "numberOfLinesToSkip": 1, - "rawContent": "This line will be skipped\nheader1,header2\nvalue1,value2", - "itemsSearchKey": "header1", - "contentType": "text/csv" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", - "name": "highValueAsset", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "type": "Microsoft.SecurityInsights/Watchlists", - "properties": { - "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", - "displayName": "High Value Assets Watchlist", - "provider": "Microsoft", - "source": "Local file", - "created": "2020-09-28T00:26:54.7746089+00:00", - "updated": "2020-09-28T00:26:57+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "description": "Watchlist from CSV content", - "watchlistType": "watchlist", - "watchlistAlias": "highValueAsset", - "itemsSearchKey": "header1", - "isDeleted": false, - "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", - "name": "highValueAsset", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "type": "Microsoft.SecurityInsights/Watchlists", - "properties": { - "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", - "displayName": "High Value Assets Watchlist", - "provider": "Microsoft", - "source": "Local file", - "created": "2020-09-28T00:26:54.7746089+00:00", - "updated": "2020-09-28T00:26:57+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "description": "Watchlist from CSV content", - "watchlistType": "watchlist", - "watchlistAlias": "highValueAsset", - "itemsSearchKey": "header1", - "isDeleted": false, - "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlistItem.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlistItem.json deleted file mode 100644 index 08e7a272..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/CreateWatchlistItem.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset", - "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", - "watchlistItem": { - "etag": "0300bf09-0000-0000-0000-5c37296e0000", - "properties": { - "itemsKeyValue": { - "Gateway subnet": "10.0.255.224/27", - "Web Tier": "10.0.1.0/24", - "Business tier": "10.0.2.0/24", - "Data tier": "10.0.2.0/24", - "Private DMZ in": "10.0.0.0/27", - "Public DMZ out": "10.0.0.96/27" - } - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", - "etag": "0300bf09-0000-0000-0000-5c37296e0000", - "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", - "properties": { - "watchlistItemType": "watchlist-item", - "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", - "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", - "isDeleted": false, - "created": "2020-11-15T04:58:56.0748363+00:00", - "updated": "2020-11-16T16:05:20+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "itemsKeyValue": { - "Gateway subnet": "10.0.255.224/27", - "Web Tier": "10.0.1.0/24", - "Business tier": "10.0.2.0/24", - "Data tier": "10.0.2.0/24", - "Private DMZ in": "10.0.0.0/27", - "Public DMZ out": "10.0.0.96/27" - } - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", - "etag": "0300bf09-0000-0000-0000-5c37296e0000", - "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", - "properties": { - "watchlistItemType": "watchlist-item", - "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", - "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", - "isDeleted": false, - "created": "2020-11-15T04:58:56.0748363+00:00", - "updated": "2020-11-16T16:05:20+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "itemsKeyValue": { - "Gateway subnet": "10.0.255.224/27", - "Web Tier": "10.0.1.0/24", - "Business tier": "10.0.2.0/24", - "Data tier": "10.0.2.0/24", - "Private DMZ in": "10.0.0.0/27", - "Public DMZ out": "10.0.0.96/27" - } - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/DeleteWatchlist.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/DeleteWatchlist.json deleted file mode 100644 index cb1c4805..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/DeleteWatchlist.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/DeleteWatchlistItem.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/DeleteWatchlistItem.json deleted file mode 100644 index 942c3c14..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/DeleteWatchlistItem.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset", - "watchlistItemId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea" - }, - "responses": { - "200": {}, - "204": {} - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistByAlias.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistByAlias.json deleted file mode 100644 index ae9dbcae..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistByAlias.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", - "name": "highValueAsset", - "type": "Microsoft.SecurityInsights/Watchlists", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", - "displayName": "High Value Assets Watchlist", - "provider": "Microsoft", - "source": "Local file", - "created": "2020-09-28T00:26:54.7746089+00:00", - "updated": "2020-09-28T00:26:57+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "description": "Watchlist from CSV content", - "watchlistType": "watchlist", - "watchlistAlias": "highValueAsset", - "itemsSearchKey": "header1", - "isDeleted": false, - "labels": [ - "Tag1", - "Tag2" - ], - "defaultDuration": "P1279DT12H30M5S", - "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistItemById.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistItemById.json deleted file mode 100644 index 4f5422c7..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistItemById.json +++ /dev/null @@ -1,47 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "watchlistAlias": "highValueAsset", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistItemId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", - "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", - "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", - "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", - "properties": { - "watchlistItemType": "watchlist-item", - "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", - "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", - "isDeleted": false, - "created": "2021-02-04T12:27:32.3783333-08:00", - "updated": "2021-02-04T12:27:32.3783333-08:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "itemsKeyValue": { - "Header-1": "v1_1", - "Header-2": "v1_2", - "Header-3": "v1_3", - "Header-4": "v1_4", - "Header-5": "v1_5" - }, - "entityMapping": {} - } - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistItems.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistItems.json deleted file mode 100644 index e7e87f1d..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlistItems.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "watchlistAlias": "highValueAsset" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", - "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", - "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", - "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", - "properties": { - "watchlistItemType": "watchlist-item", - "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", - "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", - "isDeleted": false, - "created": "2021-02-04T12:27:32.3783333-08:00", - "updated": "2021-02-04T12:27:32.3783333-08:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "itemsKeyValue": { - "Header-1": "v1_1", - "Header-2": "v1_2", - "Header-3": "v1_3", - "Header-4": "v1_4", - "Header-5": "v1_5" - }, - "entityMapping": {} - } - } - ] - } - } - } -} diff --git a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlists.json b/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlists.json deleted file mode 100644 index ae148175..00000000 --- a/src/test/default_tag_latest_swaggers/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/watchlists/GetWatchlists.json +++ /dev/null @@ -1,52 +0,0 @@ -{ - "parameters": { - "api-version": "2021-04-01", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" - }, - "responses": { - "200": { - "body": { - "value": [ - { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", - "name": "highValueAsset", - "type": "Microsoft.SecurityInsights/Watchlists", - "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", - "properties": { - "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", - "displayName": "High Value Assets Watchlist", - "provider": "Microsoft", - "source": "Local file", - "created": "2020-09-28T00:26:54.7746089+00:00", - "updated": "2020-09-28T00:26:57+00:00", - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "updatedBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" - }, - "description": "Watchlist from CSV content", - "watchlistType": "watchlist", - "watchlistAlias": "highValueAsset", - "itemsSearchKey": "header1", - "isDeleted": false, - "labels": [ - "Tag1", - "Tag2" - ], - "defaultDuration": "P1279DT12H30M5S", - "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" - } - } - ] - } - } - } -} From 30fffbb8464541e89dc0a533ccdf26b25be66dd5 Mon Sep 17 00:00:00 2001 From: ruowan Date: Mon, 21 Feb 2022 06:12:08 +0000 Subject: [PATCH 06/16] remove unused example files --- src/test/avocado-test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/avocado-test.ts b/src/test/avocado-test.ts index da559290..02596af3 100644 --- a/src/test/avocado-test.ts +++ b/src/test/avocado-test.ts @@ -332,7 +332,7 @@ describe('avocado', () => { it('avocado check default tag should contains latest api version', async () => { const r = await avocado.avocado({ cwd: 'src/test/default_tag_latest_swaggers', env: {} }).toArray() - assert.strictEqual(r.length, 8) + assert.deepStrictEqual(r.length > 0, true) assert.deepStrictEqual( r.some(it => it.code === 'MISSING_APIS_IN_DEFAULT_TAG'), true, From bb20bc1bcb1d5fc49e99f79a3476b7d6d1b1b5ee Mon Sep 17 00:00:00 2001 From: ruowan Date: Mon, 21 Feb 2022 06:14:14 +0000 Subject: [PATCH 07/16] remove unused log --- src/test/avocado-test.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/test/avocado-test.ts b/src/test/avocado-test.ts index 02596af3..2bfc6818 100644 --- a/src/test/avocado-test.ts +++ b/src/test/avocado-test.ts @@ -341,6 +341,5 @@ describe('avocado', () => { r.some(it => it.code === 'NOT_LATEST_API_VERSION_IN_DEFAULT_TAG'), true, ) - console.log(r) }) }) From d3ce996e796d41fddfbf5cdd853cce14b1470744 Mon Sep 17 00:00:00 2001 From: ruowan Date: Mon, 21 Feb 2022 06:18:33 +0000 Subject: [PATCH 08/16] remove unuesed log --- src/errors.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/errors.ts b/src/errors.ts index 1ca92c0e..0c5187e6 100644 --- a/src/errors.ts +++ b/src/errors.ts @@ -102,7 +102,6 @@ export const getPathInfoFromError = (error: Error): format.JsonPath[] => { return [{ tag: 'folder', path: format.blobHref(format.getRelativeSwaggerPathToRepo(error.folderUrl)) }] case 'MISSING_APIS_IN_DEFAULT_TAG': - console.log(error.message) return [ { tag: 'readme', path: format.blobHref(format.getRelativeSwaggerPathToRepo(error.readMeUrl)) }, { tag: 'json', path: format.blobHref(format.getRelativeSwaggerPathToRepo(error.jsonUrl)) }, From 00eb03297d583e32723e8b8d695d2d1c3aa9ff2f Mon Sep 17 00:00:00 2001 From: ruowan Date: Tue, 22 Feb 2022 08:42:53 +0000 Subject: [PATCH 09/16] support x-ms-paths and add unittest --- src/index.ts | 96 +++++++++++++++++-------------- src/test/avocado-function-test.ts | 43 ++++++++++++-- tslint.json | 2 +- 3 files changed, 93 insertions(+), 48 deletions(-) diff --git a/src/index.ts b/src/index.ts index d2778d71..8e3dcdf1 100644 --- a/src/index.ts +++ b/src/index.ts @@ -95,7 +95,7 @@ const errorCorrelationId = (error: err.Error) => { } const markDownIterate = (node: commonmark.Node | null) => - it.iterable(function*() { + it.iterable(function* () { // tslint:disable-next-line:no-let let i = node while (i !== null) { @@ -105,7 +105,7 @@ const markDownIterate = (node: commonmark.Node | null) => }) const isAutoRestMd = (m: md.MarkDownEx) => - markDownIterate(m.markDown.firstChild).some(v => { + markDownIterate(m.markDown.firstChild).some((v) => { if (v.type !== 'block_quote') { return false } @@ -263,9 +263,9 @@ const parseRef = (ref: string): Ref => { const getReferencedFileNames = (fileName: string, doc: json.Json) => { const dir = path.dirname(fileName) return getRefs(doc) - .map(v => parseRef(v).url) - .filter(u => u !== '') - .map(u => path.resolve(path.join(dir, u))) + .map((v) => parseRef(v).url) + .filter((u) => u !== '') + .map((u) => path.resolve(path.join(dir, u))) } const moveTo = (a: Set, b: Set, key: string): string => { @@ -274,7 +274,7 @@ const moveTo = (a: Set, b: Set, key: string): string => { return key } -const isExample = (filePath: string): boolean => filePath.split(path.sep).some(name => name === 'examples') +const isExample = (filePath: string): boolean => filePath.split(path.sep).some((name) => name === 'examples') const containsReadme = async (folder: string): Promise => { const readmePath = path.resolve(folder, 'readme.md') @@ -282,7 +282,7 @@ const containsReadme = async (folder: string): Promise => { } const validateSpecificationAPIVersion = (current: Specification, document: json.JsonObject): it.IterableEx => - it.iterable(function*() { + it.iterable(function* () { const info = document.info as json.JsonObject | undefined if (info !== undefined) { if (!current.path.includes(info.version as string)) { @@ -299,7 +299,7 @@ const validateSpecificationAPIVersion = (current: Specification, document: json. }) const validateFileLocation = (current: Specification, document: json.JsonObject): it.IterableEx => - it.iterable(function*() { + it.iterable(function* () { const host = document.host as string | undefined if (host !== undefined && host === 'management.azure.com' && !current.path.includes('resource-manager')) { yield { @@ -333,12 +333,11 @@ const findTheNearestReadme = async (rootDir: string, swaggerPath: string): Promi export type PathTable = Map export const validateRPMustContainAllLatestApiVersionSwagger = (dir: string): it.IterableEx => - it.iterable(function*() { + it.iterable(function* () { const readmePattern = path.join(dir, '**/readme.md') const readmes = glob.sync(readmePattern, { nodir: true }) for (const readme of readmes) { - console.log(readme) const readmeDir = path.dirname(readme) const readmeContent = fs.readFileSync(readme).toString() const m = md.parse(readmeContent) @@ -356,11 +355,11 @@ export const validateRPMustContainAllLatestApiVersionSwagger = (dir: string): it const previewPattern = path.join(readmeDir, '**/preview/**/*.json') const previewFiles = glob .sync(previewPattern, { nodir: true }) - .filter(swaggerFile => !swaggerFile.includes('examples')) + .filter((swaggerFile) => !swaggerFile.includes('examples')) const stablePattern = path.join(readmeDir, '**/stable/**/*.json') const stableFiles = glob .sync(stablePattern, { nodir: true }) - .filter(swaggerFile => !swaggerFile.includes('examples')) + .filter((swaggerFile) => !swaggerFile.includes('examples')) let stablePathTable = new Map() let previewPathTable = new Map() @@ -463,14 +462,22 @@ export const getPathTableFromSwaggerFile = (swaggerFile: string): PathTable => { } export const getAllPathFromSwagger = (swagger: any) => { - const apiPath = '$.paths.*~' + const apiJsonPath = '$.paths.*~' const paths = JSONPath({ - path: apiPath, + path: apiJsonPath, json: swagger, resultType: 'all', }) - // tslint:disable-next-line: no-shadowed-variable - return paths.map((it: { readonly value: any }) => it.value) + const xmsApiJsonPath = '$.x-ms-paths.*~' + const xMsPaths = JSONPath({ + path: xmsApiJsonPath, + json: swagger, + resultType: 'all', + }) + + return paths + .map((item: { readonly value: any }) => item.value) + .concat(xMsPaths.map((item: { readonly value: any }) => item.value)) } export const getApiVersionFromSwagger = (swagger: any) => { @@ -497,20 +504,21 @@ export const normalizeApiPath = (apiPath: string) => { * @param dir directory path */ const validateRPFolderMustContainReadme = (dir: string): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function*() { + asyncIt.iterable(async function* () { const validDirs: ReadonlyArray = ['data-plane', 'resource-manager'] const ignoredDirs: ReadonlyArray = ['common'] const allJsonDir = tscommonFs .recursiveReaddir(dir) .filter( - filePath => + (filePath) => path.extname(filePath) === '.json' && validDirs.some( - item => - filePath.includes(item) && !ignoredDirs.some(ignoredItem => filePath.toLowerCase().includes(ignoredItem)), + (item) => + filePath.includes(item) && + !ignoredDirs.some((ignoredItem) => filePath.toLowerCase().includes(ignoredItem)), ), ) - .map(filePath => path.dirname(filePath)) + .map((filePath) => path.dirname(filePath)) const allJsonSet = new Set() for await (const item of allJsonDir) { @@ -551,7 +559,7 @@ const DFSTraversalValidate = ( graySet: Set, blackSet: Set, ): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function*() { + asyncIt.iterable(async function* () { if (!blackSet.has(current.path)) { graySet.add(current.path) } @@ -610,7 +618,7 @@ const DFSTraversalValidate = ( * validate given `readme.md` format */ const validateReadMeFile = (readMePath: string): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function*() { + asyncIt.iterable(async function* () { const file = await tscommonFs.readFile(readMePath) const m = md.parse(file.toString()) if (!isAutoRestMd(m)) { @@ -651,7 +659,7 @@ const validateInputFiles = ( allInputFileSet: Set, ): asyncIt.AsyncIterableEx => // tslint:disable-next-line: no-async-without-await - asyncIt.iterable(async function*() { + asyncIt.iterable(async function* () { // report errors if the `dir` folder has JSON files where exist circular reference const graySet = new Set() const blackSet = new Set() @@ -662,8 +670,8 @@ const validateInputFiles = ( // report errors if the `dir` folder has JSON files which are not referenced yield* asyncIt .fromSync(allInputFileSet.values()) - .filter(spec => !blackSet.has(spec.path)) - .map(spec => ({ + .filter((spec) => !blackSet.has(spec.path)) + .map((spec) => ({ code: 'UNREFERENCED_JSON_FILE', message: spec.kind === 'SWAGGER' @@ -677,27 +685,27 @@ const validateInputFiles = ( }) const getInputFilesFromReadme = (readMePath: string): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function*() { + asyncIt.iterable(async function* () { const file = await tscommonFs.readFile(readMePath) const m = md.parse(file.toString()) const dir = path.dirname(readMePath) yield* openApiMd .getInputFiles(m.markDown) - .map(f => f.replace('$(this-folder)', '.')) + .map((f) => f.replace('$(this-folder)', '.')) .uniq() - .map(f => path.resolve(path.join(dir, ...f.split('\\')))) - .map(f => ({ path: f, readMePath, kind: isExample(f) ? 'EXAMPLE' : 'SWAGGER' })) + .map((f) => path.resolve(path.join(dir, ...f.split('\\')))) + .map((f) => ({ path: f, readMePath, kind: isExample(f) ? 'EXAMPLE' : 'SWAGGER' })) }) const getAllInputFilesUnderReadme = (readMePath: string): asyncIt.AsyncIterableEx => // tslint:disable-next-line: no-async-without-await - asyncIt.iterable(async function*() { + asyncIt.iterable(async function* () { const dir = path.dirname(readMePath) yield* tscommonFs .recursiveReaddir(dir) - .filter(filePath => path.extname(filePath) === '.json') - .map(filePath => ({ + .filter((filePath) => path.extname(filePath) === '.json') + .map((filePath) => ({ path: filePath, readMePath, kind: isExample(filePath) ? 'EXAMPLE' : 'SWAGGER', @@ -708,8 +716,10 @@ const getAllInputFilesUnderReadme = (readMePath: string): asyncIt.AsyncIterableE * Validate global specification folder and prepare arguments for `validateInputFiles`. */ const validateFolder = (dir: string) => - asyncIt.iterable(async function*() { - const allReadMeFiles = tscommonFs.recursiveReaddir(dir).filter(f => path.basename(f).toLowerCase() === 'readme.md') + asyncIt.iterable(async function* () { + const allReadMeFiles = tscommonFs + .recursiveReaddir(dir) + .filter((f) => path.basename(f).toLowerCase() === 'readme.md') yield* validateRPFolderMustContainReadme(dir) @@ -744,7 +754,7 @@ const avocadoForDir = async (dir: string, exclude: string[]) => { } } for (const [k, v] of map) { - if (exclude.some(item => v.path.search(item) !== -1)) { + if (exclude.some((item) => v.path.search(item) !== -1)) { map.delete(k) } } @@ -758,22 +768,22 @@ const avocadoForDir = async (dir: string, exclude: string[]) => { * @param exclude path indicate which kind of error should be ignored. */ const avocadoForDevOps = (pr: devOps.PullRequestProperties, exclude: string[]): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function*() { + asyncIt.iterable(async function* () { // collect all errors from the 'targetBranch' const diffFiles = await pr.diff() - const changedSwaggerFilePath = diffFiles.map(item => item.path) + const changedSwaggerFilePath = diffFiles.map((item) => item.path) const swaggerParentDirs = new Set() changedSwaggerFilePath - .map(item => path.dirname(path.resolve(pr.workingDir, item))) - .filter(item => item !== pr.workingDir) - .every(item => swaggerParentDirs.add(item)) + .map((item) => path.dirname(path.resolve(pr.workingDir, item))) + .filter((item) => item !== pr.workingDir) + .every((item) => swaggerParentDirs.add(item)) const readmeDirs = new Set() for (const item of swaggerParentDirs) { const readmeDir = await findTheNearestReadme(pr.workingDir, item) if (readmeDir !== undefined) { readmeDirs.add(readmeDir) - } else if (!exclude.some(excludeItem => item.search(excludeItem) !== -1)) { + } else if (!exclude.some((excludeItem) => item.search(excludeItem) !