New API version to Microsoft.Security 2021-11-01 (#18045)

* Adds base for updating Microsoft.Security from version stable/2021-01-01 to version 2021-11-01

* Updates readme

* Updates API version in new specs and examples

* New API version to Microsoft.Security

pick 5459ef18a7 New API version to Microsoft.Security
pick c8462f9c60 [Microsoft.Security alerts] fix examples/Alerts/SimulateAlerts_example.json
pick b5f4550d6b [Microsoft.Security alerts] add missing API to readme.md

* [Microsoft.Security alerts] fix examples/Alerts/SimulateAlerts_example.json

* [Microsoft.Security alerts] add missing API to readme.md

* Fix readme.md file after rebase

* Removing "x-ms-long-running-operation" header

* Setting target package back to package-composite-v3

* Updating securityContacts.json to the latest version

* Reverting securityContacts.json to equal main, should be updated by the relevant team

Co-authored-by: Nitsan Bracha <[email protected]>

Author: nitsi

specification/security/resource-manager/Microsoft.Security/stable/2021-11-01/alerts.json

@@ -0,0 +1,79 @@
+{
+  "parameters": {
+    "api-version": "2021-11-01",
+    "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+    "resourceGroupName": "myRg1",
+    "ascLocation": "westeurope",
+    "alertName": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA",
+        "name": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a",
+        "type": "Microsoft.Security/Locations/alerts",
+        "properties": {
+          "alertType": "VM_EICAR",
+          "systemAlertId": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a",
+          "productComponentName": "",
+          "alertDisplayName": "Azure Security Center test alert (not a threat)",
+          "description": "This is a test alert generated by Azure Security Center. No further action is needed.",
+          "severity": "High",
+          "intent": "Execution",
+          "startTimeUtc": "2020-02-22T00:00:00.0000000Z",
+          "endTimeUtc": "2020-02-22T00:00:00.0000000Z",
+          "resourceIdentifiers": [
+            {
+              "azureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
+              "type": "AzureResource"
+            },
+            {
+              "workspaceId": "f419f624-acad-4d89-b86d-f62fa387f019",
+              "workspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+              "workspaceResourceGroup": "myRg1",
+              "agentId": "75724a01-f021-4aa8-9ec2-329792373e6e",
+              "type": "LogAnalytics"
+            }
+          ],
+          "remediationSteps": [
+            "No further action is needed."
+          ],
+          "vendorName": "Microsoft",
+          "status": "New",
+          "extendedLinks": [
+            {
+              "Category": "threat_reports",
+              "Label": "Report: RDP Brute Forcing",
+              "Href": "https://contoso.com/reports/DisplayReport",
+              "Type": "webLink"
+            }
+          ],
+          "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope",
+          "timeGeneratedUtc": "2020-02-23T13:47:58.0000000Z",
+          "productName": "Azure Security Center",
+          "processingEndTimeUtc": "2020-02-23T13:47:58.9205584Z",
+          "entities": [
+            {
+              "address": "192.0.2.1",
+              "location": {
+                "countryCode": "gb",
+                "state": "wokingham",
+                "city": "sonning",
+                "longitude": -0.909,
+                "latitude": 51.468,
+                "asn": 6584
+              },
+              "type": "ip"
+            }
+          ],
+          "isIncident": true,
+          "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=",
+          "extendedProperties": {
+            "Property1": "Property1 information"
+          },
+          "compromisedEntity": "vm1"
+        }
+      }
+    }
+  }
+}

specification/security/resource-manager/Microsoft.Security/stable/2021-11-01/examples/Alerts/GetAlertResourceGroupLocation_example.json

