Skip to content

[ReleasePR securityinsights] Incident entities #1173

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
openapi-sdkautomation wants to merge 1 commit into from
Closed

[ReleasePR securityinsights] Incident entities #1173

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
340 changes: 339 additions & 1 deletion schemas/2019-01-01-preview/Microsoft.SecurityInsights.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -355,6 +355,9 @@
{
"$ref": "#/definitions/MDATPDataConnector"
},
{
"$ref": "#/definitions/OfficeATPDataConnector"
},
{
"$ref": "#/definitions/OfficeDataConnector"
},
Expand Down Expand Up @@ -574,6 +577,64 @@
],
"description": "Microsoft.SecurityInsights/settings"
},
"threatIntelligence_indicators": {
"type": "object",
"properties": {
"apiVersion": {
"type": "string",
"enum": [
"2019-01-01-preview"
]
},
"etag": {
"type": "string",
"description": "Etag of the azure resource"
},
"kind": {
"oneOf": [
{
"type": "string",
"enum": [
"indicator"
]
},
{
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
}
],
"description": "The kind of the entity."
},
"name": {
"type": "string",
"description": "Threat Intelligence Identifier"
},
"properties": {
"oneOf": [
{
"$ref": "#/definitions/ThreatIntelligenceIndicatorProperties"
},
{
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
}
],
"description": "Describes threat intelligence entity properties"
},
"type": {
"type": "string",
"enum": [
"Microsoft.SecurityInsights/threatIntelligence/indicators"
]
}
},
"required": [
"apiVersion",
"kind",
"name",
"properties",
"type"
],
"description": "Microsoft.SecurityInsights/threatIntelligence/indicators"
},
"watchlists": {
"type": "object",
"properties": {
Expand Down Expand Up @@ -2086,6 +2147,53 @@
],
"description": "MicrosoftSecurityIncidentCreation rule property bag."
},
"OfficeATPDataConnector": {
"type": "object",
"properties": {
"kind": {
"type": "string",
"enum": [
"OfficeATP"
]
},
"properties": {
"oneOf": [
{
"$ref": "#/definitions/OfficeATPDataConnectorProperties"
},
{
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
}
],
"description": "OfficeATP (Office 365 Advanced Threat Protection) data connector properties."
}
},
"required": [
"kind"
],
"description": "Represents OfficeATP (Office 365 Advanced Threat Protection) data connector."
},
"OfficeATPDataConnectorProperties": {
"type": "object",
"properties": {
"dataTypes": {
"oneOf": [
{
"$ref": "#/definitions/AlertsDataTypeOfDataConnector"
},
{
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
}
],
"description": "Alerts data type for data connectors."
},
"tenantId": {
"type": "string",
"description": "The tenant id to connect to, and get the data from."
}
},
"description": "OfficeATP (Office 365 Advanced Threat Protection) data connector properties."
},
"OfficeDataConnector": {
"type": "object",
"properties": {
Expand Down Expand Up @@ -2496,6 +2604,236 @@
],
"description": "Scheduled alert rule base property bag."
},
"ThreatIntelligenceGranularMarkingModel": {
"type": "object",
"properties": {
"language": {
"type": "string",
"description": "Language granular marking model"
},
"markingRef": {
"oneOf": [
{
"type": "integer"
},
{
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
}
],
"description": "marking reference granular marking model"
},
"selectors": {
"oneOf": [
{
"type": "array",
"items": {
"type": "string"
}
},
{
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
}
],
"description": "granular marking model selectors"
}
},
"description": "Describes threat granular marking model entity"
},
"ThreatIntelligenceIndicatorProperties": {
"type": "object",
"properties": {
"confidence": {
"oneOf": [
{
"type": "integer"
},
{
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
}
],
"description": "Confidence of threat intelligence entity"
},
"created": {
"type": "string",
"description": "Created by"
},
"createdByRef": {
"type": "string",
"description": "Created by reference of threat intelligence entity"
},
"description": {
"type": "string",
"description": "Description of a threat intelligence entity"
},
"displayName": {
"type": "string",
"description": "Display name of a threat intelligence entity"
},
"externalId": {
"type": "string",
"description": "External ID of threat intelligence entity"
},
"externalReferences": {
"oneOf": [
{
"type": "array",
"items": {
"type": "string"
}
},
{
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
}
],
"description": "External References"
},
"granularMarkings": {
"oneOf": [
{
"type": "array",
"items": {
"$ref": "#/definitions/ThreatIntelligenceGranularMarkingModel"
}
},
{
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
}
],
"description": "Granular Markings"
},
"indicatorTypes": {
"oneOf": [
{
"type": "array",
"items": {
"type": "string"
}
},
{
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
}
],
"description": "Indicator types of threat intelligence entities"
},
"killChainPhases": {
"oneOf": [
{
"type": "array",
"items": {
"$ref": "#/definitions/ThreatIntelligenceKillChainPhase"
}
},
{
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
}
],
"description": "Kill chain phases"
},
"labels": {
"oneOf": [
{
"type": "array",
"items": {
"type": "string"
}
},
{
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
}
],
"description": "Labels of threat intelligence entity"
},
"lastUpdatedTimeUtc": {
"type": "string",
"description": "Last updated time in UTC"
},
"modified": {
"type": "string",
"description": "Modified by"
},
"pattern": {
"type": "string",
"description": "Pattern of a threat intelligence entity"
},
"patternType": {
"type": "string",
"description": "Pattern type of a threat intelligence entity"
},
"revoked": {
"oneOf": [
{
"type": "boolean"
},
{
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
}
],
"description": "Is threat intelligence entity revoked"
},
"source": {
"type": "string",
"description": "Source of a threat intelligence entity"
},
"threatIntelligenceTags": {
"oneOf": [
{
"type": "array",
"items": {
"type": "string"
}
},
{
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
}
],
"description": "List of tags"
},
"threatTypes": {
"oneOf": [
{
"type": "array",
"items": {
"type": "string"
}
},
{
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
}
],
"description": "Threat types"
},
"validFrom": {
"type": "string",
"description": "Valid from"
},
"validUntil": {
"type": "string",
"description": "Valid until"
}
},
"description": "Describes threat intelligence entity properties"
},
"ThreatIntelligenceKillChainPhase": {
"type": "object",
"properties": {
"killChainName": {
"type": "string",
"description": "Kill chainName name"
},
"phaseName": {
"oneOf": [
{
"type": "integer"
},
{
"$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
}
],
"description": "Phase name"
}
},
"description": "Describes threat kill chain phase entity"
},
"TIDataConnector": {
"type": "object",
"properties": {
Expand Down Expand Up @@ -2970,4 +3308,4 @@
"description": "Describes watchlist properties"
}
}
}
}
2 changes: 1 addition & 1 deletion schemas/2020-01-01/Microsoft.SecurityInsights.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1650,4 +1650,4 @@
"description": "User information that made some action"
}
}
}
}