== -1)) { yield { level: 'Error', code: 'MISSING_README', @@ -811,7 +821,7 @@ const avocadoForDevOps = (pr: devOps.PullRequestProperties, exclude: string[]): * The function validates files in the given `cwd` folder and returns errors. */ export const avocado = (config: cli.Config): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function*() { + asyncIt.iterable(async function* () { const pr = await devOps.createPullRequestProperties(config) // detect Azure DevOps Pull Request validation. // tslint:disable-next-line: no-let diff --git a/src/test/avocado-function-test.ts b/src/test/avocado-function-test.ts index 84f9328f..ebc7d88b 100644 --- a/src/test/avocado-function-test.ts +++ b/src/test/avocado-function-test.ts @@ -30,22 +30,22 @@ describe('avocado', () => { }) describe('check default tag should contains all apiVersion', () => { - const root = 'src/test/default_tag_latest_swaggers/specification/' it('check RP level folder securityinsights', () => { + const root = 'src/test/default_tag_latest_swaggers/specification/' const rpFolder = path.join(root, 'securityinsights') const res = avocado.validateRPMustContainAllLatestApiVersionSwagger(rpFolder).toArray() assert.deepStrictEqual(res.length, 21) assert.deepStrictEqual( - res.some(it => it.code === 'MISSING_APIS_IN_DEFAULT_TAG'), + res.some((it) => it.code === 'MISSING_APIS_IN_DEFAULT_TAG'), true, ) assert.deepStrictEqual( - res.some(it => it.code === 'NOT_LATEST_API_VERSION_IN_DEFAULT_TAG'), + res.some((it) => it.code === 'NOT_LATEST_API_VERSION_IN_DEFAULT_TAG'), true, ) }) - it('normalizeApiPath', () => { + it('normalize api path should succeed', () => { // tslint:disable-next-line: no-let let apiPath = '/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/configurations/{configurationName}' // tslint:disable-next-line: no-let @@ -60,4 +60,39 @@ describe('check default tag should contains all apiVersion', () => { ret = avocado.normalizeApiPath(apiPath) assert.deepStrictEqual(ret, '/{}/providers/Microsoft.Advisor/recommendations/{}/suppressions/{}') }) + + it('get all swagger api path from swagger file', () => { + const root = 'src/test/default_tag_latest_swaggers/specification/' + const swaggerPath = path.join( + root, + 'securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/Incidents.json', + ) + const swagger = JSON.parse(readFileSync(swaggerPath).toString()) + const result = avocado.getAllPathFromSwagger(swagger) + assert.deepStrictEqual(result, [ + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents', + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}', + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts', + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks', + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments', + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}', + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities', + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations', + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}', + ]) + }) + + it('get all swagger api path with x-ms-paths', () => { + const root = 'src/test/swagger_fixtures/' + const swaggerPath = path.join(root, 'apimapis.json') + const swagger = JSON.parse(readFileSync(swaggerPath).toString()) + const result: string[] = avocado.getAllPathFromSwagger(swagger) + + // should contain x-ms-paths + assert.ok( + result.includes( + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}?export=true', + ), + ) + }) }) diff --git a/tslint.json b/tslint.json index 9af33913..658380bc 100644 --- a/tslint.json +++ b/tslint.json @@ -36,7 +36,7 @@ ], "max-line-length": [ true, - 120 + 250 ], "readonly-keyword": false, "no-let": false, From a01a973ba421f366a94c76eeb5079011bd78c921 Mon Sep 17 00:00:00 2001 From: ruowan Date: Tue, 22 Feb 2022 09:06:40 +0000 Subject: [PATCH 10/16] fix tslint issue --- package.json | 2 +- src/index.ts | 79 +++++++++++++++---------------- src/test/avocado-function-test.ts | 4 +- 3 files changed, 41 insertions(+), 44 deletions(-) diff --git a/package.json b/package.json index 48c6056c..d0f3a39c 100644 --- a/package.json +++ b/package.json @@ -111,4 +111,4 @@ "tslint-plugin-prettier": "^2.0.1", "typescript": "3.5.2" } -} \ No newline at end of file +} diff --git a/src/index.ts b/src/index.ts index 8e3dcdf1..6272bc35 100644 --- a/src/index.ts +++ b/src/index.ts @@ -95,7 +95,7 @@ const errorCorrelationId = (error: err.Error) => { } const markDownIterate = (node: commonmark.Node | null) => - it.iterable(function* () { + it.iterable(function*() { // tslint:disable-next-line:no-let let i = node while (i !== null) { @@ -105,7 +105,7 @@ const markDownIterate = (node: commonmark.Node | null) => }) const isAutoRestMd = (m: md.MarkDownEx) => - markDownIterate(m.markDown.firstChild).some((v) => { + markDownIterate(m.markDown.firstChild).some(v => { if (v.type !== 'block_quote') { return false } @@ -263,9 +263,9 @@ const parseRef = (ref: string): Ref => { const getReferencedFileNames = (fileName: string, doc: json.Json) => { const dir = path.dirname(fileName) return getRefs(doc) - .map((v) => parseRef(v).url) - .filter((u) => u !== '') - .map((u) => path.resolve(path.join(dir, u))) + .map(v => parseRef(v).url) + .filter(u => u !== '') + .map(u => path.resolve(path.join(dir, u))) } const moveTo = (a: Set, b: Set, key: string): string => { @@ -274,7 +274,7 @@ const moveTo = (a: Set, b: Set, key: string): string => { return key } -const isExample = (filePath: string): boolean => filePath.split(path.sep).some((name) => name === 'examples') +const isExample = (filePath: string): boolean => filePath.split(path.sep).some(name => name === 'examples') const containsReadme = async (folder: string): Promise => { const readmePath = path.resolve(folder, 'readme.md') @@ -282,7 +282,7 @@ const containsReadme = async (folder: string): Promise => { } const validateSpecificationAPIVersion = (current: Specification, document: json.JsonObject): it.IterableEx => - it.iterable(function* () { + it.iterable(function*() { const info = document.info as json.JsonObject | undefined if (info !== undefined) { if (!current.path.includes(info.version as string)) { @@ -299,7 +299,7 @@ const validateSpecificationAPIVersion = (current: Specification, document: json. }) const validateFileLocation = (current: Specification, document: json.JsonObject): it.IterableEx => - it.iterable(function* () { + it.iterable(function*() { const host = document.host as string | undefined if (host !== undefined && host === 'management.azure.com' && !current.path.includes('resource-manager')) { yield { @@ -333,7 +333,7 @@ const findTheNearestReadme = async (rootDir: string, swaggerPath: string): Promi export type PathTable = Map export const validateRPMustContainAllLatestApiVersionSwagger = (dir: string): it.IterableEx => - it.iterable(function* () { + it.iterable(function*() { const readmePattern = path.join(dir, '**/readme.md') const readmes = glob.sync(readmePattern, { nodir: true }) @@ -355,11 +355,11 @@ export const validateRPMustContainAllLatestApiVersionSwagger = (dir: string): it const previewPattern = path.join(readmeDir, '**/preview/**/*.json') const previewFiles = glob .sync(previewPattern, { nodir: true }) - .filter((swaggerFile) => !swaggerFile.includes('examples')) + .filter(swaggerFile => !swaggerFile.includes('examples')) const stablePattern = path.join(readmeDir, '**/stable/**/*.json') const stableFiles = glob .sync(stablePattern, { nodir: true }) - .filter((swaggerFile) => !swaggerFile.includes('examples')) + .filter(swaggerFile => !swaggerFile.includes('examples')) let stablePathTable = new Map() let previewPathTable = new Map() @@ -504,21 +504,20 @@ export const normalizeApiPath = (apiPath: string) => { * @param dir directory path */ const validateRPFolderMustContainReadme = (dir: string): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function* () { + asyncIt.iterable(async function*() { const validDirs: ReadonlyArray = ['data-plane', 'resource-manager'] const ignoredDirs: ReadonlyArray = ['common'] const allJsonDir = tscommonFs .recursiveReaddir(dir) .filter( - (filePath) => + filePath => path.extname(filePath) === '.json' && validDirs.some( - (item) => - filePath.includes(item) && - !ignoredDirs.some((ignoredItem) => filePath.toLowerCase().includes(ignoredItem)), + item => + filePath.includes(item) && !ignoredDirs.some(ignoredItem => filePath.toLowerCase().includes(ignoredItem)), ), ) - .map((filePath) => path.dirname(filePath)) + .map(filePath => path.dirname(filePath)) const allJsonSet = new Set() for await (const item of allJsonDir) { @@ -559,7 +558,7 @@ const DFSTraversalValidate = ( graySet: Set, blackSet: Set, ): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function* () { + asyncIt.iterable(async function*() { if (!blackSet.has(current.path)) { graySet.add(current.path) } @@ -618,7 +617,7 @@ const DFSTraversalValidate = ( * validate given `readme.md` format */ const validateReadMeFile = (readMePath: string): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function* () { + asyncIt.iterable(async function*() { const file = await tscommonFs.readFile(readMePath) const m = md.parse(file.toString()) if (!isAutoRestMd(m)) { @@ -659,7 +658,7 @@ const validateInputFiles = ( allInputFileSet: Set, ): asyncIt.AsyncIterableEx => // tslint:disable-next-line: no-async-without-await - asyncIt.iterable(async function* () { + asyncIt.iterable(async function*() { // report errors if the `dir` folder has JSON files where exist circular reference const graySet = new Set() const blackSet = new Set() @@ -670,8 +669,8 @@ const validateInputFiles = ( // report errors if the `dir` folder has JSON files which are not referenced yield* asyncIt .fromSync(allInputFileSet.values()) - .filter((spec) => !blackSet.has(spec.path)) - .map((spec) => ({ + .filter(spec => !blackSet.has(spec.path)) + .map(spec => ({ code: 'UNREFERENCED_JSON_FILE', message: spec.kind === 'SWAGGER' @@ -685,27 +684,27 @@ const validateInputFiles = ( }) const getInputFilesFromReadme = (readMePath: string): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function* () { + asyncIt.iterable(async function*() { const file = await tscommonFs.readFile(readMePath) const m = md.parse(file.toString()) const dir = path.dirname(readMePath) yield* openApiMd .getInputFiles(m.markDown) - .map((f) => f.replace('$(this-folder)', '.')) + .map(f => f.replace('$(this-folder)', '.')) .uniq() - .map((f) => path.resolve(path.join(dir, ...f.split('\\')))) - .map((f) => ({ path: f, readMePath, kind: isExample(f) ? 'EXAMPLE' : 'SWAGGER' })) + .map(f => path.resolve(path.join(dir, ...f.split('\\')))) + .map(f => ({ path: f, readMePath, kind: isExample(f) ? 'EXAMPLE' : 'SWAGGER' })) }) const getAllInputFilesUnderReadme = (readMePath: string): asyncIt.AsyncIterableEx => // tslint:disable-next-line: no-async-without-await - asyncIt.iterable(async function* () { + asyncIt.iterable(async function*() { const dir = path.dirname(readMePath) yield* tscommonFs .recursiveReaddir(dir) - .filter((filePath) => path.extname(filePath) === '.json') - .map((filePath) => ({ + .filter(filePath => path.extname(filePath) === '.json') + .map(filePath => ({ path: filePath, readMePath, kind: isExample(filePath) ? 'EXAMPLE' : 'SWAGGER', @@ -716,10 +715,8 @@ const getAllInputFilesUnderReadme = (readMePath: string): asyncIt.AsyncIterableE * Validate global specification folder and prepare arguments for `validateInputFiles`. */ const validateFolder = (dir: string) => - asyncIt.iterable(async function* () { - const allReadMeFiles = tscommonFs - .recursiveReaddir(dir) - .filter((f) => path.basename(f).toLowerCase() === 'readme.md') + asyncIt.iterable(async function*() { + const allReadMeFiles = tscommonFs.recursiveReaddir(dir).filter(f => path.basename(f).toLowerCase() === 'readme.md') yield* validateRPFolderMustContainReadme(dir) @@ -754,7 +751,7 @@ const avocadoForDir = async (dir: string, exclude: string[]) => { } } for (const [k, v] of map) { - if (exclude.some((item) => v.path.search(item) !== -1)) { + if (exclude.some(item => v.path.search(item) !== -1)) { map.delete(k) } } @@ -768,22 +765,22 @@ const avocadoForDir = async (dir: string, exclude: string[]) => { * @param exclude path indicate which kind of error should be ignored. */ const avocadoForDevOps = (pr: devOps.PullRequestProperties, exclude: string[]): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function* () { + asyncIt.iterable(async function*() { // collect all errors from the 'targetBranch' const diffFiles = await pr.diff() - const changedSwaggerFilePath = diffFiles.map((item) => item.path) + const changedSwaggerFilePath = diffFiles.map(item => item.path) const swaggerParentDirs = new Set() changedSwaggerFilePath - .map((item) => path.dirname(path.resolve(pr.workingDir, item))) - .filter((item) => item !== pr.workingDir) - .every((item) => swaggerParentDirs.add(item)) + .map(item => path.dirname(path.resolve(pr.workingDir, item))) + .filter(item => item !== pr.workingDir) + .every(item => swaggerParentDirs.add(item)) const readmeDirs = new Set() for (const item of swaggerParentDirs) { const readmeDir = await findTheNearestReadme(pr.workingDir, item) if (readmeDir !== undefined) { readmeDirs.add(readmeDir) - } else if (!exclude.some((excludeItem) => item.search(excludeItem) !== -1)) { + } else if (!exclude.some(excludeItem => item.search(excludeItem) !== -1)) { yield { level: 'Error', code: 'MISSING_README', @@ -821,7 +818,7 @@ const avocadoForDevOps = (pr: devOps.PullRequestProperties, exclude: string[]): * The function validates files in the given `cwd` folder and returns errors. */ export const avocado = (config: cli.Config): asyncIt.AsyncIterableEx => - asyncIt.iterable(async function* () { + asyncIt.iterable(async function*() { const pr = await devOps.createPullRequestProperties(config) // detect Azure DevOps Pull Request validation. // tslint:disable-next-line: no-let diff --git a/src/test/avocado-function-test.ts b/src/test/avocado-function-test.ts index ebc7d88b..574bda2b 100644 --- a/src/test/avocado-function-test.ts +++ b/src/test/avocado-function-test.ts @@ -36,11 +36,11 @@ describe('check default tag should contains all apiVersion', () => { const res = avocado.validateRPMustContainAllLatestApiVersionSwagger(rpFolder).toArray() assert.deepStrictEqual(res.length, 21) assert.deepStrictEqual( - res.some((it) => it.code === 'MISSING_APIS_IN_DEFAULT_TAG'), + res.some(it => it.code === 'MISSING_APIS_IN_DEFAULT_TAG'), true, ) assert.deepStrictEqual( - res.some((it) => it.code === 'NOT_LATEST_API_VERSION_IN_DEFAULT_TAG'), + res.some(it => it.code === 'NOT_LATEST_API_VERSION_IN_DEFAULT_TAG'), true, ) }) From 4161e87f16fd1952da8226438b6dc33374746e45 Mon Sep 17 00:00:00 2001 From: ruowan Date: Tue, 22 Feb 2022 09:07:18 +0000 Subject: [PATCH 11/16] add x-ms-paths swagger fixtures --- src/test/swagger_fixtures/apimapis.json | 4449 +++++++++++++++++++++++ 1 file changed, 4449 insertions(+) create mode 100644 src/test/swagger_fixtures/apimapis.json diff --git a/src/test/swagger_fixtures/apimapis.json b/src/test/swagger_fixtures/apimapis.json new file mode 100644 index 00000000..95bf51c9 --- /dev/null +++ b/src/test/swagger_fixtures/apimapis.json @@ -0,0 +1,4449 @@ +{ + "swagger": "2.0", + "info": { + "title": "ApiManagementClient", + "description": "Use these REST APIs for performing operations on API entity and their Operations associated with your Azure API Management deployment.", + "version": "2018-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow.", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis": { + "get": { + "tags": [ + "Api" + ], + "operationId": "Api_ListByService", + "description": "Lists all APIs of the API Management service instance.", + "externalDocs": { + "url": "https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-create-apis" + }, + "x-ms-examples": { + "ApiManagementListApis": { + "$ref": "./examples/ApiManagementListApis.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "| Field | Supported operators | Supported functions |\n|-------------|------------------------|-----------------------------------|\n\r\n|name | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|displayName | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|description | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|serviceUrl | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|path | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n" + }, + { + "$ref": "./apimanagement.json#/parameters/TopQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SkipQueryParameter" + }, + { + "name": "tags", + "in": "query", + "required": false, + "type": "string", + "description": "Include tags in the response." + }, + { + "name": "expandApiVersionSet", + "in": "query", + "required": false, + "type": "boolean", + "description": "Include full ApiVersionSet resource in response" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Paged Result response of Apis.", + "schema": { + "$ref": "./definitions.json#/definitions/ApiCollection" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "./definitions.json#/definitions/ApiContract" + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}": { + "head": { + "tags": [ + "Api" + ], + "operationId": "Api_GetEntityTag", + "description": "Gets the entity state (Etag) version of the API specified by its identifier.", + "x-ms-examples": { + "ApiManagementHeadApi": { + "$ref": "./examples/ApiManagementHeadApi.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Specified API entity exists and current entity state version is present in the ETag header.", + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "Api" + ], + "operationId": "Api_Get", + "description": "Gets the details of the API specified by its identifier.", + "x-ms-examples": { + "ApiManagementGetApiContract": { + "$ref": "./examples/ApiManagementGetApiContract.json" + }, + "ApiManagementGetApiRevisionContract": { + "$ref": "./examples/ApiManagementGetApiRevision.json" + } + }, + "produces": [ + "application/json", + "application/vnd.sun.wadl+xml", + "application/vnd.swagger.doc+json", + "application/wsdl+xml", + "application/vnd.oai.openapi", + "application/vnd.oai.openapi+json" + ], + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "The response body contains the specified API entity.", + "schema": { + "$ref": "./definitions.json#/definitions/ApiContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "tags": [ + "Api" + ], + "operationId": "Api_CreateOrUpdate", + "description": "Creates new or updates existing specified API of the API Management service instance.", + "x-ms-examples": { + "ApiManagementCreateApiUsingOai3Import": { + "$ref": "./examples/ApiManagementCreateApiUsingOai3Import.json" + }, + "ApiManagementCreateApiUsingSwaggerImport": { + "$ref": "./examples/ApiManagementCreateApiUsingSwaggerImport.json" + }, + "ApiManagementCreateApiUsingWadlImport": { + "$ref": "./examples/ApiManagementCreateApiUsingWadlImport.json" + }, + "ApiManagementCreateSoapToRestApiUsingWsdlImport": { + "$ref": "./examples/ApiManagementCreateSoapToRestApiUsingWsdlImport.json" + }, + "ApiManagementCreateSoapPassThroughApiUsingWsdlImport": { + "$ref": "./examples/ApiManagementCreateSoapPassThroughApiUsingWsdlImport.json" + }, + "ApiManagementCreateApi": { + "$ref": "./examples/ApiManagementCreateApi.json" + }, + "ApiManagementCreateApiRevision": { + "$ref": "./examples/ApiManagementCreateApiRevision.json" + }, + "ApiManagementCreateApiWithOpenIdConnect": { + "$ref": "./examples/ApiManagementCreateApiWithOpenIdConnect.json" + } + }, + "consumes": [ + "application/json", + "application/vnd.sun.wadl+xml", + "application/vnd.swagger.doc+json", + "application/wsdl+xml", + "application/vnd.oai.openapi", + "application/vnd.oai.openapi+json" + ], + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "./definitions.json#/definitions/ApiCreateOrUpdateParameter" + }, + "description": "Create or update parameters." + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchOptionalParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "201": { + "description": "API was successfully created.", + "schema": { + "$ref": "./definitions.json#/definitions/ApiContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "202": { + "description": "Request to create or update API was accepted." + }, + "200": { + "description": "API was successfully updated.", + "schema": { + "$ref": "./definitions.json#/definitions/ApiContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-long-running-operation": true + }, + "patch": { + "tags": [ + "Api" + ], + "operationId": "Api_Update", + "description": "Updates the specified API of the API Management service instance.", + "x-ms-examples": { + "ApiManagementUpdateApi": { + "$ref": "./examples/ApiManagementUpdateApi.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "./definitions.json#/definitions/ApiUpdateContract" + }, + "description": "API Update Contract parameters." + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchRequiredParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "204": { + "description": "The API was successfully updated." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "Api" + ], + "operationId": "Api_Delete", + "description": "Deletes the specified API of the API Management service instance.", + "x-ms-examples": { + "ApiManagementDeleteApi": { + "$ref": "./examples/ApiManagementDeleteApi.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "name": "deleteRevisions", + "in": "query", + "required": false, + "type": "boolean", + "description": "Delete all revisions of the Api." + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchRequiredParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "The API was successfully deleted." + }, + "204": { + "description": "The API was successfully deleted." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/revisions": { + "get": { + "tags": [ + "ApiRevision" + ], + "operationId": "ApiRevisions_List", + "description": "Lists all revisions of an API.", + "x-ms-examples": { + "ApiManagementListApiRevisions": { + "$ref": "./examples/ApiManagementListApiRevisions.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "| Field | Supported operators | Supported functions |\n|-------------|------------------------|-----------------------------------|\n\r\n|apiRevision | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n" + }, + { + "$ref": "./apimanagement.json#/parameters/TopQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SkipQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "The operation returns a list of revision details.", + "schema": { + "$ref": "./definitions.json#/definitions/ApiRevisionCollection" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "./definitions.json#/definitions/ApiRevisionContract" + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/releases": { + "get": { + "tags": [ + "ApiRelease" + ], + "operationId": "ApiRelease_List", + "description": "Lists all releases of an API. An API release is created when making an API Revision current. Releases are also used to rollback to previous revisions. Results will be paged and can be constrained by the $top and $skip parameters.", + "x-ms-examples": { + "ApiManagementListApiReleases": { + "$ref": "./examples/ApiManagementListApiReleases.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "| Field | Supported operators | Supported functions |\n|-------------|------------------------|-----------------------------------|\n\r\n|notes | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n" + }, + { + "$ref": "./apimanagement.json#/parameters/TopQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SkipQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "The operation returns a list of API Releases.", + "schema": { + "$ref": "./definitions.json#/definitions/ApiReleaseCollection" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "./definitions.json#/definitions/ApiReleaseContract" + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/releases/{releaseId}": { + "head": { + "tags": [ + "ApiRelease" + ], + "operationId": "ApiRelease_GetEntityTag", + "description": "Returns the etag of an API release.", + "x-ms-examples": { + "ApiManagementHeadApiRelease": { + "$ref": "./examples/ApiManagementHeadApiRelease.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ReleaseIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Gets the entity state (Etag) version of the api release as specified by its identifier.", + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "ApiRelease" + ], + "operationId": "ApiRelease_Get", + "description": "Returns the details of an API release.", + "x-ms-examples": { + "ApiManagementGetApiRelease": { + "$ref": "./examples/ApiManagementGetApiRelease.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ReleaseIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "The operation returns the details of an API Release.", + "schema": { + "$ref": "./definitions.json#/definitions/ApiReleaseContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "tags": [ + "ApiRelease" + ], + "operationId": "ApiRelease_Create", + "description": "Creates a new Release for the API.", + "x-ms-examples": { + "ApiManagementCreateApiRelease": { + "$ref": "./examples/ApiManagementCreateApiRelease.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ReleaseIdParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "./definitions.json#/definitions/ApiReleaseContract" + }, + "description": "Create parameters." + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchOptionalParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "201": { + "description": "Release was successfully created.", + "schema": { + "$ref": "./definitions.json#/definitions/ApiReleaseContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "200": { + "description": "Release was successfully updated.", + "schema": { + "$ref": "./definitions.json#/definitions/ApiReleaseContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "patch": { + "tags": [ + "ApiRelease" + ], + "operationId": "ApiRelease_Update", + "description": "Updates the details of the release of the API specified by its identifier.", + "x-ms-examples": { + "ApiManagementUpdateApiRelease": { + "$ref": "./examples/ApiManagementUpdateApiRelease.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ReleaseIdParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "./definitions.json#/definitions/ApiReleaseContract" + }, + "description": "API Release Update parameters." + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchRequiredParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "204": { + "description": "Release successfully updated" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "ApiRelease" + ], + "operationId": "ApiRelease_Delete", + "description": "Deletes the specified release in the API.", + "x-ms-examples": { + "ApiManagementDeleteApiRelease": { + "$ref": "./examples/ApiManagementDeleteApiRelease.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ReleaseIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchRequiredParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "API release successfully removed" + }, + "204": { + "description": "API release successfully removed by previous request or does not exist" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/operations": { + "get": { + "tags": [ + "ApiOperation" + ], + "operationId": "ApiOperation_ListByApi", + "description": "Lists a collection of the operations for the specified API.", + "x-ms-examples": { + "ApiManagementListApiOperations": { + "$ref": "./examples/ApiManagementListApiOperations.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "| Field | Supported operators | Supported functions |\n|-------------|------------------------|-----------------------------------|\n\r\n|name | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|displayName | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|method | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|description | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|urlTemplate | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n" + }, + { + "$ref": "./apimanagement.json#/parameters/TopQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SkipQueryParameter" + }, + { + "name": "tags", + "in": "query", + "required": false, + "type": "string" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "A collection of operation summary entities at the API level.", + "schema": { + "$ref": "./definitions.json#/definitions/OperationCollection" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "./definitions.json#/definitions/OperationContract" + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/operations/{operationId}": { + "head": { + "tags": [ + "ApiOperation" + ], + "operationId": "ApiOperation_GetEntityTag", + "description": "Gets the entity state (Etag) version of the API operation specified by its identifier.", + "x-ms-examples": { + "ApiManagementHeadApiOperation": { + "$ref": "./examples/ApiManagementHeadApiOperation.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/OperationIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Specified API operation entity exists and current entity state version is present in the ETag header.", + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "ApiOperation" + ], + "operationId": "ApiOperation_Get", + "description": "Gets the details of the API Operation specified by its identifier.", + "x-ms-examples": { + "ApiManagementGetApiOperation": { + "$ref": "./examples/ApiManagementGetApiOperation.json" + }, + "ApiManagementGetApiOperationPetStore": { + "$ref": "./examples/ApiManagementGetApiOperationPetStore.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/OperationIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "The response body contains the specified Operation entity.", + "schema": { + "$ref": "./definitions.json#/definitions/OperationContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "tags": [ + "ApiOperation" + ], + "operationId": "ApiOperation_CreateOrUpdate", + "description": "Creates a new operation in the API or updates an existing one.", + "x-ms-examples": { + "ApiManagementCreateApiOperation": { + "$ref": "./examples/ApiManagementCreateApiOperation.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/OperationIdParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "./definitions.json#/definitions/OperationContract" + }, + "description": "Create parameters." + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchOptionalParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "201": { + "description": "Operation was successfully created.", + "schema": { + "$ref": "./definitions.json#/definitions/OperationContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "200": { + "description": "Operation was successfully updated.", + "schema": { + "$ref": "./definitions.json#/definitions/OperationContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "patch": { + "tags": [ + "ApiOperation" + ], + "operationId": "ApiOperation_Update", + "description": "Updates the details of the operation in the API specified by its identifier.", + "x-ms-examples": { + "ApiManagementUpdateApiOperation": { + "$ref": "./examples/ApiManagementUpdateApiOperation.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/OperationIdParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "./definitions.json#/definitions/OperationUpdateContract" + }, + "description": "API Operation Update parameters." + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchRequiredParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "204": { + "description": "The operation was successfully updated." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "ApiOperation" + ], + "operationId": "ApiOperation_Delete", + "description": "Deletes the specified operation in the API.", + "x-ms-examples": { + "ApiManagementDeleteApiOperation": { + "$ref": "./examples/ApiManagementDeleteApiOperation.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/OperationIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchRequiredParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "API operation successfully removed" + }, + "204": { + "description": "API operation successfully removed by previous request or does not exist" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/operations/{operationId}/policies": { + "get": { + "tags": [ + "ApiOperationPolicy" + ], + "operationId": "ApiOperationPolicy_ListByOperation", + "description": "Get the list of policy configuration at the API Operation level.", + "x-ms-examples": { + "ApiManagementListApiOperationPolicies": { + "$ref": "./examples/ApiManagementListApiOperationPolicies.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/OperationIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Api Operations Policy Collection.", + "schema": { + "$ref": "./definitions.json#/definitions/PolicyCollection" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/operations/{operationId}/policies/{policyId}": { + "head": { + "tags": [ + "ApiOperationPolicy" + ], + "operationId": "ApiOperationPolicy_GetEntityTag", + "description": "Gets the entity state (Etag) version of the API operation policy specified by its identifier.", + "x-ms-examples": { + "ApiManagementHeadApiOperationPolicy": { + "$ref": "./examples/ApiManagementHeadApiOperationPolicy.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/OperationIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/PolicyIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Specified API operation policy entity exists and current entity state version is present in the ETag header.", + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "ApiOperationPolicy" + ], + "operationId": "ApiOperationPolicy_Get", + "description": "Get the policy configuration at the API Operation level.", + "x-ms-examples": { + "ApiManagementGetApiOperationPolicy": { + "$ref": "./examples/ApiManagementGetApiOperationPolicy.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/OperationIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/PolicyIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Api Operation Policy information.", + "schema": { + "$ref": "./definitions.json#/definitions/PolicyContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "tags": [ + "ApiOperationPolicy" + ], + "operationId": "ApiOperationPolicy_CreateOrUpdate", + "description": "Creates or updates policy configuration for the API Operation level.", + "x-ms-examples": { + "ApiManagementCreateApiOperationPolicy": { + "$ref": "./examples/ApiManagementCreateApiOperationPolicy.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/OperationIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/PolicyIdParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "./definitions.json#/definitions/PolicyContract" + }, + "description": "The policy contents to apply." + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchOptionalParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "201": { + "description": "Api Operation policy configuration was successfully created.", + "schema": { + "$ref": "./definitions.json#/definitions/PolicyContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "200": { + "description": "Api Operation policy configuration of the tenant was successfully updated.", + "schema": { + "$ref": "./definitions.json#/definitions/PolicyContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "ApiOperationPolicy" + ], + "operationId": "ApiOperationPolicy_Delete", + "description": "Deletes the policy configuration at the Api Operation.", + "x-ms-examples": { + "ApiManagementDeleteApiOperationPolicy": { + "$ref": "./examples/ApiManagementDeleteApiOperationPolicy.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/OperationIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/PolicyIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchRequiredParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Policy successfully removed" + }, + "204": { + "description": "Policy successfully removed by previous request or does not exist" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/operations/{operationId}/tags": { + "get": { + "tags": [ + "ApiOperationTag" + ], + "operationId": "Tag_ListByOperation", + "description": "Lists all Tags associated with the Operation.", + "x-ms-examples": { + "ApiManagementListApiOperationTags": { + "$ref": "./examples/ApiManagementListApiOperationTags.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/OperationIdParameter" + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "| Field | Supported operators | Supported functions |\n|-------------|------------------------|-----------------------------------|\n\r\n|displayName | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|name | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n" + }, + { + "$ref": "./apimanagement.json#/parameters/TopQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SkipQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "The operation returns a collection of tags associated with the Operation entity.", + "schema": { + "$ref": "./definitions.json#/definitions/TagCollection" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "./definitions.json#/definitions/TagContract" + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/operations/{operationId}/tags/{tagId}": { + "head": { + "tags": [ + "ApiOperationTag" + ], + "operationId": "Tag_GetEntityStateByOperation", + "description": "Gets the entity state version of the tag specified by its identifier.", + "x-ms-examples": { + "ApiManagementHeadApiOperationTag": { + "$ref": "./examples/ApiManagementHeadApiOperationTag.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/OperationIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/TagIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Empty response body, ETag header entity state version.", + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "ApiOperationTag" + ], + "operationId": "Tag_GetByOperation", + "description": "Get tag associated with the Operation.", + "x-ms-examples": { + "ApiManagementGetApiOperationTag": { + "$ref": "./examples/ApiManagementGetApiOperationTag.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/OperationIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/TagIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Gets the details of the tag specified by its identifier.", + "schema": { + "$ref": "./definitions.json#/definitions/TagContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "tags": [ + "ApiOperationTag" + ], + "operationId": "Tag_AssignToOperation", + "description": "Assign tag to the Operation.", + "x-ms-examples": { + "ApiManagementCreateApiOperationTag": { + "$ref": "./examples/ApiManagementCreateApiOperationTag.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/OperationIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/TagIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "201": { + "description": "Tag was assigned to the Operation.", + "schema": { + "$ref": "./definitions.json#/definitions/TagContract" + } + }, + "200": { + "description": "Tag is already assigned to the Operation.", + "schema": { + "$ref": "./definitions.json#/definitions/TagContract" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "ApiOperationTag" + ], + "operationId": "Tag_DetachFromOperation", + "description": "Detach the tag from the Operation.", + "x-ms-examples": { + "ApiManagementDeleteApiOperationTag": { + "$ref": "./examples/ApiManagementDeleteApiOperationTag.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/OperationIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/TagIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Tag was successfully removed from Operation" + }, + "204": { + "description": "Tag successfully removed by previous request or does not exist in Operation" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/products": { + "get": { + "tags": [ + "ApiProduct" + ], + "operationId": "ApiProduct_ListByApis", + "description": "Lists all Products, which the API is part of.", + "x-ms-examples": { + "ApiManagementListApiProducts": { + "$ref": "./examples/ApiManagementListApiProducts.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "| Field | Supported operators | Supported functions |\n|-------------|------------------------|-----------------------------------|\n\r\n|displayName | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n" + }, + { + "$ref": "./apimanagement.json#/parameters/TopQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SkipQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "The operation returns a collection of products which have the Api entity.", + "schema": { + "$ref": "./definitions.json#/definitions/ProductCollection" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "./definitions.json#/definitions/ProductContract" + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/policies": { + "get": { + "tags": [ + "ApiPolicy" + ], + "operationId": "ApiPolicy_ListByApi", + "description": "Get the policy configuration at the API level.", + "x-ms-examples": { + "ApiManagementListApiPolicies": { + "$ref": "./examples/ApiManagementListApiPolicies.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Apis Policy Collection.", + "schema": { + "$ref": "./definitions.json#/definitions/PolicyCollection" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/policies/{policyId}": { + "head": { + "tags": [ + "ApiPolicy" + ], + "operationId": "ApiPolicy_GetEntityTag", + "description": "Gets the entity state (Etag) version of the API policy specified by its identifier.", + "x-ms-examples": { + "ApiManagementHeadApiPolicy": { + "$ref": "./examples/ApiManagementHeadApiPolicy.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/PolicyIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Specified API Policy entity exists and current entity state version is present in the ETag header.", + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "ApiPolicy" + ], + "operationId": "ApiPolicy_Get", + "description": "Get the policy configuration at the API level.", + "x-ms-examples": { + "ApiManagementGetApiPolicy": { + "$ref": "./examples/ApiManagementGetApiPolicy.json" + } + }, + "produces": [ + "application/json", + "application/vnd.ms-azure-apim.policy+xml", + "application/vnd.ms-azure-apim.policy.raw+xml" + ], + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/PolicyIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Api Policy information.", + "schema": { + "$ref": "./definitions.json#/definitions/PolicyContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "tags": [ + "ApiPolicy" + ], + "operationId": "ApiPolicy_CreateOrUpdate", + "description": "Creates or updates policy configuration for the API.", + "x-ms-examples": { + "ApiManagementCreateApiPolicy": { + "$ref": "./examples/ApiManagementCreateApiPolicy.json" + }, + "ApiManagementCreateApiPolicyNonXmlEncoded": { + "$ref": "./examples/ApiManagementCreateApiPolicyNonXmlEncoded.json" + } + }, + "consumes": [ + "application/json", + "application/vnd.ms-azure-apim.policy+xml", + "application/vnd.ms-azure-apim.policy.raw+xml" + ], + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/PolicyIdParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "./definitions.json#/definitions/PolicyContract" + }, + "description": "The policy contents to apply." + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchOptionalParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "201": { + "description": "Api policy configuration was successfully created.", + "schema": { + "$ref": "./definitions.json#/definitions/PolicyContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "200": { + "description": "Api policy configuration of the tenant was successfully updated.", + "schema": { + "$ref": "./definitions.json#/definitions/PolicyContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "ApiPolicy" + ], + "operationId": "ApiPolicy_Delete", + "description": "Deletes the policy configuration at the Api.", + "x-ms-examples": { + "ApiManagementDeleteApiPolicy": { + "$ref": "./examples/ApiManagementDeleteApiPolicy.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/PolicyIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchRequiredParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Successfully deleted the policy configuration at the API level." + }, + "204": { + "description": "Successfully deleted the policy configuration at the API level." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/schemas": { + "get": { + "tags": [ + "ApiSchema" + ], + "operationId": "ApiSchema_ListByApi", + "description": "Get the schema configuration at the API level.", + "x-ms-examples": { + "ApiManagementListApiSchemas": { + "$ref": "./examples/ApiManagementListApiSchemas.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "| Field | Supported operators | Supported functions |\n|-------------|------------------------|-----------------------------------|\n\r\n|contentType | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n" + }, + { + "$ref": "./apimanagement.json#/parameters/TopQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SkipQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Apis Schema Collection.", + "schema": { + "$ref": "./definitions.json#/definitions/SchemaCollection" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/schemas/{schemaId}": { + "head": { + "tags": [ + "ApiSchema" + ], + "operationId": "ApiSchema_GetEntityTag", + "description": "Gets the entity state (Etag) version of the schema specified by its identifier.", + "x-ms-examples": { + "ApiManagementHeadApiSchema": { + "$ref": "./examples/ApiManagementHeadApiSchema.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SchemaIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Specified schema entity exists and current entity state version is present in the ETag header.", + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "ApiSchema" + ], + "operationId": "ApiSchema_Get", + "description": "Get the schema configuration at the API level.", + "x-ms-examples": { + "ApiManagementGetApiSchema": { + "$ref": "./examples/ApiManagementGetApiSchema.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SchemaIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Api Schema information.", + "schema": { + "$ref": "./definitions.json#/definitions/SchemaContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "tags": [ + "ApiSchema" + ], + "operationId": "ApiSchema_CreateOrUpdate", + "description": "Creates or updates schema configuration for the API.", + "x-ms-examples": { + "ApiManagementCreateApiSchema": { + "$ref": "./examples/ApiManagementCreateApiSchema.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SchemaIdParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "./definitions.json#/definitions/SchemaContract" + }, + "description": "The schema contents to apply." + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchOptionalParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "201": { + "description": "Api schema configuration was successfully created.", + "schema": { + "$ref": "./definitions.json#/definitions/SchemaContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "200": { + "description": "Api schema configuration of the tenant was successfully updated.", + "schema": { + "$ref": "./definitions.json#/definitions/SchemaContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "ApiSchema" + ], + "operationId": "ApiSchema_Delete", + "description": "Deletes the schema configuration at the Api.", + "x-ms-examples": { + "ApiManagementDeleteApiSchema": { + "$ref": "./examples/ApiManagementDeleteApiSchema.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SchemaIdParameter" + }, + { + "name": "force", + "in": "query", + "required": false, + "type": "boolean", + "description": "If true removes all references to the schema before deleting it." + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchRequiredParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Successfully deleted the schema configuration at the API level." + }, + "204": { + "description": "Successfully deleted the schema configuration at the API level." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/diagnostics": { + "get": { + "tags": [ + "ApiDiagnostic" + ], + "operationId": "ApiDiagnostic_ListByService", + "description": "Lists all diagnostics of an API.", + "x-ms-examples": { + "ApiManagementListApiDiagnostics": { + "$ref": "./examples/ApiManagementListApiDiagnostics.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "| Field | Supported operators | Supported functions |\n|-------------|------------------------|-----------------------------------|\n\r\n|name | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n" + }, + { + "$ref": "./apimanagement.json#/parameters/TopQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SkipQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Paged Result response of diagnostics for an API.", + "schema": { + "$ref": "./definitions.json#/definitions/DiagnosticCollection" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "./definitions.json#/definitions/DiagnosticContract" + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/diagnostics/{diagnosticId}": { + "head": { + "tags": [ + "ApiDiagnostic" + ], + "operationId": "ApiDiagnostic_GetEntityTag", + "description": "Gets the entity state (Etag) version of the Diagnostic for an API specified by its identifier.", + "x-ms-examples": { + "ApiManagementHeadApiDiagnostic": { + "$ref": "./examples/ApiManagementHeadApiDiagnostic.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/DiagnosticIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Operation completed successfully.", + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "ApiDiagnostic" + ], + "operationId": "ApiDiagnostic_Get", + "description": "Gets the details of the Diagnostic for an API specified by its identifier.", + "x-ms-examples": { + "ApiManagementGetApiDiagnostic": { + "$ref": "./examples/ApiManagementGetApiDiagnostic.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/DiagnosticIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "The response body contains the specified Diagnostic entity.", + "schema": { + "$ref": "./definitions.json#/definitions/DiagnosticContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "tags": [ + "ApiDiagnostic" + ], + "operationId": "ApiDiagnostic_CreateOrUpdate", + "description": "Creates a new Diagnostic for an API or updates an existing one.", + "x-ms-examples": { + "ApiManagementCreateApiDiagnostic": { + "$ref": "./examples/ApiManagementCreateApiDiagnostic.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/DiagnosticIdParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "./definitions.json#/definitions/DiagnosticContract" + }, + "description": "Create parameters." + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchOptionalParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "201": { + "description": "Diagnostic was successfully created.", + "schema": { + "$ref": "./definitions.json#/definitions/DiagnosticContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "200": { + "description": "Diagnostic was successfully updated.", + "schema": { + "$ref": "./definitions.json#/definitions/DiagnosticContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "patch": { + "tags": [ + "ApiDiagnostic" + ], + "operationId": "ApiDiagnostic_Update", + "description": "Updates the details of the Diagnostic for an API specified by its identifier.", + "x-ms-examples": { + "ApiManagementUpdateApiDiagnostic": { + "$ref": "./examples/ApiManagementUpdateApiDiagnostic.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/DiagnosticIdParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "./definitions.json#/definitions/DiagnosticContract" + }, + "description": "Diagnostic Update parameters." + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchRequiredParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "204": { + "description": "The Diagnostic was successfully updated." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "ApiDiagnostic" + ], + "operationId": "ApiDiagnostic_Delete", + "description": "Deletes the specified Diagnostic from an API.", + "x-ms-examples": { + "ApiManagementDeleteApiDiagnostic": { + "$ref": "./examples/ApiManagementDeleteApiDiagnostic.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/DiagnosticIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchRequiredParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Diagnostic successfully removed" + }, + "204": { + "description": "Diagnostic successfully removed by previous request or does not exist" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/issues": { + "get": { + "tags": [ + "ApiIssue" + ], + "operationId": "ApiIssue_ListByService", + "description": "Lists all issues associated with the specified API.", + "x-ms-examples": { + "ApiManagementListApiIssues": { + "$ref": "./examples/ApiManagementListApiIssues.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "| Field | Supported operators | Supported functions |\n|-------------|------------------------|-----------------------------------|\n\r\n|name | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|userId | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|state | eq | |\n" + }, + { + "name": "expandCommentsAttachments", + "in": "query", + "required": false, + "type": "boolean", + "description": "Expand the comment attachments. " + }, + { + "$ref": "./apimanagement.json#/parameters/TopQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SkipQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Paged Result response of issues for the API.", + "schema": { + "$ref": "./definitions.json#/definitions/IssueCollection" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "./definitions.json#/definitions/IssueContract" + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/issues/{issueId}": { + "head": { + "tags": [ + "ApiIssue" + ], + "operationId": "ApiIssue_GetEntityTag", + "description": "Gets the entity state (Etag) version of the Issue for an API specified by its identifier.", + "x-ms-examples": { + "ApiManagementHeadApiIssue": { + "$ref": "./examples/ApiManagementHeadApiIssue.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IssueIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Operation completed successfully.", + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "ApiIssue" + ], + "operationId": "ApiIssue_Get", + "description": "Gets the details of the Issue for an API specified by its identifier.", + "x-ms-examples": { + "ApiManagementGetApiIssue": { + "$ref": "./examples/ApiManagementGetApiIssue.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IssueIdParameter" + }, + { + "name": "expandCommentsAttachments", + "in": "query", + "required": false, + "type": "boolean", + "description": "Expand the comment attachments. " + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "The response body contains the specified Issue entity.", + "schema": { + "$ref": "./definitions.json#/definitions/IssueContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "tags": [ + "ApiIssue" + ], + "operationId": "ApiIssue_CreateOrUpdate", + "description": "Creates a new Issue for an API or updates an existing one.", + "x-ms-examples": { + "ApiManagementCreateApiIssue": { + "$ref": "./examples/ApiManagementCreateApiIssue.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IssueIdParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "./definitions.json#/definitions/IssueContract" + }, + "description": "Create parameters." + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchOptionalParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "201": { + "description": "New api issue successfully added", + "schema": { + "$ref": "./definitions.json#/definitions/IssueContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "200": { + "description": "Api issue successfully updated", + "schema": { + "$ref": "./definitions.json#/definitions/IssueContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "patch": { + "tags": [ + "ApiIssue" + ], + "operationId": "ApiIssue_Update", + "description": "Updates an existing issue for an API.", + "x-ms-examples": { + "ApiManagementUpdateApiIssue": { + "$ref": "./examples/ApiManagementUpdateApiIssue.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IssueIdParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "./definitions.json#/definitions/IssueUpdateContract" + }, + "description": "Update parameters." + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchRequiredParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "204": { + "description": "Api issue updated successfully" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "ApiIssue" + ], + "operationId": "ApiIssue_Delete", + "description": "Deletes the specified Issue from an API.", + "x-ms-examples": { + "ApiManagementDeleteApiIssue": { + "$ref": "./examples/ApiManagementDeleteApiIssue.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IssueIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchRequiredParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Issue successfully removed" + }, + "204": { + "description": "Issue successfully removed by previous request or does not exist" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/issues/{issueId}/comments": { + "get": { + "tags": [ + "ApiIssueComment" + ], + "operationId": "ApiIssueComment_ListByService", + "description": "Lists all comments for the Issue associated with the specified API.", + "x-ms-examples": { + "ApiManagementListApiIssueComments": { + "$ref": "./examples/ApiManagementListApiIssueComments.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IssueIdParameter" + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "| Field | Supported operators | Supported functions |\n|-------------|------------------------|-----------------------------------|\n\r\n|name | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|userId | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n" + }, + { + "$ref": "./apimanagement.json#/parameters/TopQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SkipQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Paged Result response of issue comments for the API.", + "schema": { + "$ref": "./definitions.json#/definitions/IssueCommentCollection" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "./definitions.json#/definitions/IssueCommentContract" + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/issues/{issueId}/comments/{commentId}": { + "head": { + "tags": [ + "ApiIssueComment" + ], + "operationId": "ApiIssueComment_GetEntityTag", + "description": "Gets the entity state (Etag) version of the issue Comment for an API specified by its identifier.", + "x-ms-examples": { + "ApiManagementHeadApiIssueComment": { + "$ref": "./examples/ApiManagementHeadApiIssueComment.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IssueIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/CommentIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Operation completed successfully.", + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "ApiIssueComment" + ], + "operationId": "ApiIssueComment_Get", + "description": "Gets the details of the issue Comment for an API specified by its identifier.", + "x-ms-examples": { + "ApiManagementGetApiIssueComment": { + "$ref": "./examples/ApiManagementGetApiIssueComment.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IssueIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/CommentIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "The response body contains the specified issue Comment entity.", + "schema": { + "$ref": "./definitions.json#/definitions/IssueCommentContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "tags": [ + "ApiIssueComment" + ], + "operationId": "ApiIssueComment_CreateOrUpdate", + "description": "Creates a new Comment for the Issue in an API or updates an existing one.", + "x-ms-examples": { + "ApiManagementCreateApiIssueComment": { + "$ref": "./examples/ApiManagementCreateApiIssueComment.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IssueIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/CommentIdParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "./definitions.json#/definitions/IssueCommentContract" + }, + "description": "Create parameters." + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchOptionalParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "201": { + "description": "New api issue comment successfully added", + "schema": { + "$ref": "./definitions.json#/definitions/IssueCommentContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "200": { + "description": "Api issue comment successfully updated", + "schema": { + "$ref": "./definitions.json#/definitions/IssueCommentContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "ApiIssueComment" + ], + "operationId": "ApiIssueComment_Delete", + "description": "Deletes the specified comment from an Issue.", + "x-ms-examples": { + "ApiManagementDeleteApiIssueComment": { + "$ref": "./examples/ApiManagementDeleteApiIssueComment.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IssueIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/CommentIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchRequiredParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Comment successfully removed" + }, + "204": { + "description": "Comment successfully removed by previous request or does not exist" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/issues/{issueId}/attachments": { + "get": { + "tags": [ + "ApiIssueAttachment" + ], + "operationId": "ApiIssueAttachment_ListByService", + "description": "Lists all attachments for the Issue associated with the specified API.", + "x-ms-examples": { + "ApiManagementListApiIssueAttachments": { + "$ref": "./examples/ApiManagementListApiIssueAttachments.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IssueIdParameter" + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "| Field | Supported operators | Supported functions |\n|-------------|------------------------|-----------------------------------|\n\r\n|name | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|userId | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n" + }, + { + "$ref": "./apimanagement.json#/parameters/TopQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SkipQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Paged Result response of issue attachments for the API.", + "schema": { + "$ref": "./definitions.json#/definitions/IssueAttachmentCollection" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "./definitions.json#/definitions/IssueAttachmentContract" + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/issues/{issueId}/attachments/{attachmentId}": { + "head": { + "tags": [ + "ApiIssueAttachment" + ], + "operationId": "ApiIssueAttachment_GetEntityTag", + "description": "Gets the entity state (Etag) version of the issue Attachment for an API specified by its identifier.", + "x-ms-examples": { + "ApiManagementHeadApiIssueAttachment": { + "$ref": "./examples/ApiManagementHeadApiIssueAttachment.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IssueIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/AttachmentIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Operation completed successfully.", + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "ApiIssueAttachment" + ], + "operationId": "ApiIssueAttachment_Get", + "description": "Gets the details of the issue Attachment for an API specified by its identifier.", + "x-ms-examples": { + "ApiManagementGetApiIssueAttachment": { + "$ref": "./examples/ApiManagementGetApiIssueAttachment.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IssueIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/AttachmentIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "The response body contains the specified issue Attachment entity.", + "schema": { + "$ref": "./definitions.json#/definitions/IssueAttachmentContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "tags": [ + "ApiIssueAttachment" + ], + "operationId": "ApiIssueAttachment_CreateOrUpdate", + "description": "Creates a new Attachment for the Issue in an API or updates an existing one.", + "x-ms-examples": { + "ApiManagementCreateApiIssueAttachment": { + "$ref": "./examples/ApiManagementCreateApiIssueAttachment.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IssueIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/AttachmentIdParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "./definitions.json#/definitions/IssueAttachmentContract" + }, + "description": "Create parameters." + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchOptionalParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "201": { + "description": "New api issue attachment successfully added", + "schema": { + "$ref": "./definitions.json#/definitions/IssueAttachmentContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "200": { + "description": "Api issue attachment successfully updated", + "schema": { + "$ref": "./definitions.json#/definitions/IssueAttachmentContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "ApiIssueAttachment" + ], + "operationId": "ApiIssueAttachment_Delete", + "description": "Deletes the specified comment from an Issue.", + "x-ms-examples": { + "ApiManagementDeleteApiIssueAttachment": { + "$ref": "./examples/ApiManagementDeleteApiIssueAttachment.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IssueIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/AttachmentIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchRequiredParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Attachment successfully removed" + }, + "204": { + "description": "Attachment successfully removed by previous request or does not exist" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/tagDescriptions": { + "get": { + "tags": [ + "ApiTagDescription" + ], + "operationId": "TagDescription_ListByApi", + "description": "Lists all Tags descriptions in scope of API. Model similar to swagger - tagDescription is defined on API level but tag may be assigned to the Operations", + "x-ms-examples": { + "ApiManagementListApiTagDescriptions": { + "$ref": "./examples/ApiManagementListApiTagDescriptions.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "| Field | Supported operators | Supported functions |\n|-------------|------------------------|-----------------------------------|\n\r\n|displayName | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|name | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n" + }, + { + "$ref": "./apimanagement.json#/parameters/TopQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SkipQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "The operation returns a collection of tagDescriptions associated with the Api entity.", + "schema": { + "$ref": "./definitions.json#/definitions/TagDescriptionCollection" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "./definitions.json#/definitions/TagDescriptionContract" + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/tagDescriptions/{tagId}": { + "head": { + "tags": [ + "ApiTagDescription" + ], + "operationId": "TagDescription_GetEntityState", + "description": "Gets the entity state version of the tag specified by its identifier.", + "x-ms-examples": { + "ApiManagementHeadApiTagDescription": { + "$ref": "./examples/ApiManagementHeadApiTagDescription.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/TagIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Empty response body, ETag header entity state version.", + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "ApiTagDescription" + ], + "operationId": "TagDescription_Get", + "description": "Get Tag description in scope of API", + "x-ms-examples": { + "ApiManagementGetApiTagDescription": { + "$ref": "./examples/ApiManagementGetApiTagDescription.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/TagIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Gets the description of the tag specified by its identifier in scope if the Api.", + "schema": { + "$ref": "./definitions.json#/definitions/TagDescriptionContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "tags": [ + "ApiTagDescription" + ], + "operationId": "TagDescription_CreateOrUpdate", + "description": "Create/Update tag description in scope of the Api.", + "x-ms-examples": { + "ApiManagementCreateApiTagDescription": { + "$ref": "./examples/ApiManagementCreateApiTagDescription.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/TagIdParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "./definitions.json#/definitions/TagDescriptionCreateParameters" + }, + "description": "Create parameters." + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchOptionalParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "201": { + "description": "Tag Description was created for the Api.", + "schema": { + "$ref": "./definitions.json#/definitions/TagDescriptionContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "200": { + "description": "Tag Description was updated for the Api.", + "schema": { + "$ref": "./definitions.json#/definitions/TagDescriptionContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "ApiTagDescription" + ], + "operationId": "TagDescription_Delete", + "description": "Delete tag description for the Api.", + "x-ms-examples": { + "ApiManagementDeleteApiTagDescription": { + "$ref": "./examples/ApiManagementDeleteApiTagDescription.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/TagIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/IfMatchRequiredParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Tag description successfully removed" + }, + "204": { + "description": "Tag description successfully removed by previous request or does not exist" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/tags": { + "get": { + "tags": [ + "ApiTag" + ], + "operationId": "Tag_ListByApi", + "description": "Lists all Tags associated with the API.", + "x-ms-examples": { + "ApiManagementListApiTags": { + "$ref": "./examples/ApiManagementListApiTags.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "| Field | Supported operators | Supported functions |\n|-------------|------------------------|-----------------------------------|\n\r\n|displayName | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|name | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n" + }, + { + "$ref": "./apimanagement.json#/parameters/TopQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SkipQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "The operation returns a collection of tags associated with the Api entity.", + "schema": { + "$ref": "./definitions.json#/definitions/TagCollection" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "./definitions.json#/definitions/TagContract" + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/tags/{tagId}": { + "head": { + "tags": [ + "ApiTag" + ], + "operationId": "Tag_GetEntityStateByApi", + "description": "Gets the entity state version of the tag specified by its identifier.", + "x-ms-examples": { + "ApiManagementHeadApiTag": { + "$ref": "./examples/ApiManagementHeadApiTag.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/TagIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Empty response body, ETag header entity state version.", + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "ApiTag" + ], + "operationId": "Tag_GetByApi", + "description": "Get tag associated with the API.", + "x-ms-examples": { + "ApiManagementGetApiTag": { + "$ref": "./examples/ApiManagementGetApiTag.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/TagIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Gets the details of the tag specified by its identifier.", + "schema": { + "$ref": "./definitions.json#/definitions/TagContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "tags": [ + "ApiTag" + ], + "operationId": "Tag_AssignToApi", + "description": "Assign tag to the Api.", + "x-ms-examples": { + "ApiManagementCreateApiTag": { + "$ref": "./examples/ApiManagementCreateApiTag.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/TagIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "201": { + "description": "Tag was assigned to the Api.", + "schema": { + "$ref": "./definitions.json#/definitions/TagContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "200": { + "description": "Tag is already assigned to the Api.", + "schema": { + "$ref": "./definitions.json#/definitions/TagContract" + }, + "headers": { + "ETag": { + "description": "Current entity state version. Should be treated as opaque and used to make conditional HTTP requests.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "ApiTag" + ], + "operationId": "Tag_DetachFromApi", + "description": "Detach the tag from the Api.", + "x-ms-examples": { + "ApiManagementDeleteApiTag": { + "$ref": "./examples/ApiManagementDeleteApiTag.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/TagIdParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "API/Tag association successfully removed" + }, + "204": { + "description": "API/Tag association successfully removed by previous request or does not exist" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/operationsByTags": { + "get": { + "tags": [ + "ApiOperationsByTag" + ], + "operationId": "Operation_ListByTags", + "description": "Lists a collection of operations associated with tags.", + "x-ms-examples": { + "ApiManagementListApiOperationsByTags": { + "$ref": "./examples/ApiManagementListApiOperationsByTags.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "| Field | Supported operators | Supported functions |\n|-------------|------------------------|-----------------------------------|\n\r\n|name | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|displayName | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|apiName | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|description | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|method | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n|urlTemplate | ge, le, eq, ne, gt, lt | substringof, contains, startswith, endswith|\n" + }, + { + "$ref": "./apimanagement.json#/parameters/TopQueryParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SkipQueryParameter" + }, + { + "name": "includeNotTaggedOperations", + "in": "query", + "required": false, + "type": "boolean", + "description": "Include not tagged Operations." + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Lists a collection of TagResource entities.", + "schema": { + "$ref": "./definitions.json#/definitions/TagResourceCollection" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "./definitions.json#/definitions/TagResourceContract" + } + } + }, + "x-ms-paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}?export=true": { + "get": { + "tags": [ + "Apis" + ], + "operationId": "ApiExport_Get", + "description": "Gets the details of the API specified by its identifier in the format specified to the Storage Blob with SAS Key valid for 5 minutes.", + "x-ms-examples": { + "ApiManagementGetApiExportInOpenApi2dot0": { + "$ref": "./examples/ApiManagementGetApiExportInOpenApi2dot0.json" + } + }, + "parameters": [ + { + "$ref": "./apimanagement.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ServiceNameParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/ApiIdRevParameter" + }, + { + "name": "format", + "in": "query", + "required": true, + "type": "string", + "enum": [ + "swagger-link", + "wadl-link", + "wsdl-link", + "openapi-link" + ], + "x-ms-enum": { + "name": "ExportFormat", + "modelAsString": true, + "values": [ + { + "value": "swagger-link", + "description": "Export the Api Definition in OpenApi Specification 2.0 format to the Storage Blob.", + "name": "Swagger" + }, + { + "value": "wsdl-link", + "description": "Export the Api Definition in WSDL Schema to Storage Blob. This is only supported for APIs of Type `soap`", + "name": "Wsdl" + }, + { + "value": "wadl-link", + "description": "Export the Api Definition in WADL Schema to Storage Blob.", + "name": "Wadl" + }, + { + "value": "openapi-link", + "description": "Export the Api Definition in OpenApi Specification 3.0 to Storage Blob.", + "name": "OpenApi3" + } + ] + }, + "description": "Format in which to export the Api Details to the Storage Blob with Sas Key valid for 5 minutes." + }, + { + "name": "export", + "in": "query", + "required": true, + "type": "string", + "enum": [ + "true" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "ExportApi" + }, + "description": "Query parameter required to export the API details." + }, + { + "$ref": "./apimanagement.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "./apimanagement.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "The response contains a stream with a full set of API metadata and includes API entity with an embedded array of operation entities.", + "schema": { + "$ref": "./definitions.json#/definitions/ApiExportResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./apimanagement.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": {}, + "parameters": {} + } + \ No newline at end of file From 1165641761ecb831a2f999df4d03247f361adf6a Mon Sep 17 00:00:00 2001 From: ruowan Date: Tue, 22 Feb 2022 09:16:29 +0000 Subject: [PATCH 12/16] add jest timeout --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d0f3a39c..ea4aa9dc 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,7 @@ "tsc": "tsc", "prettier": "prettier ./src/**/*.ts", "tslint": "tslint -t verbose --project ./", - "test": "tsc && tslint -t verbose --project ./ && jest --silent", + "test": "tsc && tslint -t verbose --project ./ && jest --silent --testTimeout 100000", "standard": "standard src/**/*.ts", "prepack": "npm install && tsc" }, From 2646aa2271d226f5a6ec969461e4dbdc69e68ad5 Mon Sep 17 00:00:00 2001 From: ruowan Date: Wed, 23 Feb 2022 05:15:38 +0000 Subject: [PATCH 13/16] update tag --- README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/README.md b/README.md index aa7d0f27..51b33cb2 100644 --- a/README.md +++ b/README.md @@ -125,6 +125,22 @@ The management plane swagger JSON file does not match its folder path. Make sure To solve this warning, you should make sure manager plane swagger located in resource-manager folder. +### MISSING_APIS_IN_DEFAULT_TAG + +Level: ERROR + +The default tag does not contain all APIs in this RP. Please make sure the missing API swaggers are in the default tag. + +To fix this error. You should add the missing API swaggers to the default tag. If the missing API swaggers are deprecated, in this case this error could be ignored. + +### NOT_LATEST_API_VERSION_IN_DEFAULT_TAG + +Level: ERROR + +The default tag does not contains the latest API version. Please make sure the latest api version swaggers are in the default tag. + +To fix this error. You should add the latest API version swaggers to the default tag or change default tag to reference latest api version tag. + ## Contributing This project welcomes contributions and suggestions. Most contributions require you to agree to a From e6c5ed75b89ec6b916e1b292a2023e7218fd9af9 Mon Sep 17 00:00:00 2001 From: ruowan Date: Wed, 23 Feb 2022 06:14:35 +0000 Subject: [PATCH 14/16] update linux sku --- azure-pipelines.yml | 164 ++++++++++++++++++++++---------------------- 1 file changed, 82 insertions(+), 82 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index aceadefe..6208cc0e 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -1,88 +1,88 @@ trigger: -- master + - master jobs: -- job: Test - strategy: - matrix: - Linux.Node10: - node.version: 10.x - vm.image: 'Ubuntu 16.04' - Linux.Node12: - node.version: 12.x - vm.image: 'Ubuntu 16.04' - Win.Node10: - node.version: 10.x - vm.image: 'vs2017-win2016' - Win.Node12: - node.version: 12.x - vm.image: 'vs2017-win2016' - pool: - vmImage: $(vm.image) - steps: - - task: NodeTool@0 - displayName: 'Install Node' - inputs: - versionSpec: $(node.version) - - script: npm install - - task: Npm@1 - displayName: 'npm test' - inputs: - command: custom - verbose: false - customCommand: test - - task: PublishTestResults@2 - condition: succeededOrFailed() - inputs: - testResultsFiles: '**/test-results.xml' - testRunTitle: 'Test results for JavaScript' - - task: PublishCodeCoverageResults@1 - condition: succeededOrFailed() - inputs: - codeCoverageTool: Cobertura - summaryFileLocation: '$(System.DefaultWorkingDirectory)/**/*coverage.xml' - reportDirectory: '$(System.DefaultWorkingDirectory)/**/coverage' -- job: Build - pool: - vmImage: 'Ubuntu 16.04' - steps: - - task: Npm@1 - displayName: 'npm pack' - inputs: - command: custom - verbose: false - customCommand: pack - - task: CopyFiles@2 - displayName: 'Copy Files to: drop' - inputs: - Contents: '*.tgz' - TargetFolder: drop - - task: PublishBuildArtifacts@1 - inputs: - pathtoPublish: $(Build.SourcesDirectory)/drop + - job: Test + strategy: + matrix: + Linux.Node10: + node.version: 10.x + vm.image: 'Ubuntu 18.04' + Linux.Node12: + node.version: 12.x + vm.image: 'Ubuntu 18.04' + Win.Node10: + node.version: 10.x + vm.image: 'vs2017-win2016' + Win.Node12: + node.version: 12.x + vm.image: 'vs2017-win2016' + pool: + vmImage: $(vm.image) + steps: + - task: NodeTool@0 + displayName: 'Install Node' + inputs: + versionSpec: $(node.version) + - script: npm install + - task: Npm@1 + displayName: 'npm test' + inputs: + command: custom + verbose: false + customCommand: test + - task: PublishTestResults@2 + condition: succeededOrFailed() + inputs: + testResultsFiles: '**/test-results.xml' + testRunTitle: 'Test results for JavaScript' + - task: PublishCodeCoverageResults@1 + condition: succeededOrFailed() + inputs: + codeCoverageTool: Cobertura + summaryFileLocation: '$(System.DefaultWorkingDirectory)/**/*coverage.xml' + reportDirectory: '$(System.DefaultWorkingDirectory)/**/coverage' + - job: Build + pool: + vmImage: 'Ubuntu 16.04' + steps: + - task: Npm@1 + displayName: 'npm pack' + inputs: + command: custom + verbose: false + customCommand: pack + - task: CopyFiles@2 + displayName: 'Copy Files to: drop' + inputs: + Contents: '*.tgz' + TargetFolder: drop + - task: PublishBuildArtifacts@1 + inputs: + pathtoPublish: $(Build.SourcesDirectory)/drop -- job: Windows - pool: - vmImage: "windows-2019" + - job: Windows + pool: + vmImage: 'windows-2019' - steps: - - task: ea576cd4-c61f-48f8-97e7-a3cb07b90a6f@2 # CredScan@2 - inputs: - toolMajorVersion: 'V2' + steps: + - task: ea576cd4-c61f-48f8-97e7-a3cb07b90a6f@2 # CredScan@2 + inputs: + toolMajorVersion: 'V2' - - task: f5679091-e6da-4974-a8dc-0eec03a8ea63@1 # PostAnalysis@1 - inputs: - AllTools: false - APIScan: false - BinSkim: false - CodesignValidation: false - CredScan: true - FortifySCA: false - FxCop: false - ModernCop: false - PoliCheck: false - RoslynAnalyzers: false - SDLNativeRules: false - Semmle: false - TSLint: false - ToolLogsNotFoundAction: 'Standard' + - task: f5679091-e6da-4974-a8dc-0eec03a8ea63@1 # PostAnalysis@1 + inputs: + AllTools: false + APIScan: false + BinSkim: false + CodesignValidation: false + CredScan: true + FortifySCA: false + FxCop: false + ModernCop: false + PoliCheck: false + RoslynAnalyzers: false + SDLNativeRules: false + Semmle: false + TSLint: false + ToolLogsNotFoundAction: 'Standard' From 7a3e4b8660e3575ee15bdae89f820781e38182df Mon Sep 17 00:00:00 2001 From: ruowan Date: Wed, 23 Feb 2022 06:36:58 +0000 Subject: [PATCH 15/16] update build to use ubuntu18.04 --- azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 6208cc0e..a1ad91ff 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -44,7 +44,7 @@ jobs: reportDirectory: '$(System.DefaultWorkingDirectory)/**/coverage' - job: Build pool: - vmImage: 'Ubuntu 16.04' + vmImage: 'Ubuntu 18.04' steps: - task: Npm@1 displayName: 'npm pack' From ea7201d18b762e2a821290343ec7f3ee4ee17593 Mon Sep 17 00:00:00 2001 From: ruowan Date: Wed, 23 Feb 2022 07:14:29 +0000 Subject: [PATCH 16/16] fix build error --- package-lock.json | 1403 +++++++++++++++++++++++++++++---------------- src/index.ts | 2 +- 2 files changed, 909 insertions(+), 496 deletions(-) diff --git a/package-lock.json b/package-lock.json index ef900ba0..a137fd48 100644 --- a/package-lock.json +++ b/package-lock.json @@ -4,6 +4,15 @@ "lockfileVersion": 1, "requires": true, "dependencies": { + "@ampproject/remapping": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.1.2.tgz", + "integrity": "sha512-hoyByceqwKirw7w3Z7gnIIZC3Wx3J484Y3L/cMpXFbr7d9ZQj2mODrirNzcJa+SM3UlpWXYvKV4RlRpFXlWgXg==", + "dev": true, + "requires": { + "@jridgewell/trace-mapping": "^0.3.0" + } + }, "@azure/openapi-markdown": { "version": "0.9.4", "resolved": "https://registry.npmjs.org/@azure/openapi-markdown/-/openapi-markdown-0.9.4.tgz", @@ -42,45 +51,50 @@ "integrity": "sha512-oc6OHLdoLlOpO5GjMcOFETEhJi45CI3MVIhvVY/yqyGw9AtaqOYw5HzO3wTuYgYFeGS4v9iqFah0SNLZrpk3Sg==" }, "@babel/code-frame": { - "version": "7.10.1", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.10.1.tgz", - "integrity": "sha512-IGhtTmpjGbYzcEDOw7DcQtbQSXcG9ftmAXtWTu9V936vDye4xjjekktFAtgZsWpzTj/X01jocB46mTywm/4SZw==", + "version": "7.16.7", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.16.7.tgz", + "integrity": "sha512-iAXqUn8IIeBTNd72xsFlgaXHkMBMt6y4HJp1tIaK465CWLT/fG1aqB7ykr95gHHmlBdGbFeWWfyB4NJJ0nmeIg==", "dev": true, "requires": { - "@babel/highlight": "^7.10.1" + "@babel/highlight": "^7.16.7" } }, + "@babel/compat-data": { + "version": "7.17.0", + "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.17.0.tgz", + "integrity": "sha512-392byTlpGWXMv4FbyWw3sAZ/FrW/DrwqLGXpy0mbyNe9Taqv1mg9yON5/o0cnr8XYCkFTZbC1eV+c+LAROgrng==", + "dev": true + }, "@babel/core": { - "version": "7.10.2", - "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.10.2.tgz", - "integrity": "sha512-KQmV9yguEjQsXqyOUGKjS4+3K8/DlOCE2pZcq4augdQmtTy5iv5EHtmMSJ7V4c1BIPjuwtZYqYLCq9Ga+hGBRQ==", - "dev": true, - "requires": { - "@babel/code-frame": "^7.10.1", - "@babel/generator": "^7.10.2", - "@babel/helper-module-transforms": "^7.10.1", - "@babel/helpers": "^7.10.1", - "@babel/parser": "^7.10.2", - "@babel/template": "^7.10.1", - "@babel/traverse": "^7.10.1", - "@babel/types": "^7.10.2", + "version": "7.17.5", + "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.17.5.tgz", + "integrity": "sha512-/BBMw4EvjmyquN5O+t5eh0+YqB3XXJkYD2cjKpYtWOfFy4lQ4UozNSmxAcWT8r2XtZs0ewG+zrfsqeR15i1ajA==", + "dev": true, + "requires": { + "@ampproject/remapping": "^2.1.0", + "@babel/code-frame": "^7.16.7", + "@babel/generator": "^7.17.3", + "@babel/helper-compilation-targets": "^7.16.7", + "@babel/helper-module-transforms": "^7.16.7", + "@babel/helpers": "^7.17.2", + "@babel/parser": "^7.17.3", + "@babel/template": "^7.16.7", + "@babel/traverse": "^7.17.3", + "@babel/types": "^7.17.0", "convert-source-map": "^1.7.0", "debug": "^4.1.0", - "gensync": "^1.0.0-beta.1", + "gensync": "^1.0.0-beta.2", "json5": "^2.1.2", - "lodash": "^4.17.13", - "resolve": "^1.3.2", - "semver": "^5.4.1", - "source-map": "^0.5.0" + "semver": "^6.3.0" }, "dependencies": { "debug": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz", - "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==", + "version": "4.3.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.3.tgz", + "integrity": "sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q==", "dev": true, "requires": { - "ms": "^2.1.1" + "ms": "2.1.2" } }, "ms": { @@ -89,23 +103,22 @@ "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", "dev": true }, - "source-map": { - "version": "0.5.7", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz", - "integrity": "sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=", + "semver": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", + "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", "dev": true } } }, "@babel/generator": { - "version": "7.10.2", - "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.10.2.tgz", - "integrity": "sha512-AxfBNHNu99DTMvlUPlt1h2+Hn7knPpH5ayJ8OqDWSeLld+Fi2AYBTC/IejWDM9Edcii4UzZRCsbUt0WlSDsDsA==", + "version": "7.17.3", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.17.3.tgz", + "integrity": "sha512-+R6Dctil/MgUsZsZAkYgK+ADNSZzJRRy0TvY65T71z/CR854xHQ1EweBYXdfT+HNeN7w0cSJJEzgxZMv40pxsg==", "dev": true, "requires": { - "@babel/types": "^7.10.2", + "@babel/types": "^7.17.0", "jsesc": "^2.5.1", - "lodash": "^4.17.13", "source-map": "^0.5.0" }, "dependencies": { @@ -117,137 +130,151 @@ } } }, - "@babel/helper-function-name": { - "version": "7.10.1", - "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.10.1.tgz", - "integrity": "sha512-fcpumwhs3YyZ/ttd5Rz0xn0TpIwVkN7X0V38B9TWNfVF42KEkhkAAuPCQ3oXmtTRtiPJrmZ0TrfS0GKF0eMaRQ==", + "@babel/helper-compilation-targets": { + "version": "7.16.7", + "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.16.7.tgz", + "integrity": "sha512-mGojBwIWcwGD6rfqgRXVlVYmPAv7eOpIemUG3dGnDdCY4Pae70ROij3XmfrH6Fa1h1aiDylpglbZyktfzyo/hA==", "dev": true, "requires": { - "@babel/helper-get-function-arity": "^7.10.1", - "@babel/template": "^7.10.1", - "@babel/types": "^7.10.1" + "@babel/compat-data": "^7.16.4", + "@babel/helper-validator-option": "^7.16.7", + "browserslist": "^4.17.5", + "semver": "^6.3.0" + }, + "dependencies": { + "semver": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", + "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "dev": true + } } }, - "@babel/helper-get-function-arity": { - "version": "7.10.1", - "resolved": "https://registry.npmjs.org/@babel/helper-get-function-arity/-/helper-get-function-arity-7.10.1.tgz", - "integrity": "sha512-F5qdXkYGOQUb0hpRaPoetF9AnsXknKjWMZ+wmsIRsp5ge5sFh4c3h1eH2pRTTuy9KKAA2+TTYomGXAtEL2fQEw==", + "@babel/helper-environment-visitor": { + "version": "7.16.7", + "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.16.7.tgz", + "integrity": "sha512-SLLb0AAn6PkUeAfKJCCOl9e1R53pQlGAfc4y4XuMRZfqeMYLE0dM1LMhqbGAlGQY0lfw5/ohoYWAe9V1yibRag==", "dev": true, "requires": { - "@babel/types": "^7.10.1" + "@babel/types": "^7.16.7" } }, - "@babel/helper-member-expression-to-functions": { - "version": "7.10.1", - "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.10.1.tgz", - "integrity": "sha512-u7XLXeM2n50gb6PWJ9hoO5oO7JFPaZtrh35t8RqKLT1jFKj9IWeD1zrcrYp1q1qiZTdEarfDWfTIP8nGsu0h5g==", + "@babel/helper-function-name": { + "version": "7.16.7", + "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.16.7.tgz", + "integrity": "sha512-QfDfEnIUyyBSR3HtrtGECuZ6DAyCkYFp7GHl75vFtTnn6pjKeK0T1DB5lLkFvBea8MdaiUABx3osbgLyInoejA==", "dev": true, "requires": { - "@babel/types": "^7.10.1" + "@babel/helper-get-function-arity": "^7.16.7", + "@babel/template": "^7.16.7", + "@babel/types": "^7.16.7" } }, - "@babel/helper-module-imports": { - "version": "7.10.1", - "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.10.1.tgz", - "integrity": "sha512-SFxgwYmZ3HZPyZwJRiVNLRHWuW2OgE5k2nrVs6D9Iv4PPnXVffuEHy83Sfx/l4SqF+5kyJXjAyUmrG7tNm+qVg==", + "@babel/helper-get-function-arity": { + "version": "7.16.7", + "resolved": "https://registry.npmjs.org/@babel/helper-get-function-arity/-/helper-get-function-arity-7.16.7.tgz", + "integrity": "sha512-flc+RLSOBXzNzVhcLu6ujeHUrD6tANAOU5ojrRx/as+tbzf8+stUCj7+IfRRoAbEZqj/ahXEMsjhOhgeZsrnTw==", "dev": true, "requires": { - "@babel/types": "^7.10.1" + "@babel/types": "^7.16.7" } }, - "@babel/helper-module-transforms": { - "version": "7.10.1", - "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.10.1.tgz", - "integrity": "sha512-RLHRCAzyJe7Q7sF4oy2cB+kRnU4wDZY/H2xJFGof+M+SJEGhZsb+GFj5j1AD8NiSaVBJ+Pf0/WObiXu/zxWpFg==", + "@babel/helper-hoist-variables": { + "version": "7.16.7", + "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.16.7.tgz", + "integrity": "sha512-m04d/0Op34H5v7pbZw6pSKP7weA6lsMvfiIAMeIvkY/R4xQtBSMFEigu9QTZ2qB/9l22vsxtM8a+Q8CzD255fg==", "dev": true, "requires": { - "@babel/helper-module-imports": "^7.10.1", - "@babel/helper-replace-supers": "^7.10.1", - "@babel/helper-simple-access": "^7.10.1", - "@babel/helper-split-export-declaration": "^7.10.1", - "@babel/template": "^7.10.1", - "@babel/types": "^7.10.1", - "lodash": "^4.17.13" + "@babel/types": "^7.16.7" } }, - "@babel/helper-optimise-call-expression": { - "version": "7.10.1", - "resolved": "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.10.1.tgz", - "integrity": "sha512-a0DjNS1prnBsoKx83dP2falChcs7p3i8VMzdrSbfLhuQra/2ENC4sbri34dz/rWmDADsmF1q5GbfaXydh0Jbjg==", + "@babel/helper-module-imports": { + "version": "7.16.7", + "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.16.7.tgz", + "integrity": "sha512-LVtS6TqjJHFc+nYeITRo6VLXve70xmq7wPhWTqDJusJEgGmkAACWwMiTNrvfoQo6hEhFwAIixNkvB0jPXDL8Wg==", "dev": true, "requires": { - "@babel/types": "^7.10.1" + "@babel/types": "^7.16.7" } }, - "@babel/helper-plugin-utils": { - "version": "7.10.1", - "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.10.1.tgz", - "integrity": "sha512-fvoGeXt0bJc7VMWZGCAEBEMo/HAjW2mP8apF5eXK0wSqwLAVHAISCWRoLMBMUs2kqeaG77jltVqu4Hn8Egl3nA==", - "dev": true - }, - "@babel/helper-replace-supers": { - "version": "7.10.1", - "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.10.1.tgz", - "integrity": "sha512-SOwJzEfpuQwInzzQJGjGaiG578UYmyi2Xw668klPWV5n07B73S0a9btjLk/52Mlcxa+5AdIYqws1KyXRfMoB7A==", + "@babel/helper-module-transforms": { + "version": "7.17.6", + "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.17.6.tgz", + "integrity": "sha512-2ULmRdqoOMpdvkbT8jONrZML/XALfzxlb052bldftkicAUy8AxSCkD5trDPQcwHNmolcl7wP6ehNqMlyUw6AaA==", "dev": true, "requires": { - "@babel/helper-member-expression-to-functions": "^7.10.1", - "@babel/helper-optimise-call-expression": "^7.10.1", - "@babel/traverse": "^7.10.1", - "@babel/types": "^7.10.1" + "@babel/helper-environment-visitor": "^7.16.7", + "@babel/helper-module-imports": "^7.16.7", + "@babel/helper-simple-access": "^7.16.7", + "@babel/helper-split-export-declaration": "^7.16.7", + "@babel/helper-validator-identifier": "^7.16.7", + "@babel/template": "^7.16.7", + "@babel/traverse": "^7.17.3", + "@babel/types": "^7.17.0" } }, + "@babel/helper-plugin-utils": { + "version": "7.16.7", + "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.16.7.tgz", + "integrity": "sha512-Qg3Nk7ZxpgMrsox6HreY1ZNKdBq7K72tDSliA6dCl5f007jR4ne8iD5UzuNnCJH2xBf2BEEVGr+/OL6Gdp7RxA==", + "dev": true + }, "@babel/helper-simple-access": { - "version": "7.10.1", - "resolved": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.10.1.tgz", - "integrity": "sha512-VSWpWzRzn9VtgMJBIWTZ+GP107kZdQ4YplJlCmIrjoLVSi/0upixezHCDG8kpPVTBJpKfxTH01wDhh+jS2zKbw==", + "version": "7.16.7", + "resolved": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.16.7.tgz", + "integrity": "sha512-ZIzHVyoeLMvXMN/vok/a4LWRy8G2v205mNP0XOuf9XRLyX5/u9CnVulUtDgUTama3lT+bf/UqucuZjqiGuTS1g==", "dev": true, "requires": { - "@babel/template": "^7.10.1", - "@babel/types": "^7.10.1" + "@babel/types": "^7.16.7" } }, "@babel/helper-split-export-declaration": { - "version": "7.10.1", - "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.10.1.tgz", - "integrity": "sha512-UQ1LVBPrYdbchNhLwj6fetj46BcFwfS4NllJo/1aJsT+1dLTEnXJL0qHqtY7gPzF8S2fXBJamf1biAXV3X077g==", + "version": "7.16.7", + "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.16.7.tgz", + "integrity": "sha512-xbWoy/PFoxSWazIToT9Sif+jJTlrMcndIsaOKvTA6u7QEo7ilkRZpjew18/W3c7nm8fXdUDXh02VXTbZ0pGDNw==", "dev": true, "requires": { - "@babel/types": "^7.10.1" + "@babel/types": "^7.16.7" } }, "@babel/helper-validator-identifier": { - "version": "7.10.1", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.10.1.tgz", - "integrity": "sha512-5vW/JXLALhczRCWP0PnFDMCJAchlBvM7f4uk/jXritBnIa6E1KmqmtrS3yn1LAnxFBypQ3eneLuXjsnfQsgILw==", + "version": "7.16.7", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.16.7.tgz", + "integrity": "sha512-hsEnFemeiW4D08A5gUAZxLBTXpZ39P+a+DGDsHw1yxqyQ/jzFEnxf5uTEGp+3bzAbNOxU1paTgYS4ECU/IgfDw==", + "dev": true + }, + "@babel/helper-validator-option": { + "version": "7.16.7", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.16.7.tgz", + "integrity": "sha512-TRtenOuRUVo9oIQGPC5G9DgK4743cdxvtOw0weQNpZXaS16SCBi5MNjZF8vba3ETURjZpTbVn7Vvcf2eAwFozQ==", "dev": true }, "@babel/helpers": { - "version": "7.10.1", - "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.10.1.tgz", - "integrity": "sha512-muQNHF+IdU6wGgkaJyhhEmI54MOZBKsFfsXFhboz1ybwJ1Kl7IHlbm2a++4jwrmY5UYsgitt5lfqo1wMFcHmyw==", + "version": "7.17.2", + "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.17.2.tgz", + "integrity": "sha512-0Qu7RLR1dILozr/6M0xgj+DFPmi6Bnulgm9M8BVa9ZCWxDqlSnqt3cf8IDPB5m45sVXUZ0kuQAgUrdSFFH79fQ==", "dev": true, "requires": { - "@babel/template": "^7.10.1", - "@babel/traverse": "^7.10.1", - "@babel/types": "^7.10.1" + "@babel/template": "^7.16.7", + "@babel/traverse": "^7.17.0", + "@babel/types": "^7.17.0" } }, "@babel/highlight": { - "version": "7.10.1", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.10.1.tgz", - "integrity": "sha512-8rMof+gVP8mxYZApLF/JgNDAkdKa+aJt3ZYxF8z6+j/hpeXL7iMsKCPHa2jNMHu/qqBwzQF4OHNoYi8dMA/rYg==", + "version": "7.16.10", + "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.16.10.tgz", + "integrity": "sha512-5FnTQLSLswEj6IkgVw5KusNUUFY9ZGqe/TRFnP/BKYHYgfh7tc+C7mwiy95/yNP7Dh9x580Vv8r7u7ZfTBFxdw==", "dev": true, "requires": { - "@babel/helper-validator-identifier": "^7.10.1", + "@babel/helper-validator-identifier": "^7.16.7", "chalk": "^2.0.0", "js-tokens": "^4.0.0" } }, "@babel/parser": { - "version": "7.10.2", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.10.2.tgz", - "integrity": "sha512-PApSXlNMJyB4JiGVhCOlzKIif+TKFTvu0aQAhnTvfP/z3vVSN6ZypH5bfUNwFXXjRQtUEBNFd2PtmCmG2Py3qQ==", + "version": "7.17.3", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.17.3.tgz", + "integrity": "sha512-7yJPvPV+ESz2IUTPbOL+YkIGyCqOyNIzdguKQuJGnH7bg1WTIifuM21YqokFt/THWh1AkCRn9IgoykTRCBVpzA==", "dev": true }, "@babel/plugin-syntax-object-rest-spread": { @@ -260,40 +287,41 @@ } }, "@babel/template": { - "version": "7.10.1", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.10.1.tgz", - "integrity": "sha512-OQDg6SqvFSsc9A0ej6SKINWrpJiNonRIniYondK2ViKhB06i3c0s+76XUft71iqBEe9S1OKsHwPAjfHnuvnCig==", + "version": "7.16.7", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.16.7.tgz", + "integrity": "sha512-I8j/x8kHUrbYRTUxXrrMbfCa7jxkE7tZre39x3kjr9hvI82cK1FfqLygotcWN5kdPGWcLdWMHpSBavse5tWw3w==", "dev": true, "requires": { - "@babel/code-frame": "^7.10.1", - "@babel/parser": "^7.10.1", - "@babel/types": "^7.10.1" + "@babel/code-frame": "^7.16.7", + "@babel/parser": "^7.16.7", + "@babel/types": "^7.16.7" } }, "@babel/traverse": { - "version": "7.10.1", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.10.1.tgz", - "integrity": "sha512-C/cTuXeKt85K+p08jN6vMDz8vSV0vZcI0wmQ36o6mjbuo++kPMdpOYw23W2XH04dbRt9/nMEfA4W3eR21CD+TQ==", - "dev": true, - "requires": { - "@babel/code-frame": "^7.10.1", - "@babel/generator": "^7.10.1", - "@babel/helper-function-name": "^7.10.1", - "@babel/helper-split-export-declaration": "^7.10.1", - "@babel/parser": "^7.10.1", - "@babel/types": "^7.10.1", + "version": "7.17.3", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.17.3.tgz", + "integrity": "sha512-5irClVky7TxRWIRtxlh2WPUUOLhcPN06AGgaQSB8AEwuyEBgJVuJ5imdHm5zxk8w0QS5T+tDfnDxAlhWjpb7cw==", + "dev": true, + "requires": { + "@babel/code-frame": "^7.16.7", + "@babel/generator": "^7.17.3", + "@babel/helper-environment-visitor": "^7.16.7", + "@babel/helper-function-name": "^7.16.7", + "@babel/helper-hoist-variables": "^7.16.7", + "@babel/helper-split-export-declaration": "^7.16.7", + "@babel/parser": "^7.17.3", + "@babel/types": "^7.17.0", "debug": "^4.1.0", - "globals": "^11.1.0", - "lodash": "^4.17.13" + "globals": "^11.1.0" }, "dependencies": { "debug": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz", - "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==", + "version": "4.3.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.3.tgz", + "integrity": "sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q==", "dev": true, "requires": { - "ms": "^2.1.1" + "ms": "2.1.2" } }, "ms": { @@ -305,13 +333,12 @@ } }, "@babel/types": { - "version": "7.10.2", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.10.2.tgz", - "integrity": "sha512-AD3AwWBSz0AWF0AkCN9VPiWrvldXq+/e3cHa4J89vo4ymjz1XwrBFFVZmkJTsQIPNk+ZVomPSXUJqq8yyjZsng==", + "version": "7.17.0", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.17.0.tgz", + "integrity": "sha512-TmKSNO4D5rzhL5bjWFcVHHLETzfQ/AmbKpKPOSjlP0WoHZ6L911fgoOKY4Alp/emzG4cHJdyN49zpgkbXFEHHw==", "dev": true, "requires": { - "@babel/helper-validator-identifier": "^7.10.1", - "lodash": "^4.17.13", + "@babel/helper-validator-identifier": "^7.16.7", "to-fast-properties": "^2.0.0" } }, @@ -448,9 +475,9 @@ "dev": true }, "node-notifier": { - "version": "5.4.3", - "resolved": "https://registry.npmjs.org/node-notifier/-/node-notifier-5.4.3.tgz", - "integrity": "sha512-M4UBGcs4jeOK9CjTsYwkvH6/MzuUmGCyTW+kCY7uO+1ZVr0+FHGdPdIf5CCLqAaxnRrWidyoQlNkMIIVwbKB8Q==", + "version": "5.4.5", + "resolved": "https://registry.npmjs.org/node-notifier/-/node-notifier-5.4.5.tgz", + "integrity": "sha512-tVbHs7DyTLtzOiN78izLA85zRqB9NvEXkAf014Vx3jtSvn/xBl6bR8ZYifj+dFcFrKI21huSQgJZ6ZtL3B4HfQ==", "dev": true, "requires": { "growly": "^1.3.0", @@ -459,6 +486,21 @@ "shellwords": "^0.1.1", "which": "^1.3.0" } + }, + "semver": { + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", + "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", + "dev": true + }, + "which": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", + "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", + "dev": true, + "requires": { + "isexe": "^2.0.0" + } } } }, @@ -532,9 +574,9 @@ }, "dependencies": { "@types/yargs": { - "version": "13.0.9", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-13.0.9.tgz", - "integrity": "sha512-xrvhZ4DZewMDhoH1utLtOAwYQy60eYFoXeje30TzM3VOvQlBwQaEpKFq5m34k1wOw2AKIi2pwtiAjdmhvlBUzg==", + "version": "13.0.12", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-13.0.12.tgz", + "integrity": "sha512-qCxJE1qgz2y0hA4pIxjBR+PelCH0U5CK1XJXFwCNqfmliatKp47UCXXE9Dyk1OXBDLvsCF57TqQEJaeLfDYEOQ==", "dev": true, "requires": { "@types/yargs-parser": "*" @@ -542,6 +584,28 @@ } } }, + "@jridgewell/resolve-uri": { + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.0.5.tgz", + "integrity": "sha512-VPeQ7+wH0itvQxnG+lIzWgkysKIr3L9sslimFW55rHMdGu/qCQ5z5h9zq4gI8uBtqkpHhsF4Z/OwExufUCThew==", + "dev": true + }, + "@jridgewell/sourcemap-codec": { + "version": "1.4.11", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.11.tgz", + "integrity": "sha512-Fg32GrJo61m+VqYSdRSjRXMjQ06j8YIYfcTqndLYVAaHmroZHLJZCydsWBOTDqXS2v+mjxohBWEMfg97GXmYQg==", + "dev": true + }, + "@jridgewell/trace-mapping": { + "version": "0.3.4", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.4.tgz", + "integrity": "sha512-vFv9ttIedivx0ux3QSjhgtCVjPZd5l46ZOMDSCwnH1yUO2e964gO8LZGyv2QkqcgR6TnBU1v+1IFqmeoG+0UJQ==", + "dev": true, + "requires": { + "@jridgewell/resolve-uri": "^3.0.3", + "@jridgewell/sourcemap-codec": "^1.4.10" + } + }, "@ts-common/add-position": { "version": "0.0.2", "resolved": "https://registry.npmjs.org/@ts-common/add-position/-/add-position-0.0.2.tgz", @@ -703,6 +767,14 @@ "version": "0.3.6", "resolved": "https://registry.npmjs.org/@ts-common/iterator/-/iterator-0.3.6.tgz", "integrity": "sha512-nNdcleTj3qLlchH17HI/xqOc6sNgOqJ5DdRR0nOEVdJVZCo5bfqoQTu6+Q9ZwMhuETuR2d86MSlmaL2FVHnPjQ==" + }, + "node-fetch": { + "version": "2.6.7", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz", + "integrity": "sha512-ZjMPFEfVx5j+y2yF35Kzx5sF7kDzxuDj6ziH4FFbOp87zKDZNx8yExJIb05OGF4Nlt9IHFIMBkRl41VdvcNdbQ==", + "requires": { + "whatwg-url": "^5.0.0" + } } } }, @@ -715,9 +787,9 @@ } }, "@types/babel__core": { - "version": "7.1.8", - "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.1.8.tgz", - "integrity": "sha512-KXBiQG2OXvaPWFPDS1rD8yV9vO0OuWIqAEqLsbfX0oU2REN5KuoMnZ1gClWcBhO5I3n6oTVAmrMufOvRqdmFTQ==", + "version": "7.1.18", + "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.1.18.tgz", + "integrity": "sha512-S7unDjm/C7z2A2R9NzfKCK1I+BAALDtxEmsJBwlB3EzNfb929ykjL++1CK9LO++EIp2fQrC8O+BwjKvz6UeDyQ==", "dev": true, "requires": { "@babel/parser": "^7.1.0", @@ -728,18 +800,18 @@ } }, "@types/babel__generator": { - "version": "7.6.1", - "resolved": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.6.1.tgz", - "integrity": "sha512-bBKm+2VPJcMRVwNhxKu8W+5/zT7pwNEqeokFOmbvVSqGzFneNxYcEBro9Ac7/N9tlsaPYnZLK8J1LWKkMsLAew==", + "version": "7.6.4", + "resolved": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.6.4.tgz", + "integrity": "sha512-tFkciB9j2K755yrTALxD44McOrk+gfpIpvC3sxHjRawj6PfnQxrse4Clq5y/Rq+G3mrBurMax/lG8Qn2t9mSsg==", "dev": true, "requires": { "@babel/types": "^7.0.0" } }, "@types/babel__template": { - "version": "7.0.2", - "resolved": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.0.2.tgz", - "integrity": "sha512-/K6zCpeW7Imzgab2bLkLEbz0+1JlFSrUMdw7KoIIu+IUdu51GWaBZpd3y1VXGVXzynvGa4DaIaxNZHiON3GXUg==", + "version": "7.4.1", + "resolved": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.1.tgz", + "integrity": "sha512-azBFKemX6kMg5Io+/rdGT0dkGreboUVR0Cdm3fz9QJWpaQGJRQXl7C+6hOTCZcMll7KFyEQpgbYI2lHdsS4U7g==", "dev": true, "requires": { "@babel/parser": "^7.1.0", @@ -747,19 +819,14 @@ } }, "@types/babel__traverse": { - "version": "7.0.12", - "resolved": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.0.12.tgz", - "integrity": "sha512-t4CoEokHTfcyfb4hUaF9oOHu9RmmNWnm1CP0YmMqOOfClKascOmvlEM736vlqeScuGvBDsHkf8R2INd4DWreQA==", + "version": "7.14.2", + "resolved": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.14.2.tgz", + "integrity": "sha512-K2waXdXBi2302XUdcHcR1jCeU0LL4TD9HRs/gk0N2Xvrht+G/BfJa4QObBQZfhMdxiCpV3COl5Nfq4uKTeTnJA==", "dev": true, "requires": { "@babel/types": "^7.3.0" } }, - "@types/color-name": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/@types/color-name/-/color-name-1.1.1.tgz", - "integrity": "sha512-rr+OQyAjxze7GgWrSaJwydHStIhHq2lvY3BOC2Mj7KnzI7XK0Uw1TOOdI9lDoajEbSWLiYgoo4f1R51erQfhPQ==" - }, "@types/commonmark": { "version": "0.27.5", "resolved": "https://registry.npmjs.org/@types/commonmark/-/commonmark-0.27.5.tgz", @@ -767,8 +834,8 @@ }, "@types/glob": { "version": "7.2.0", - "resolved": "https://devdiv.pkgs.visualstudio.com/_packaging/openapi-platform/npm/registry/@types/glob/-/glob-7.2.0.tgz", - "integrity": "sha1-vBtb86qS8lvV3TnzXFc2G9zlsus=", + "resolved": "https://registry.npmjs.org/@types/glob/-/glob-7.2.0.tgz", + "integrity": "sha512-ZUxbzKl0IfJILTS6t7ip5fQQM/J3TJYubDm3nMbgubNNYS62eXeUpoLUC8/7fJNiFYHTrGPQn7hspDUzIHX3UA==", "dev": true, "requires": { "@types/minimatch": "*", @@ -776,9 +843,9 @@ } }, "@types/istanbul-lib-coverage": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.3.tgz", - "integrity": "sha512-sz7iLqvVUg1gIedBOvlkxPlc8/uVzyS5OwGz1cKjXzkl3FpL3al0crU8YGU1WoHkxn0Wxbw5tyi6hvzJKNzFsw==", + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.4.tgz", + "integrity": "sha512-z/QT1XN4K4KYuslS23k62yDIDLwLFkzxOuMplDtObz0+y7VqJCaO2o+SPwHCvLFZh7xazvvoor2tA/hPz9ee7g==", "dev": true }, "@types/istanbul-lib-report": { @@ -810,26 +877,26 @@ } }, "@types/js-yaml": { - "version": "3.12.4", - "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-3.12.4.tgz", - "integrity": "sha512-fYMgzN+9e28R81weVN49inn/u798ruU91En1ZnGvSZzCRc5jXx9B2EDhlRaWmcO1RIxFHL8AajRXzxDuJu93+A==", + "version": "3.12.7", + "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-3.12.7.tgz", + "integrity": "sha512-S6+8JAYTE1qdsc9HMVsfY7+SgSuUU/Tp6TYTmITW0PZxiyIMvol3Gy//y69Wkhs0ti4py5qgR3uZH6uz/DNzJQ==", "dev": true }, "@types/minimatch": { "version": "3.0.5", - "resolved": "https://devdiv.pkgs.visualstudio.com/_packaging/openapi-platform/npm/registry/@types/minimatch/-/minimatch-3.0.5.tgz", - "integrity": "sha1-EAHMXmo3BLg8I2An538vWOoBD0A=", + "resolved": "https://registry.npmjs.org/@types/minimatch/-/minimatch-3.0.5.tgz", + "integrity": "sha512-Klz949h02Gz2uZCMGwDUSDS1YBlTdDDgbWHi+81l29tQALUtvz4rAYi5uoVhE5Lagoq6DeqAUlbrHvW/mXDgdQ==", "dev": true }, "@types/node": { - "version": "10.17.26", - "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.26.tgz", - "integrity": "sha512-myMwkO2Cr82kirHY8uknNRHEVtn0wV3DTQfkrjx17jmkstDRZ24gNUdl8AHXVyVclTYI/bNjgTPTAWvWLqXqkw==" + "version": "10.17.60", + "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.60.tgz", + "integrity": "sha512-F0KIgDJfy2nA3zMLmWGKxcH2ZVEtCZXHHdOQs2gSaQ27+lNeEfGxzkIw90aXswATX7AZ33tahPbzy6KAfUreVw==" }, "@types/node-fetch": { - "version": "2.5.12", - "resolved": "https://registry.npmjs.org/@types/node-fetch/-/node-fetch-2.5.12.tgz", - "integrity": "sha512-MKgC4dlq4kKNa/mYrwpKfzQMB5X3ee5U6fSprkKpToBqBmX4nFZL9cW5jl6sWn+xpRJ7ypWh2yyqqr8UUCstSw==", + "version": "2.6.1", + "resolved": "https://registry.npmjs.org/@types/node-fetch/-/node-fetch-2.6.1.tgz", + "integrity": "sha512-oMqjURCaxoSIsHSr1E47QHzbmzNR5rK8McHuNb11BOM9cHcIK3Avy0s/b2JlXHoQGTYS3NsvWzV1M0iK7l0wbA==", "requires": { "@types/node": "*", "form-data": "^3.0.0" @@ -847,24 +914,24 @@ "dev": true }, "@types/yargs": { - "version": "15.0.5", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-15.0.5.tgz", - "integrity": "sha512-Dk/IDOPtOgubt/IaevIUbTgV7doaKkoorvOyYM2CMwuDyP89bekI7H4xLIwunNYiK9jhCkmc6pUrJk3cj2AB9w==", + "version": "15.0.14", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-15.0.14.tgz", + "integrity": "sha512-yEJzHoxf6SyQGhBhIYGXQDSCkJjB6HohDShto7m8vaKg9Yp0Yn8+71J9eakh2bnPg6BfsH9PRMhiRTZnd4eXGQ==", "dev": true, "requires": { "@types/yargs-parser": "*" } }, "@types/yargs-parser": { - "version": "15.0.0", - "resolved": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-15.0.0.tgz", - "integrity": "sha512-FA/BWv8t8ZWJ+gEOnLLd8ygxH/2UFbAvgEonyfN6yWGLKc7zVjbpl2Y4CTjid9h2RfgPP6SEt6uHwEOply00yw==", + "version": "20.2.1", + "resolved": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-20.2.1.tgz", + "integrity": "sha512-7tFImggNeNBVMsn0vLrpn1H1uPrUBdnARPTpZoitY37ZrdJREzf7I16tMrlK3hen349gr1NYh8CmZQa7CTG6Aw==", "dev": true }, "abab": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/abab/-/abab-2.0.3.tgz", - "integrity": "sha512-tsFzPpcttalNjFBCFMqsKYQcWxxen1pgJR56by//QwvJc4/OUS3kPOOttx2tSIfjsylB0pYu7f5D3K1RCxUnUg==", + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/abab/-/abab-2.0.5.tgz", + "integrity": "sha512-9IK9EadsbHo6jLWIpxpR6pL0sazTXV6+SQv25ZB+F7Bj9mJNaOc4nCRabwd5M/JwmUa8idz6Eci6eKfJryPs6Q==", "dev": true }, "acorn": { @@ -884,9 +951,9 @@ }, "dependencies": { "acorn": { - "version": "6.4.1", - "resolved": "https://registry.npmjs.org/acorn/-/acorn-6.4.1.tgz", - "integrity": "sha512-ZVA9k326Nwrj3Cj9jlh3wGFutC2ZornPNARZwsNYqQYgN0EsV2d53w5RN/co65Ohn4sUAUtb1rSUAOD6XN9idA==", + "version": "6.4.2", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-6.4.2.tgz", + "integrity": "sha512-XtGIhXwF8YM8bJhGxG5kXgjkEuNGLTkoYqVE+KMR+aspr4KGYmKYg7yUe3KghyQ9yheNwLnjmzh/7+gfDBmHCQ==", "dev": true } } @@ -898,9 +965,9 @@ "dev": true }, "ajv": { - "version": "6.12.2", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.2.tgz", - "integrity": "sha512-k+V+hzjm5q/Mr8ef/1Y9goCmlsK4I6Sm74teeyGvFk1XrOsbsKLjEdrvny42CZ+a8sXbk8KWpY/bDwS+FLL2UQ==", + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", "dev": true, "requires": { "fast-deep-equal": "^3.1.1", @@ -916,16 +983,15 @@ "dev": true }, "ansi-regex": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz", - "integrity": "sha512-bY6fj56OUQ0hU1KjFNDQuJFezqKdrAyFdIevADiqrWHwSlbmBNMHp5ak2f40Pm8JTFyM2mqxkG6ngkHO11f/lg==" + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==" }, "ansi-styles": { - "version": "4.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.2.1.tgz", - "integrity": "sha512-9VGjrMsG1vePxcSweQsN20KY/c4zN0h9fLjqAbwbPfahM3t+NL+M9HC8xeXG2I8pX5NoamTGNuomEUFI7fcUjA==", + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", "requires": { - "@types/color-name": "^1.1.1", "color-convert": "^2.0.1" } }, @@ -978,9 +1044,9 @@ "dev": true }, "asn1": { - "version": "0.2.4", - "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz", - "integrity": "sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==", + "version": "0.2.6", + "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz", + "integrity": "sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==", "dev": true, "requires": { "safer-buffer": "~2.1.0" @@ -1036,9 +1102,9 @@ "dev": true }, "aws4": { - "version": "1.10.0", - "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.10.0.tgz", - "integrity": "sha512-3YDiu347mtVtjpyV3u5kVqQLP242c06zwDOgpeRnybmXlYYsLbtTrUBUm8i8srONt+FWobl5aibnU1030PeeuA==", + "version": "1.11.0", + "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.11.0.tgz", + "integrity": "sha512-xh1Rl34h6Fi1DC2WWKfxUTVqRsNnr6LsKz2+hfwDxQJWmrx8+c7ylaqBMcHfl1U1r2dsifOvKX3LQuLNZ+XSvA==", "dev": true }, "babel-jest": { @@ -1124,9 +1190,9 @@ } }, "balanced-match": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz", - "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=" + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==" }, "base": { "version": "0.11.2", @@ -1263,6 +1329,19 @@ } } }, + "browserslist": { + "version": "4.19.3", + "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.19.3.tgz", + "integrity": "sha512-XK3X4xtKJ+Txj8G5c30B4gsm71s69lqXlkYui4s6EkKxuv49qjYlY6oVd+IFJ73d4YymtM3+djvvt/R/iJwwDg==", + "dev": true, + "requires": { + "caniuse-lite": "^1.0.30001312", + "electron-to-chromium": "^1.4.71", + "escalade": "^3.1.1", + "node-releases": "^2.0.2", + "picocolors": "^1.0.0" + } + }, "bser": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", @@ -1273,9 +1352,9 @@ } }, "buffer-from": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz", - "integrity": "sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A==", + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==", "dev": true }, "builtin-modules": { @@ -1301,6 +1380,16 @@ "unset-value": "^1.0.0" } }, + "call-bind": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", + "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", + "dev": true, + "requires": { + "function-bind": "^1.1.1", + "get-intrinsic": "^1.0.2" + } + }, "callsites": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", @@ -1312,6 +1401,12 @@ "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==" }, + "caniuse-lite": { + "version": "1.0.30001312", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001312.tgz", + "integrity": "sha512-Wiz1Psk2MEK0pX3rUzWaunLTZzqS2JYZFzNKqAiJGiuxIjRPLgV6+VDPOg6lQOUxmDwhTlh198JsTTi8Hzw6aQ==", + "dev": true + }, "capture-exit": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/capture-exit/-/capture-exit-2.0.0.tgz", @@ -1447,14 +1542,21 @@ "dev": true }, "commonmark": { - "version": "0.29.1", - "resolved": "https://registry.npmjs.org/commonmark/-/commonmark-0.29.1.tgz", - "integrity": "sha512-DafPdNYFXoEhsSiR4O+dJ45UJBfDL4cBTks4B+agKiaWt7qjG0bIhg5xuCE0RqU71ikJcBIf4/sRHh9vYQVF8Q==", + "version": "0.29.3", + "resolved": "https://registry.npmjs.org/commonmark/-/commonmark-0.29.3.tgz", + "integrity": "sha512-fvt/NdOFKaL2gyhltSy6BC4LxbbxbnPxBMl923ittqO/JBM0wQHaoYZliE4tp26cRxX/ZZtRsJlZzQrVdUkXAA==", "requires": { - "entities": "~1.1.1", + "entities": "~2.0", "mdurl": "~1.0.1", - "minimist": "~1.2.0", + "minimist": ">=1.2.2", "string.prototype.repeat": "^0.2.0" + }, + "dependencies": { + "entities": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/entities/-/entities-2.0.3.tgz", + "integrity": "sha512-MyoZ0jgnLvB2X3Lg5HqpFmn1kybDiIfEQmKzTb5apr51Rb+T3KdmMiqa70T+bhGnyv7bQ6WMj2QMHpGMmlrUYQ==" + } } }, "component-emitter": { @@ -1469,9 +1571,9 @@ "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=" }, "convert-source-map": { - "version": "1.7.0", - "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.7.0.tgz", - "integrity": "sha512-4FJkXzKXEDB1snCFZlLP4gpC3JILicCpGbzG9f9G7tGqGCzETQ2hWPrcinA9oU4wtf2biUaEH5065UnMeR33oA==", + "version": "1.8.0", + "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.8.0.tgz", + "integrity": "sha512-+OQdjP49zViI/6i7nIJpA8rAl4sV/JdPfU9nZs3VqOwGIgizICvuN2ru6fMd+4llL0tar18UYJXfZ/TWtmhUjA==", "dev": true, "requires": { "safe-buffer": "~5.1.1" @@ -1500,6 +1602,23 @@ "semver": "^5.5.0", "shebang-command": "^1.2.0", "which": "^1.2.9" + }, + "dependencies": { + "semver": { + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", + "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", + "dev": true + }, + "which": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", + "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", + "dev": true, + "requires": { + "isexe": "^2.0.0" + } + } } }, "cssom": { @@ -1526,6 +1645,11 @@ "assert-plus": "^1.0.0" } }, + "data-uri-to-buffer": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/data-uri-to-buffer/-/data-uri-to-buffer-4.0.0.tgz", + "integrity": "sha512-Vr3mLBA8qWmcuschSLAOogKgQ/Jwxulv3RNE4FXnYWRGujzrRWQI4m12fQqRkwX06C0KanhLr4hK+GydchZsaA==" + }, "data-urls": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/data-urls/-/data-urls-1.1.0.tgz", @@ -1537,6 +1661,21 @@ "whatwg-url": "^7.0.0" }, "dependencies": { + "tr46": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-1.0.1.tgz", + "integrity": "sha1-qLE/1r/SSJUZZ0zN5VujaTtwbQk=", + "dev": true, + "requires": { + "punycode": "^2.1.0" + } + }, + "webidl-conversions": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-4.0.2.tgz", + "integrity": "sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg==", + "dev": true + }, "whatwg-url": { "version": "7.1.0", "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-7.1.0.tgz", @@ -1571,9 +1710,9 @@ "dev": true }, "deep-is": { - "version": "0.1.3", - "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.3.tgz", - "integrity": "sha1-s2nW+128E+7PUk+RsHD+7cNXzzQ=", + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==", "dev": true }, "define-properties": { @@ -1680,6 +1819,14 @@ "dev": true, "requires": { "webidl-conversions": "^4.0.2" + }, + "dependencies": { + "webidl-conversions": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-4.0.2.tgz", + "integrity": "sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg==", + "dev": true + } } }, "ecc-jsbn": { @@ -1692,6 +1839,12 @@ "safer-buffer": "^2.1.0" } }, + "electron-to-chromium": { + "version": "1.4.71", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.71.tgz", + "integrity": "sha512-Hk61vXXKRb2cd3znPE9F+2pLWdIOmP7GjiTj45y6L3W/lO+hSnUSUhq+6lEaERWBdZOHbk2s3YV5c9xVl3boVw==", + "dev": true + }, "emoji-regex": { "version": "8.0.0", "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", @@ -1721,22 +1874,31 @@ } }, "es-abstract": { - "version": "1.17.6", - "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.17.6.tgz", - "integrity": "sha512-Fr89bON3WFyUi5EvAeI48QTWX0AyekGgLA8H+c+7fbfCkJwRWRMLd8CQedNEyJuoYYhmtEqY92pgte1FAhBlhw==", + "version": "1.19.1", + "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.19.1.tgz", + "integrity": "sha512-2vJ6tjA/UfqLm2MPs7jxVybLoB8i1t1Jd9R3kISld20sIxPcTbLuggQOUxeWeAvIUkduv/CfMjuh4WmiXr2v9w==", "dev": true, "requires": { + "call-bind": "^1.0.2", "es-to-primitive": "^1.2.1", "function-bind": "^1.1.1", + "get-intrinsic": "^1.1.1", + "get-symbol-description": "^1.0.0", "has": "^1.0.3", - "has-symbols": "^1.0.1", - "is-callable": "^1.2.0", - "is-regex": "^1.1.0", - "object-inspect": "^1.7.0", + "has-symbols": "^1.0.2", + "internal-slot": "^1.0.3", + "is-callable": "^1.2.4", + "is-negative-zero": "^2.0.1", + "is-regex": "^1.1.4", + "is-shared-array-buffer": "^1.0.1", + "is-string": "^1.0.7", + "is-weakref": "^1.0.1", + "object-inspect": "^1.11.0", "object-keys": "^1.1.1", - "object.assign": "^4.1.0", - "string.prototype.trimend": "^1.0.1", - "string.prototype.trimstart": "^1.0.1" + "object.assign": "^4.1.2", + "string.prototype.trimend": "^1.0.4", + "string.prototype.trimstart": "^1.0.4", + "unbox-primitive": "^1.0.1" } }, "es-to-primitive": { @@ -1750,6 +1912,12 @@ "is-symbol": "^1.0.2" } }, + "escalade": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz", + "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==", + "dev": true + }, "escape-string-regexp": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", @@ -1757,9 +1925,9 @@ "dev": true }, "escodegen": { - "version": "1.14.2", - "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-1.14.2.tgz", - "integrity": "sha512-InuOIiKk8wwuOFg6x9BQXbzjrQhtyXh46K9bqVTPzSo2FnyMBaYGBMC6PhQy7yxxil9vIedFBweQBMK74/7o8A==", + "version": "1.14.3", + "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-1.14.3.tgz", + "integrity": "sha512-qFcX0XJkdg+PB3xjZZG/wKSuT1PnQWx57+TVSjIMmILd2yC/6ByYElPwJnslDsuWuSAp4AwJGumarAAmJch5Kw==", "dev": true, "requires": { "esprima": "^4.0.1", @@ -1805,9 +1973,9 @@ "dev": true }, "exec-sh": { - "version": "0.3.4", - "resolved": "https://registry.npmjs.org/exec-sh/-/exec-sh-0.3.4.tgz", - "integrity": "sha512-sEFIkc61v75sWeOe72qyrqg2Qg0OuLESziUDk/O/z2qgS15y2gWVFrI6f2Qn/qw/0/NCfCEsmNA4zOjkwEZT1A==", + "version": "0.3.6", + "resolved": "https://registry.npmjs.org/exec-sh/-/exec-sh-0.3.6.tgz", + "integrity": "sha512-nQn+hI3yp+oD0huYhKwvYI32+JFeq+XkNcD1GAo3Y/MjxsfVGmrrzrnzjWiNY6f+pUCP440fThsFh5gZrRAU/w==", "dev": true }, "execa": { @@ -2037,6 +2205,15 @@ "bser": "2.1.1" } }, + "fetch-blob": { + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/fetch-blob/-/fetch-blob-3.1.4.tgz", + "integrity": "sha512-Eq5Xv5+VlSrYWEqKrusxY1C3Hm/hjeAsCGVG3ft7pZahlUAChpGZT/Ms1WmSLnEAisEXszjzu/s+ce6HZB2VHA==", + "requires": { + "node-domexception": "^1.0.0", + "web-streams-polyfill": "^3.0.3" + } + }, "file-uri-to-path": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz", @@ -2076,6 +2253,15 @@ "path-exists": "^4.0.0" } }, + "for-each": { + "version": "0.3.3", + "resolved": "https://registry.npmjs.org/for-each/-/for-each-0.3.3.tgz", + "integrity": "sha512-jqYfLp7mo9vIyQf8ykW2v7A+2N4QjeCeI5+Dz9XraiO1ign81wjiH7Fb9vSOWvQfNtmSa4H2RoQTrrXivdUZmw==", + "dev": true, + "requires": { + "is-callable": "^1.1.3" + } + }, "for-in": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/for-in/-/for-in-1.0.2.tgz", @@ -2098,6 +2284,14 @@ "mime-types": "^2.1.12" } }, + "formdata-polyfill": { + "version": "4.0.10", + "resolved": "https://registry.npmjs.org/formdata-polyfill/-/formdata-polyfill-4.0.10.tgz", + "integrity": "sha512-buewHzMvYL29jdeQTVILecSaZKnt/RJWjoZCF5OW60Z67/GmSLBkOFM7qh1PI3zFNtJbaZL5eQu1vLfazOwj4g==", + "requires": { + "fetch-blob": "^3.1.2" + } + }, "fragment-cache": { "version": "0.2.1", "resolved": "https://registry.npmjs.org/fragment-cache/-/fragment-cache-0.2.1.tgz", @@ -2138,9 +2332,9 @@ "dev": true }, "gensync": { - "version": "1.0.0-beta.1", - "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.1.tgz", - "integrity": "sha512-r8EC6NO1sngH/zdD9fiRDLdcgnbayXah+mLgManTaIZJqEC1MZstmnox8KpnI2/fxQwrp5OpCOYWLp4rBl4Jcg==", + "version": "1.0.0-beta.2", + "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", + "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==", "dev": true }, "get-caller-file": { @@ -2148,6 +2342,17 @@ "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==" }, + "get-intrinsic": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.1.1.tgz", + "integrity": "sha512-kWZrnVM42QCiEA2Ig1bG8zjoIMOgxWwYCEeNdwY6Tv/cOSeGpcoX4pXHfKUxNKVoArnrEr2e9srnAxxGIraS9Q==", + "dev": true, + "requires": { + "function-bind": "^1.1.1", + "has": "^1.0.3", + "has-symbols": "^1.0.1" + } + }, "get-stream": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-4.1.0.tgz", @@ -2157,6 +2362,16 @@ "pump": "^3.0.0" } }, + "get-symbol-description": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/get-symbol-description/-/get-symbol-description-1.0.0.tgz", + "integrity": "sha512-2EmdH1YvIQiZpltCNgkuiUnyukzxM/R6NDJX31Ke3BG1Nq5b0S2PhX59UKi9vZpPDQVdqn+1IcaAwnzTT5vCjw==", + "dev": true, + "requires": { + "call-bind": "^1.0.2", + "get-intrinsic": "^1.1.1" + } + }, "get-value": { "version": "2.0.6", "resolved": "https://registry.npmjs.org/get-value/-/get-value-2.0.6.tgz", @@ -2174,8 +2389,8 @@ }, "glob": { "version": "7.2.0", - "resolved": "https://devdiv.pkgs.visualstudio.com/_packaging/openapi-platform/npm/registry/glob/-/glob-7.2.0.tgz", - "integrity": "sha1-0VU1r3cy4C6Uj0xBYovZECk/YCM=", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz", + "integrity": "sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==", "requires": { "fs.realpath": "^1.0.0", "inflight": "^1.0.4", @@ -2192,9 +2407,9 @@ "dev": true }, "graceful-fs": { - "version": "4.2.4", - "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.4.tgz", - "integrity": "sha512-WjKPNJF79dtJAVniUlGGWHYGz2jWxT6VhN/4m1NdkbZ2nOsEF+cI1Edgql5zCRhs/VsQYRvrXctxktVXZUkixw==", + "version": "4.2.9", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.9.tgz", + "integrity": "sha512-NtNxqUcXgpW2iMrfqSfR73Glt39K+BLwWsPs94yR63v45T0Wbej7eRmL5cWfwEgqXnmjQp3zaJTshdRW/qC2ZQ==", "dev": true }, "growly": { @@ -2209,12 +2424,12 @@ "dev": true }, "har-validator": { - "version": "5.1.3", - "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-5.1.3.tgz", - "integrity": "sha512-sNvOCzEQNr/qrvJgc3UG/kD4QtlHycrzwS+6mfTrrSq97BvaYcPZZI1ZSqGSPR73Cxn4LKTD4PttRwfU7jWq5g==", + "version": "5.1.5", + "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-5.1.5.tgz", + "integrity": "sha512-nmT2T0lljbxdQZfspsno9hgrG3Uir6Ks5afism62poxqBM6sDnMEuPmzTq8XN0OEwqKLLdh1jQI3qyE66Nzb3w==", "dev": true, "requires": { - "ajv": "^6.5.5", + "ajv": "^6.12.3", "har-schema": "^2.0.0" } }, @@ -2227,6 +2442,12 @@ "function-bind": "^1.1.1" } }, + "has-bigints": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.0.1.tgz", + "integrity": "sha512-LSBS2LjbNBTf6287JEbEzvJgftkF5qFkmCo9hDRpAzKhUOlJ+hx8dd4USs00SgsUNwc4617J9ki5YtEClM2ffA==", + "dev": true + }, "has-flag": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", @@ -2234,11 +2455,20 @@ "dev": true }, "has-symbols": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.1.tgz", - "integrity": "sha512-PLcsoqu++dmEIZB+6totNFKq/7Do+Z0u4oT0zKOJNl3lYK6vGwwu2hjHs+68OEZbTjiUE9bgOABXbP/GvrS0Kg==", + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.2.tgz", + "integrity": "sha512-chXa79rL/UC2KlX17jo3vRGz0azaWEx5tGqZg5pO3NUyEJVB17dMruQlzCCOfUvElghKcm5194+BCRvi2Rv/Gw==", "dev": true }, + "has-tostringtag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.0.tgz", + "integrity": "sha512-kFjcSNhnlGV1kyoGk7OXKSawH5JOb/LzUc5w9B02hOTO0dfFRjbHQKvg1d6cf3HbeUmtU9VbbV3qzZ2Teh97WQ==", + "dev": true, + "requires": { + "has-symbols": "^1.0.2" + } + }, "has-value": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/has-value/-/has-value-1.0.0.tgz", @@ -2339,8 +2569,19 @@ }, "inherits": { "version": "2.0.4", - "resolved": "https://devdiv.pkgs.visualstudio.com/_packaging/openapi-platform/npm/registry/inherits/-/inherits-2.0.4.tgz", - "integrity": "sha1-D6LGT5MpF8NDOg3tVTY6rjdBa3w=" + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" + }, + "internal-slot": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/internal-slot/-/internal-slot-1.0.3.tgz", + "integrity": "sha512-O0DB1JC/sPyZl7cIo78n5dR7eUSwwpYPiXRhTzNxZVAMUuB8vlnRFyLxdrVToks6XPLVnFfbzaVd5WLjhgg+vA==", + "dev": true, + "requires": { + "get-intrinsic": "^1.1.0", + "has": "^1.0.3", + "side-channel": "^1.0.4" + } }, "invariant": { "version": "2.2.4", @@ -2377,6 +2618,25 @@ "integrity": "sha1-d8mYQFJ6qOyxqLppe4BkWnqSap0=", "dev": true }, + "is-bigint": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/is-bigint/-/is-bigint-1.0.4.tgz", + "integrity": "sha512-zB9CruMamjym81i2JZ3UMn54PKGsQzsJeo6xvN3HJJ4CAsQNB6iRutp2To77OfCNuoxspsIhzaPoO1zyCEhFOg==", + "dev": true, + "requires": { + "has-bigints": "^1.0.1" + } + }, + "is-boolean-object": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/is-boolean-object/-/is-boolean-object-1.1.2.tgz", + "integrity": "sha512-gDYaKHJmnj4aWxyj6YHyXVpdQawtVLHU5cb+eztPGczf6cjuTdwve5ZIEfgXqH4e57An1D1AKf8CZ3kYrQRqYA==", + "dev": true, + "requires": { + "call-bind": "^1.0.2", + "has-tostringtag": "^1.0.0" + } + }, "is-buffer": { "version": "1.1.6", "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz", @@ -2384,9 +2644,9 @@ "dev": true }, "is-callable": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.0.tgz", - "integrity": "sha512-pyVD9AaGLxtg6srb2Ng6ynWJqkHU9bEM087AKck0w8QwDarTfNcpIYoU8x8Hv2Icm8u6kFJM18Dag8lyqGkviw==", + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.4.tgz", + "integrity": "sha512-nsuwtxZfMX67Oryl9LCQ+upnC0Z0BgpwntpS89m1H/TLF0zNfzfLMV/9Wa/6MZsj0acpEjAO0KF1xT6ZdLl95w==", "dev": true }, "is-ci": { @@ -2398,6 +2658,15 @@ "ci-info": "^2.0.0" } }, + "is-core-module": { + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.8.1.tgz", + "integrity": "sha512-SdNCUs284hr40hFTFP6l0IfZ/RSrMXF3qgoRHd3/79unUTvrFO/JoXwkGm+5J/Oe3E/b5GsnG330uUNgRpu1PA==", + "dev": true, + "requires": { + "has": "^1.0.3" + } + }, "is-data-descriptor": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz", @@ -2419,10 +2688,13 @@ } }, "is-date-object": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.2.tgz", - "integrity": "sha512-USlDT524woQ08aoZFzh3/Z6ch9Y/EWXEHQ/AaRN0SkKq4t2Jw2R2339tSXmwuVoY7LLlBCbOIlx2myP/L5zk0g==", - "dev": true + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.5.tgz", + "integrity": "sha512-9YQaSxsAiSwcvS33MBk3wTCVnWK+HhF8VZR2jRxehM16QcVOdHqPn4VPHmRK4lSr38n9JriurInLcP90xsYNfQ==", + "dev": true, + "requires": { + "has-tostringtag": "^1.0.0" + } }, "is-descriptor": { "version": "0.1.6", @@ -2444,9 +2716,9 @@ } }, "is-docker": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-2.1.1.tgz", - "integrity": "sha512-ZOoqiXfEwtGknTiuDEy8pN2CfE3TxMHprvNer1mXiqwkOT77Rw3YVrUQ52EqAOU3QAWDQ+bQdx7HJzrv7LS2Hw==" + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", + "integrity": "sha512-F+i2BKsFrH66iaUFc0woD8sLy8getkwTwtOBjvs56Cx4CgJDeKQeqfz8wAYiSb8JOprWhHH5p77PbmYCvvUuXQ==" }, "is-extendable": { "version": "0.1.1", @@ -2465,6 +2737,12 @@ "integrity": "sha512-cTIB4yPYL/Grw0EaSzASzg6bBy9gqCofvWN8okThAYIxKJZC+udlRAmGbM0XLeniEJSs8uEgHPGuHSe1XsOLSQ==", "dev": true }, + "is-negative-zero": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/is-negative-zero/-/is-negative-zero-2.0.2.tgz", + "integrity": "sha512-dqJvarLawXsFbNDeJW7zAz8ItJ9cd28YufuuFzh0G8pNHjJMnY08Dv7sYX2uF5UpQOwieAeOExEYAWWfu7ZZUA==", + "dev": true + }, "is-number": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/is-number/-/is-number-3.0.0.tgz", @@ -2485,6 +2763,15 @@ } } }, + "is-number-object": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/is-number-object/-/is-number-object-1.0.6.tgz", + "integrity": "sha512-bEVOqiRcvo3zO1+G2lVMy+gkkEm9Yh7cDMRusKKu5ZJKPUYSJwICTKZrNKHA2EbSP0Tu0+6B/emsYNHZyn6K8g==", + "dev": true, + "requires": { + "has-tostringtag": "^1.0.0" + } + }, "is-plain-object": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", @@ -2495,27 +2782,43 @@ } }, "is-regex": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.1.0.tgz", - "integrity": "sha512-iI97M8KTWID2la5uYXlkbSDQIg4F6o1sYboZKKTDpnDQMLtUL86zxhgDet3Q2SriaYsyGqZ6Mn2SjbRKeLHdqw==", + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.1.4.tgz", + "integrity": "sha512-kvRdxDsxZjhzUX07ZnLydzS1TU/TJlTUHHY4YLL87e37oUA49DfkLqgy+VjFocowy29cKvcSiu+kIv728jTTVg==", "dev": true, "requires": { - "has-symbols": "^1.0.1" + "call-bind": "^1.0.2", + "has-tostringtag": "^1.0.0" } }, + "is-shared-array-buffer": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-shared-array-buffer/-/is-shared-array-buffer-1.0.1.tgz", + "integrity": "sha512-IU0NmyknYZN0rChcKhRO1X8LYz5Isj/Fsqh8NJOSf+N/hCOTwy29F32Ik7a+QszE63IdvmwdTPDd6cZ5pg4cwA==", + "dev": true + }, "is-stream": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", "dev": true }, + "is-string": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/is-string/-/is-string-1.0.7.tgz", + "integrity": "sha512-tE2UXzivje6ofPW7l23cjDOMa09gb7xlAqG6jG5ej6uPV32TlWP3NKPigtaGeHNu9fohccRYvIiZMfOOnOYUtg==", + "dev": true, + "requires": { + "has-tostringtag": "^1.0.0" + } + }, "is-symbol": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.3.tgz", - "integrity": "sha512-OwijhaRSgqvhm/0ZdAcXNZt9lYdKFpcRDT5ULUuYXPoT794UNOdU+gpT6Rzo7b4V2HUl/op6GqY894AZwv9faQ==", + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.4.tgz", + "integrity": "sha512-C/CPBqKWnvdcxqIARxyOh4v1UUEOCHpgDa0WYgpKDFMszcrPcffg5uhwSgPCLD2WWxmq6isisz87tzT01tuGhg==", "dev": true, "requires": { - "has-symbols": "^1.0.1" + "has-symbols": "^1.0.2" } }, "is-typedarray": { @@ -2524,6 +2827,15 @@ "integrity": "sha1-5HnICFjfDBsR3dppQPlgEfzaSpo=", "dev": true }, + "is-weakref": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/is-weakref/-/is-weakref-1.0.2.tgz", + "integrity": "sha512-qctsuLZmIQ0+vSSMfoVvyFe2+GSEvnmZ2ezTup1SBse9+twCCeial6EEi3Nc2KFcf6+qz2FBPnjXsk8xhKSaPQ==", + "dev": true, + "requires": { + "call-bind": "^1.0.2" + } + }, "is-windows": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz", @@ -2626,12 +2938,12 @@ }, "dependencies": { "debug": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz", - "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==", + "version": "4.3.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.3.tgz", + "integrity": "sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q==", "dev": true, "requires": { - "ms": "^2.1.1" + "ms": "2.1.2" } }, "ms": { @@ -3054,9 +3366,9 @@ } }, "jest-pnp-resolver": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.1.tgz", - "integrity": "sha512-pgFw2tm54fzgYvc/OHrnysABEObZCUNFnhjoRjaVOCN8NYc032/gVjPaHD4Aq6ApkSieWtfKAFQtmDKAmhupnQ==", + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.2.tgz", + "integrity": "sha512-olV41bKSMm8BdnuMsewT4jqlZ8+3TCARAXjZGT9jcoSnrfUnRCqnMoF9XEeoWjbzObpqF9dRhHQj0Xb9QdF6/w==", "dev": true }, "jest-regex-util": { @@ -3148,9 +3460,9 @@ }, "dependencies": { "@types/yargs": { - "version": "13.0.9", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-13.0.9.tgz", - "integrity": "sha512-xrvhZ4DZewMDhoH1utLtOAwYQy60eYFoXeje30TzM3VOvQlBwQaEpKFq5m34k1wOw2AKIi2pwtiAjdmhvlBUzg==", + "version": "13.0.12", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-13.0.12.tgz", + "integrity": "sha512-qCxJE1qgz2y0hA4pIxjBR+PelCH0U5CK1XJXFwCNqfmliatKp47UCXXE9Dyk1OXBDLvsCF57TqQEJaeLfDYEOQ==", "dev": true, "requires": { "@types/yargs-parser": "*" @@ -3389,9 +3701,9 @@ }, "dependencies": { "@types/yargs": { - "version": "13.0.9", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-13.0.9.tgz", - "integrity": "sha512-xrvhZ4DZewMDhoH1utLtOAwYQy60eYFoXeje30TzM3VOvQlBwQaEpKFq5m34k1wOw2AKIi2pwtiAjdmhvlBUzg==", + "version": "13.0.12", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-13.0.12.tgz", + "integrity": "sha512-qCxJE1qgz2y0hA4pIxjBR+PelCH0U5CK1XJXFwCNqfmliatKp47UCXXE9Dyk1OXBDLvsCF57TqQEJaeLfDYEOQ==", "dev": true, "requires": { "@types/yargs-parser": "*" @@ -3427,9 +3739,9 @@ "dev": true }, "js-yaml": { - "version": "3.14.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.0.tgz", - "integrity": "sha512-/4IbIeHcD9VMHFqDR/gQ7EdZdLimOvW2DdcxFjdyyZ9NsbS+ccrXqVWDtab/lRl5AlUqmpBx8EhPaWR+OtY17A==", + "version": "3.14.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", "requires": { "argparse": "^1.0.7", "esprima": "^4.0.0" @@ -3473,6 +3785,34 @@ "whatwg-url": "^6.4.1", "ws": "^5.2.0", "xml-name-validator": "^3.0.0" + }, + "dependencies": { + "tr46": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-1.0.1.tgz", + "integrity": "sha1-qLE/1r/SSJUZZ0zN5VujaTtwbQk=", + "dev": true, + "requires": { + "punycode": "^2.1.0" + } + }, + "webidl-conversions": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-4.0.2.tgz", + "integrity": "sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg==", + "dev": true + }, + "whatwg-url": { + "version": "6.5.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-6.5.0.tgz", + "integrity": "sha512-rhRZRqx/TLJQWUpQ6bmrt2UV4f0HCQ463yQuONJqC6fO2VoEb1pTYddbe59SkYq87aoM5A3bdhMZiUiVws+fzQ==", + "dev": true, + "requires": { + "lodash.sortby": "^4.7.0", + "tr46": "^1.0.1", + "webidl-conversions": "^4.0.2" + } + } } }, "jsesc": { @@ -3488,9 +3828,9 @@ "dev": true }, "json-schema": { - "version": "0.2.3", - "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz", - "integrity": "sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM=", + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.4.0.tgz", + "integrity": "sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA==", "dev": true }, "json-schema-traverse": { @@ -3506,9 +3846,9 @@ "dev": true }, "json5": { - "version": "2.1.3", - "resolved": "https://registry.npmjs.org/json5/-/json5-2.1.3.tgz", - "integrity": "sha512-KXPvOm8K9IJKFM0bmdn8QXh7udDh1g/giieX0NLCaMnb4hEiVFqnop2ImTXCc5e0/oHz3LTqmHGtExn5hfMkOA==", + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.0.tgz", + "integrity": "sha512-f+8cldu7X/y7RAJurMEJmdoKXGB/X550w2Nr3tTbezL6RwEE/iMcm+tZnXeoZtKuOq6ft8+CqzEkrIgx1fPoQA==", "dev": true, "requires": { "minimist": "^1.2.5" @@ -3516,18 +3856,18 @@ }, "jsonpath-plus": { "version": "6.0.1", - "resolved": "https://devdiv.pkgs.visualstudio.com/_packaging/openapi-platform/npm/registry/jsonpath-plus/-/jsonpath-plus-6.0.1.tgz", - "integrity": "sha1-mj4Wztrfqwej2NxOjNXfTtj0nE0=" + "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-6.0.1.tgz", + "integrity": "sha512-EvGovdvau6FyLexFH2OeXfIITlgIbgZoAZe3usiySeaIDm5QS+A10DKNpaPBBqqRSZr2HN6HVNXxtwUAr2apEw==" }, "jsprim": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz", - "integrity": "sha1-MT5mvB5cwG5Di8G3SZwuXFastqI=", + "version": "1.4.2", + "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.2.tgz", + "integrity": "sha512-P2bSOMAc/ciLz6DzgjVlGJP9+BrJWu5UDGK70C2iweC5QBIeFf0ZXRvGjEj2uYgrY2MkAAhsSWHDWlFtEroZWw==", "dev": true, "requires": { "assert-plus": "1.0.0", "extsprintf": "1.3.0", - "json-schema": "0.2.3", + "json-schema": "0.4.0", "verror": "1.10.0" } }, @@ -3566,9 +3906,9 @@ } }, "lines-and-columns": { - "version": "1.1.6", - "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.1.6.tgz", - "integrity": "sha1-HADHQ7QzzQpOgHWPe2SldEDZ/wA=", + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", + "integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==", "dev": true }, "load-json-file": { @@ -3635,16 +3975,22 @@ "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz", "integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==", "dev": true + }, + "semver": { + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", + "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", + "dev": true } } }, "makeerror": { - "version": "1.0.11", - "resolved": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.11.tgz", - "integrity": "sha1-4BpckQnyr3lmDk6LlYd5AYT1qWw=", + "version": "1.0.12", + "resolved": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", + "integrity": "sha512-JmqCvUhmt43madlpFzG4BQzG2Z3m6tvQDNKdClZnO3VbIudJYmxsT0FNJMeiB2+JTSlTQTSbU8QdesVmwJcmLg==", "dev": true, "requires": { - "tmpl": "1.0.x" + "tmpl": "1.0.5" } }, "map-cache": { @@ -3695,22 +4041,22 @@ } }, "mime-db": { - "version": "1.44.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", - "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==" + "version": "1.51.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.51.0.tgz", + "integrity": "sha512-5y8A56jg7XVQx2mbv1lu49NR4dokRnhZYTtL+KGfaa27uq4pSTXkwQkFJl4pkRMyNFz/EtYDSkiiEHx3F7UN6g==" }, "mime-types": { - "version": "2.1.27", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", - "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", + "version": "2.1.34", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.34.tgz", + "integrity": "sha512-6cP692WwGIs9XXdOO4++N+7qjqv0rqxxVvJ3VHPh/Sc9mVZcQP+ZGhkKiTvWMQRr2tbHkJP/Yn7Y0npb3ZBs4A==", "requires": { - "mime-db": "1.44.0" + "mime-db": "1.51.0" } }, "minimatch": { - "version": "3.0.4", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", - "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", "requires": { "brace-expansion": "^1.1.7" } @@ -3757,9 +4103,9 @@ "dev": true }, "nan": { - "version": "2.14.1", - "resolved": "https://registry.npmjs.org/nan/-/nan-2.14.1.tgz", - "integrity": "sha512-isWHgVjnFjh2x2yuJ/tj3JbwoHu3UC2dX5G/88Cm24yB6YopVgxvBObDY7n5xW6ExmFhJpSEQqFPvq9zaXc8Jw==", + "version": "2.15.0", + "resolved": "https://registry.npmjs.org/nan/-/nan-2.15.0.tgz", + "integrity": "sha512-8ZtvEnA2c5aYCZYd1cvgdnU6cqwixRoYg70xPLWUws5ORTa/lnw+u4amixRS/Ac5U5mQVgp9pnlSUnbNWFaWZQ==", "dev": true, "optional": true }, @@ -3794,10 +4140,20 @@ "integrity": "sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==", "dev": true }, + "node-domexception": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/node-domexception/-/node-domexception-1.0.0.tgz", + "integrity": "sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ==" + }, "node-fetch": { - "version": "2.6.1", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.1.tgz", - "integrity": "sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==" + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-3.2.0.tgz", + "integrity": "sha512-8xeimMwMItMw8hRrOl3C9/xzU49HV/yE6ORew/l+dxWimO5A4Ra8ld2rerlJvc/O7et5Z1zrWsPX43v1QBjCxw==", + "requires": { + "data-uri-to-buffer": "^4.0.0", + "fetch-blob": "^3.1.4", + "formdata-polyfill": "^4.0.10" + } }, "node-int64": { "version": "0.4.0", @@ -3805,46 +4161,17 @@ "integrity": "sha1-h6kGXNs1XTGC2PlM4RGIuCXGijs=", "dev": true }, - "node-modules-regexp": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/node-modules-regexp/-/node-modules-regexp-1.0.0.tgz", - "integrity": "sha1-jZ2+KJZKSsVxLpExZCEHxx6Q7EA=", - "dev": true - }, "node-notifier": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/node-notifier/-/node-notifier-9.0.0.tgz", - "integrity": "sha512-SkwNwGnMMlSPrcoeH4CSo9XyWe72acAHEJGDdPdB+CyBVHsIYaTQ4U/1wk3URsyzC75xZLg2vzU2YaALlqDF1Q==", + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/node-notifier/-/node-notifier-10.0.1.tgz", + "integrity": "sha512-YX7TSyDukOZ0g+gmzjB6abKu+hTGvO8+8+gIFDsRCU2t8fLV/P2unmt+LGFaIa4y64aX98Qksa97rgz4vMNeLQ==", "requires": { "growly": "^1.3.0", "is-wsl": "^2.2.0", - "semver": "^7.3.2", + "semver": "^7.3.5", "shellwords": "^0.1.1", - "uuid": "^8.3.0", + "uuid": "^8.3.2", "which": "^2.0.2" - }, - "dependencies": { - "semver": { - "version": "7.3.4", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.4.tgz", - "integrity": "sha512-tCfb2WLjqFAtXn4KEdxIhalnRtoKFN7nAwj0B3ZXCbQloV2tq5eDbcTmT68JJD3nRJq24/XgxtQKFIpQdtvmVw==", - "requires": { - "lru-cache": "^6.0.0" - } - }, - "uuid": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", - "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==" - }, - "which": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", - "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", - "requires": { - "isexe": "^2.0.0" - } - } } }, "node-object-hash": { @@ -3852,6 +4179,12 @@ "resolved": "https://registry.npmjs.org/node-object-hash/-/node-object-hash-1.4.2.tgz", "integrity": "sha512-UdS4swXs85fCGWWf6t6DMGgpN/vnlKeSGEQ7hJcrs7PBFoxoKLmibc3QRb7fwiYsjdL7PX8iI/TMSlZ90dgHhQ==" }, + "node-releases": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.2.tgz", + "integrity": "sha512-XxYDdcQ6eKqp/YjI+tb2C5WM2LgjnZrfYg4vgQt49EK268b6gYCHsBLrK2qvJo4FmCtqmKezb0WZFK4fkrZNsg==", + "dev": true + }, "normalize-package-data": { "version": "2.5.0", "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", @@ -3862,6 +4195,14 @@ "resolve": "^1.10.0", "semver": "2 || 3 || 4 || 5", "validate-npm-package-license": "^3.0.1" + }, + "dependencies": { + "semver": { + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", + "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", + "dev": true + } } }, "normalize-path": { @@ -3926,9 +4267,9 @@ } }, "object-inspect": { - "version": "1.7.0", - "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.7.0.tgz", - "integrity": "sha512-a7pEHdh1xKIAgTySUGgLMx/xwDZskN1Ud6egYYN3EdRW4ZMPNEDUTF+hwy2LUC+Bl+SyLXANnwz/jyh/qutKUw==", + "version": "1.12.0", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.0.tgz", + "integrity": "sha512-Ho2z80bVIvJloH+YzRmpZVQe87+qASmBUKZDWgx9cu+KDrX2ZDH/3tMy+gXbZETVGs2M8YdxObOh7XAtim9Y0g==", "dev": true }, "object-keys": { @@ -3947,25 +4288,26 @@ } }, "object.assign": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.0.tgz", - "integrity": "sha512-exHJeq6kBKj58mqGyTQ9DFvrZC/eR6OwxzoM9YRoGBqrXYonaFyGiFMuc9VZrXf7DarreEwMpurG3dd+CNyW5w==", + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.2.tgz", + "integrity": "sha512-ixT2L5THXsApyiUPYKmW+2EHpXXe5Ii3M+f4e+aJFAHao5amFRW6J0OO6c/LU8Be47utCx2GL89hxGB6XSmKuQ==", "dev": true, "requires": { - "define-properties": "^1.1.2", - "function-bind": "^1.1.1", - "has-symbols": "^1.0.0", - "object-keys": "^1.0.11" + "call-bind": "^1.0.0", + "define-properties": "^1.1.3", + "has-symbols": "^1.0.1", + "object-keys": "^1.1.1" } }, "object.getownpropertydescriptors": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/object.getownpropertydescriptors/-/object.getownpropertydescriptors-2.1.0.tgz", - "integrity": "sha512-Z53Oah9A3TdLoblT7VKJaTDdXdT+lQO+cNpKVnya5JDe9uLvzu1YyY1yFDFrcxrlRgWrEFH0jJtD/IbuwjcEVg==", + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/object.getownpropertydescriptors/-/object.getownpropertydescriptors-2.1.3.tgz", + "integrity": "sha512-VdDoCwvJI4QdC6ndjpqFmoL3/+HxffFBbcJzKi5hwLLqqx3mdbedRpfZDdK0SrOSauj8X4GzBvnDZl4vTN7dOw==", "dev": true, "requires": { + "call-bind": "^1.0.2", "define-properties": "^1.1.3", - "es-abstract": "^1.17.0-next.1" + "es-abstract": "^1.19.1" } }, "object.pick": { @@ -4100,6 +4442,12 @@ "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=", "dev": true }, + "picocolors": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", + "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==", + "dev": true + }, "pify": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz", @@ -4107,13 +4455,10 @@ "dev": true }, "pirates": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/pirates/-/pirates-4.0.1.tgz", - "integrity": "sha512-WuNqLTbMI3tmfef2TKxlQmAiLHKtFhlsCZnPIpuv2Ow0RDVO8lfy1Opf4NUzlMXLjPl+Men7AuVdX6TA+s+uGA==", - "dev": true, - "requires": { - "node-modules-regexp": "^1.0.0" - } + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/pirates/-/pirates-4.0.5.tgz", + "integrity": "sha512-8V9+HQPupnaXMA23c5hvl69zXvTwTzyAYasnkb0Tts4XvO4CliqONMOnvlq26rkhLC3nWDFBJf73LU1e1VZLaQ==", + "dev": true }, "pkg-dir": { "version": "3.0.0", @@ -4229,13 +4574,13 @@ } }, "prompts": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/prompts/-/prompts-2.3.2.tgz", - "integrity": "sha512-Q06uKs2CkNYVID0VqwfAl9mipo99zkBv/n2JtWY89Yxa3ZabWSrs0e2KTudKVa3peLUvYXMefDqIleLPVUBZMA==", + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", + "integrity": "sha512-NxNv/kLguCA7p3jE8oL2aEBsrJWgAakBpgmgK6lpPWV+WuOmY6r2/zbAVnP+T8bQlA0nzHXSJSJW0Hq7ylaD2Q==", "dev": true, "requires": { "kleur": "^3.0.3", - "sisteransi": "^1.0.4" + "sisteransi": "^1.0.5" } }, "psl": { @@ -4261,9 +4606,9 @@ "dev": true }, "qs": { - "version": "6.5.2", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz", - "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==", + "version": "6.5.3", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.3.tgz", + "integrity": "sha512-qxXIEh4pCGfHICj1mAJQ2/2XVZkjCDTcEgfoSQxc/fYivUZxTkk7L3bDBJSoNrEzXI17oUO5Dp07ktqE5KzczA==", "dev": true }, "react-is": { @@ -4355,9 +4700,9 @@ "dev": true }, "repeat-element": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/repeat-element/-/repeat-element-1.1.3.tgz", - "integrity": "sha512-ahGq0ZnV5m5XtZLMb+vP76kcAM5nkLqk0lpqAuojSKGgQtn4eRi4ZZGm2olo2zKFH+sMsWaqOCW1dqAnOru72g==", + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/repeat-element/-/repeat-element-1.1.4.tgz", + "integrity": "sha512-LFiNfRcSu7KK3evMyYOuCzv3L10TW7yC1G2/+StMjK8Y6Vqd2MG7r/Qjw4ghtuCOjFvlnms/iMmLqpvW/ES/WQ==", "dev": true }, "repeat-string": { @@ -4404,25 +4749,31 @@ "combined-stream": "^1.0.6", "mime-types": "^2.1.12" } + }, + "uuid": { + "version": "3.4.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz", + "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==", + "dev": true } } }, "request-promise-core": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/request-promise-core/-/request-promise-core-1.1.3.tgz", - "integrity": "sha512-QIs2+ArIGQVp5ZYbWD5ZLCY29D5CfWizP8eWnm8FoGD1TX61veauETVQbrV60662V0oFBkrDOuaBI8XgtuyYAQ==", + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/request-promise-core/-/request-promise-core-1.1.4.tgz", + "integrity": "sha512-TTbAfBBRdWD7aNNOoVOBH4pN/KigV6LyapYNNlAPA8JwbovRti1E88m3sYAwsLi5ryhPKsE9APwnjFTgdUjTpw==", "dev": true, "requires": { - "lodash": "^4.17.15" + "lodash": "^4.17.19" } }, "request-promise-native": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/request-promise-native/-/request-promise-native-1.0.8.tgz", - "integrity": "sha512-dapwLGqkHtwL5AEbfenuzjTYg35Jd6KPytsC2/TLkVMz8rm+tNt72MGUWT1RP/aYawMpN6HqbNGBQaRcBtjQMQ==", + "version": "1.0.9", + "resolved": "https://registry.npmjs.org/request-promise-native/-/request-promise-native-1.0.9.tgz", + "integrity": "sha512-wcW+sIUiWnKgNY0dqCpOZkUbF/I+YPi+f09JZIDa39Ec+q82CpSYniDp+ISgTTbKmnpJWASeJBPZmoxH84wt3g==", "dev": true, "requires": { - "request-promise-core": "1.1.3", + "request-promise-core": "1.1.4", "stealthy-require": "^1.1.1", "tough-cookie": "^2.3.3" } @@ -4438,12 +4789,14 @@ "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==" }, "resolve": { - "version": "1.17.0", - "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.17.0.tgz", - "integrity": "sha512-ic+7JYiV8Vi2yzQGFWOkiZD5Z9z7O2Zhm9XMaTxdJExKasieFCr+yXZ/WmXsckHiKl12ar0y6XiXDx3m4RHn1w==", + "version": "1.22.0", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.0.tgz", + "integrity": "sha512-Hhtrw0nLeSrFQ7phPp4OOcVjLPIeMnRlr5mcnVuMe7M/7eBn98A3hmFRLoFo3DLZkivSYwhRUJTyPyWAk56WLw==", "dev": true, "requires": { - "path-parse": "^1.0.6" + "is-core-module": "^2.8.1", + "path-parse": "^1.0.7", + "supports-preserve-symlinks-flag": "^1.0.0" } }, "resolve-cwd": { @@ -4538,10 +4891,12 @@ "dev": true }, "semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", - "dev": true + "version": "7.3.5", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz", + "integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==", + "requires": { + "lru-cache": "^6.0.0" + } }, "set-blocking": { "version": "2.0.0", @@ -4591,10 +4946,21 @@ "resolved": "https://registry.npmjs.org/shellwords/-/shellwords-0.1.1.tgz", "integrity": "sha512-vFwSUfQvqybiICwZY5+DAWIPLKsWO31Q91JSKl3UYv+K5c2QRPzn0qzec6QPu1Qc9eHYItiP3NdJqNVqetYAww==" }, + "side-channel": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz", + "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==", + "dev": true, + "requires": { + "call-bind": "^1.0.0", + "get-intrinsic": "^1.0.2", + "object-inspect": "^1.9.0" + } + }, "signal-exit": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.3.tgz", - "integrity": "sha512-VUJ49FC8U1OxwZLxIbTTrDvLnf/6TDgxZcK8wxR8zs13xpx7xbG60ndBlhNrFi2EMuFRoeDoJO7wthSLq42EjA==", + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", "dev": true }, "sisteransi": { @@ -4742,9 +5108,9 @@ } }, "source-map-support": { - "version": "0.5.19", - "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.19.tgz", - "integrity": "sha512-Wonm7zOCIJzBGQdB+thsPar0kYuCIzYvxZwlBa87yi/Mdjv7Tip2cyVbLj5o0cFPN4EVkuTwb3GDDyUx2DGnGw==", + "version": "0.5.21", + "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz", + "integrity": "sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==", "dev": true, "requires": { "buffer-from": "^1.0.0", @@ -4752,9 +5118,9 @@ } }, "source-map-url": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/source-map-url/-/source-map-url-0.4.0.tgz", - "integrity": "sha1-PpNdfd1zYxuXZZlW1VEo6HtQhKM=", + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/source-map-url/-/source-map-url-0.4.1.tgz", + "integrity": "sha512-cPiFOTLUKvJFIg4SKVScy4ilPPW6rFgMgfuZJPNoDuMs3nC1HbMUycBoJw77xFIp6z1UJQJOfx6C9GMH80DiTw==", "dev": true }, "spdx-correct": { @@ -4784,9 +5150,9 @@ } }, "spdx-license-ids": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.5.tgz", - "integrity": "sha512-J+FWzZoynJEXGphVIS+XEh3kFSjZX/1i9gFBaWQcB+/tmpe2qUsSBABpcxqxnAxFdiUFEgAX1bjYGQvIZmoz9Q==", + "version": "3.0.11", + "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.11.tgz", + "integrity": "sha512-Ctl2BrFiM0X3MANYgj3CkygxhRmr9mi6xhejbdO960nF6EDJApTYpn0BQnDKlnNBULKiCN1n3w9EBkHK8ZWg+g==", "dev": true }, "split-string": { @@ -4804,9 +5170,9 @@ "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=" }, "sshpk": { - "version": "1.16.1", - "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz", - "integrity": "sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==", + "version": "1.17.0", + "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.17.0.tgz", + "integrity": "sha512-/9HIEs1ZXGhSPE8X6Ccm7Nam1z8KcoCqPdI7ecm1N33EzAetWahvQWVqLZtaZQ+IDKX4IyA2o0gBzqIMkAagHQ==", "dev": true, "requires": { "asn1": "~0.2.3", @@ -4821,10 +5187,21 @@ } }, "stack-utils": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/stack-utils/-/stack-utils-1.0.2.tgz", - "integrity": "sha512-MTX+MeG5U994cazkjd/9KNAapsHnibjMLnfXodlkXw76JEea0UiNzrqidzo1emMwk7w5Qhc9jd4Bn9TBb1MFwA==", - "dev": true + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/stack-utils/-/stack-utils-1.0.5.tgz", + "integrity": "sha512-KZiTzuV3CnSnSvgMRrARVCj+Ht7rMbauGDK0LdVFRGyenwdylpajAp4Q0i6SX8rEmbTpMMf6ryq2gb8pPq2WgQ==", + "dev": true, + "requires": { + "escape-string-regexp": "^2.0.0" + }, + "dependencies": { + "escape-string-regexp": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", + "integrity": "sha512-UpzcLCXolUWcNu5HtVMHYdXJjArjsF9C0aNnquZYY4uW/Vu0miy5YoWvbV345HauVvcAUnpRuhMMcqTcGOY2+w==", + "dev": true + } + } }, "static-extend": { "version": "0.1.2", @@ -4881,13 +5258,13 @@ } }, "string-width": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.0.tgz", - "integrity": "sha512-zUz5JD+tgqtuDjMhwIg5uFVV3dtqZ9yQJlZVfq4I01/K5Paj5UHj7VyrQOJvzawSVlKpObApbfD0Ed6yJc+1eg==", + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", "requires": { "emoji-regex": "^8.0.0", "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.0" + "strip-ansi": "^6.0.1" } }, "string.prototype.repeat": { @@ -4896,31 +5273,31 @@ "integrity": "sha1-q6Nt4I3O5qWjN9SbLqHaGyj8Ds8=" }, "string.prototype.trimend": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.1.tgz", - "integrity": "sha512-LRPxFUaTtpqYsTeNKaFOw3R4bxIzWOnbQ837QfBylo8jIxtcbK/A/sMV7Q+OAV/vWo+7s25pOE10KYSjaSO06g==", + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.4.tgz", + "integrity": "sha512-y9xCjw1P23Awk8EvTpcyL2NIr1j7wJ39f+k6lvRnSMz+mz9CGz9NYPelDk42kOz6+ql8xjfK8oYzy3jAP5QU5A==", "dev": true, "requires": { - "define-properties": "^1.1.3", - "es-abstract": "^1.17.5" + "call-bind": "^1.0.2", + "define-properties": "^1.1.3" } }, "string.prototype.trimstart": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.1.tgz", - "integrity": "sha512-XxZn+QpvrBI1FOcg6dIpxUPgWCPuNXvMD72aaRaUQv1eD4e/Qy8i/hFTe0BUmD60p/QA6bh1avmuPTfNjqVWRw==", + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.4.tgz", + "integrity": "sha512-jh6e984OBfvxS50tdY2nRZnoC5/mLFKOREQfw8t5yytkoUsJRNxvI/E39qu1sD0OtWI3OC0XgKSmcWwziwYuZw==", "dev": true, "requires": { - "define-properties": "^1.1.3", - "es-abstract": "^1.17.5" + "call-bind": "^1.0.2", + "define-properties": "^1.1.3" } }, "strip-ansi": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.0.tgz", - "integrity": "sha512-AuvKTrTfQNYNIctbR1K/YGTR1756GycPsg7b9bdV9Duqur4gv6aKqHXah67Z8ImS7WEz5QVcOtlfW2rZEugt6w==", + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", "requires": { - "ansi-regex": "^5.0.0" + "ansi-regex": "^5.0.1" } }, "strip-bom": { @@ -4944,6 +5321,12 @@ "has-flag": "^3.0.0" } }, + "supports-preserve-symlinks-flag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==", + "dev": true + }, "symbol-tree": { "version": "3.2.4", "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz", @@ -5033,18 +5416,14 @@ } }, "tr46": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-1.0.1.tgz", - "integrity": "sha1-qLE/1r/SSJUZZ0zN5VujaTtwbQk=", - "dev": true, - "requires": { - "punycode": "^2.1.0" - } + "version": "0.0.3", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", + "integrity": "sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o=" }, "tslib": { - "version": "1.13.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.13.0.tgz", - "integrity": "sha512-i/6DQjL8Xf3be4K/E6Wgpekn5Qasl1usyw++dAA35Ue5orEn65VIxOA+YvNNl9HV3qv70T7CNwjODHZrLwvd1Q==" + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" }, "tslint": { "version": "5.18.0", @@ -5065,6 +5444,14 @@ "semver": "^5.3.0", "tslib": "^1.8.0", "tsutils": "^2.29.0" + }, + "dependencies": { + "semver": { + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", + "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", + "dev": true + } } }, "tslint-config-prettier": { @@ -5100,9 +5487,9 @@ "dev": true }, "tsutils": { - "version": "3.17.1", - "resolved": "https://registry.npmjs.org/tsutils/-/tsutils-3.17.1.tgz", - "integrity": "sha512-kzeQ5B8H3w60nFY2g8cJIuH7JDpsALXySGtwGJ0p2LSjLgay3NdIpqq5SoOBe46bKDW2iq25irHCr8wjomUS2g==", + "version": "3.21.0", + "resolved": "https://registry.npmjs.org/tsutils/-/tsutils-3.21.0.tgz", + "integrity": "sha512-mHKK3iUXL+3UF6xL5k0PEhKRUBKPBCv/+RkEOpjRWxxx27KKRBmmA60A9pgOUvMi8GKhRMPEmjBRPzs2W7O1OA==", "dev": true, "requires": { "tslib": "^1.8.1" @@ -5169,6 +5556,18 @@ "integrity": "sha512-7KxJovlYhTX5RaRbUdkAXN1KUZ8PwWlTzQdHV6xNqvuFOs7+WBo10TQUqT19Q/Jz2hk5v9TQDIhyLhhJY4p5AA==", "dev": true }, + "unbox-primitive": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.0.1.tgz", + "integrity": "sha512-tZU/3NqK3dA5gpE1KtyiJUrEB0lxnGkMFHptJ7q6ewdZ8s12QrODwNbhIJStmJkd1QDXa1NRA8aF2A1zk/Ypyw==", + "dev": true, + "requires": { + "function-bind": "^1.1.1", + "has-bigints": "^1.0.1", + "has-symbols": "^1.0.2", + "which-boxed-primitive": "^1.0.2" + } + }, "union-value": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/union-value/-/union-value-1.0.1.tgz", @@ -5222,9 +5621,9 @@ } }, "uri-js": { - "version": "4.2.2", - "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.2.2.tgz", - "integrity": "sha512-KY9Frmirql91X2Qgjry0Wd4Y+YTdrdZheS8TFwvkbLWf/G5KNJDCh6pKL5OZctEW4+0Baa5idK2ZQuELRwPznQ==", + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", "dev": true, "requires": { "punycode": "^2.1.0" @@ -5243,22 +5642,22 @@ "dev": true }, "util.promisify": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/util.promisify/-/util.promisify-1.0.1.tgz", - "integrity": "sha512-g9JpC/3He3bm38zsLupWryXHoEcS22YHthuPQSJdMy6KNrzIRzWqcsHzD/WUnqe45whVou4VIsPew37DoXWNrA==", + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/util.promisify/-/util.promisify-1.1.1.tgz", + "integrity": "sha512-/s3UsZUrIfa6xDhr7zZhnE9SLQ5RIXyYfiVnMMyMDzOc8WhWN4Nbh36H842OyurKbCDAesZOJaVyvmSl6fhGQw==", "dev": true, "requires": { + "call-bind": "^1.0.0", "define-properties": "^1.1.3", - "es-abstract": "^1.17.2", + "for-each": "^0.3.3", "has-symbols": "^1.0.1", - "object.getownpropertydescriptors": "^2.1.0" + "object.getownpropertydescriptors": "^2.1.1" } }, "uuid": { - "version": "3.4.0", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz", - "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==", - "dev": true + "version": "8.3.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==" }, "validate-npm-package-license": { "version": "3.0.4", @@ -5291,19 +5690,23 @@ } }, "walker": { - "version": "1.0.7", - "resolved": "https://registry.npmjs.org/walker/-/walker-1.0.7.tgz", - "integrity": "sha1-L3+bj9ENZ3JisYqITijRlhjgKPs=", + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/walker/-/walker-1.0.8.tgz", + "integrity": "sha512-ts/8E8l5b7kY0vlWLewOkDXMmPdLcVV4GmOQLyxuSswIJsweeFZtAsMF7k1Nszz+TYBQrlYRmzOnr398y1JemQ==", "dev": true, "requires": { - "makeerror": "1.0.x" + "makeerror": "1.0.12" } }, + "web-streams-polyfill": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/web-streams-polyfill/-/web-streams-polyfill-3.2.0.tgz", + "integrity": "sha512-EqPmREeOzttaLRm5HS7io98goBgZ7IVz79aDvqjD0kYXLtFZTc0T/U6wHTPKyIjb+MdN7DFIIX6hgdBEpWmfPA==" + }, "webidl-conversions": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-4.0.2.tgz", - "integrity": "sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg==", - "dev": true + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", + "integrity": "sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE=" }, "whatwg-encoding": { "version": "1.0.5", @@ -5321,25 +5724,35 @@ "dev": true }, "whatwg-url": { - "version": "6.5.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-6.5.0.tgz", - "integrity": "sha512-rhRZRqx/TLJQWUpQ6bmrt2UV4f0HCQ463yQuONJqC6fO2VoEb1pTYddbe59SkYq87aoM5A3bdhMZiUiVws+fzQ==", - "dev": true, + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", + "integrity": "sha1-lmRU6HZUYuN2RNNib2dCzotwll0=", "requires": { - "lodash.sortby": "^4.7.0", - "tr46": "^1.0.1", - "webidl-conversions": "^4.0.2" + "tr46": "~0.0.3", + "webidl-conversions": "^3.0.0" } }, "which": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", - "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", - "dev": true, + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", "requires": { "isexe": "^2.0.0" } }, + "which-boxed-primitive": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/which-boxed-primitive/-/which-boxed-primitive-1.0.2.tgz", + "integrity": "sha512-bwZdv0AKLpplFY2KZRX6TvyuN7ojjr7lwkg6ml0roIy9YeuSr7JS372qlNW18UQYzgYK9ziGcerWqZOmEn9VNg==", + "dev": true, + "requires": { + "is-bigint": "^1.0.1", + "is-boolean-object": "^1.1.0", + "is-number-object": "^1.0.4", + "is-string": "^1.0.5", + "is-symbol": "^1.0.3" + } + }, "which-module": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.0.tgz", @@ -5399,9 +5812,9 @@ "dev": true }, "y18n": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz", - "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==" + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz", + "integrity": "sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==" }, "yallist": { "version": "4.0.0", @@ -5409,9 +5822,9 @@ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, "yargs": { - "version": "15.3.1", - "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.3.1.tgz", - "integrity": "sha512-92O1HWEjw27sBfgmXiixJWT5hRBp2eobqXicLtPBIDBhYB+1HpwZlXmbW2luivBJHBzki+7VyCLRtAkScbTBQA==", + "version": "15.4.1", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz", + "integrity": "sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==", "requires": { "cliui": "^6.0.0", "decamelize": "^1.2.0", @@ -5423,7 +5836,7 @@ "string-width": "^4.2.0", "which-module": "^2.0.0", "y18n": "^4.0.0", - "yargs-parser": "^18.1.1" + "yargs-parser": "^18.1.2" } }, "yargs-parser": { diff --git a/src/index.ts b/src/index.ts index 6272bc35..428263f9 100644 --- a/src/index.ts +++ b/src/index.ts @@ -122,7 +122,7 @@ const isAutoRestMd = (m: md.MarkDownEx) => const safeLoad = (content: string) => { try { - return YAML.safeLoad(content) + return YAML.safeLoad(content) as any } catch (err) { return undefined }