@@ -0,0 +1,78 @@
+{
+  "parameters": {
+    "api-version": "2021-11-01",
+    "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+    "ascLocation": "westeurope",
+    "alertName": "2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA",
+        "name": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a",
+        "type": "Microsoft.Security/Locations/alerts",
+        "properties": {
+          "alertType": "VM_EICAR",
+          "systemAlertId": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a",
+          "productComponentName": "",
+          "alertDisplayName": "Azure Security Center test alert (not a threat)",
+          "description": "This is a test alert generated by Azure Security Center. No further action is needed.",
+          "severity": "High",
+          "intent": "Execution",
+          "startTimeUtc": "2020-02-22T00:00:00.0000000Z",
+          "endTimeUtc": "2020-02-22T00:00:00.0000000Z",
+          "resourceIdentifiers": [
+            {
+              "azureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
+              "type": "AzureResource"
+            },
+            {
+              "workspaceId": "f419f624-acad-4d89-b86d-f62fa387f019",
+              "workspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+              "workspaceResourceGroup": "myRg1",
+              "agentId": "75724a01-f021-4aa8-9ec2-329792373e6e",
+              "type": "LogAnalytics"
+            }
+          ],
+          "remediationSteps": [
+            "No further action is needed."
+          ],
+          "vendorName": "Microsoft",
+          "status": "New",
+          "extendedLinks": [
+            {
+              "Category": "threat_reports",
+              "Label": "Report: RDP Brute Forcing",
+              "Href": "https://contoso.com/reports/DisplayReport",
+              "Type": "webLink"
+            }
+          ],
+          "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope",
+          "timeGeneratedUtc": "2020-02-23T13:47:58.0000000Z",
+          "productName": "Azure Security Center",
+          "processingEndTimeUtc": "2020-02-23T13:47:58.9205584Z",
+          "entities": [
+            {
+              "address": "192.0.2.1",
+              "location": {
+                "countryCode": "gb",
+                "state": "wokingham",
+                "city": "sonning",
+                "longitude": -0.909,
+                "latitude": 51.468,
+                "asn": 6584
+              },
+              "type": "ip"
+            }
+          ],
+          "isIncident": true,
+          "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=",
+          "extendedProperties": {
+            "Property1": "Property1 information"
+          },
+          "compromisedEntity": "vm1"
+        }
+      }
+    }
+  }
+}

specification/security/resource-manager/Microsoft.Security/stable/2021-11-01/examples/Alerts/GetAlertSubscriptionLocation_example.json

@@ -0,0 +1,82 @@
+{
+  "parameters": {
+    "api-version": "2021-11-01",
+    "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+    "resourceGroupName": "myRg1",
+    "ascLocation": "westeurope"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "value": [
+          {
+            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA",
+            "name": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a",
+            "type": "Microsoft.Security/Locations/alerts",
+            "properties": {
+              "alertType": "VM_EICAR",
+              "systemAlertId": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a",
+              "productComponentName": "",
+              "alertDisplayName": "Azure Security Center test alert (not a threat)",
+              "description": "This is a test alert generated by Azure Security Center. No further action is needed.",
+              "severity": "High",
+              "intent": "Execution",
+              "startTimeUtc": "2020-02-22T00:00:00.0000000Z",
+              "endTimeUtc": "2020-02-22T00:00:00.0000000Z",
+              "resourceIdentifiers": [
+                {
+                  "azureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
+                  "type": "AzureResource"
+                },
+                {
+                  "workspaceId": "f419f624-acad-4d89-b86d-f62fa387f019",
+                  "workspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+                  "workspaceResourceGroup": "myRg1",
+                  "agentId": "75724a01-f021-4aa8-9ec2-329792373e6e",
+                  "type": "LogAnalytics"
+                }
+              ],
+              "remediationSteps": [
+                "No further action is needed."
+              ],
+              "vendorName": "Microsoft",
+              "status": "New",
+              "extendedLinks": [
+                {
+                  "Category": "threat_reports",
+                  "Label": "Report: RDP Brute Forcing",
+                  "Href": "https://contoso.com/reports/DisplayReport",
+                  "Type": "webLink"
+                }
+              ],
+              "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope",
+              "timeGeneratedUtc": "2020-02-23T13:47:58.0000000Z",
+              "productName": "Azure Security Center",
+              "processingEndTimeUtc": "2020-02-23T13:47:58.9205584Z",
+              "entities": [
+                {
+                  "address": "192.0.2.1",
+                  "location": {
+                    "countryCode": "gb",
+                    "state": "wokingham",
+                    "city": "sonning",
+                    "longitude": -0.909,
+                    "latitude": 51.468,
+                    "asn": 6584
+                  },
+                  "type": "ip"
+                }
+              ],
+              "isIncident": true,
+              "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=",
+              "extendedProperties": {
+                "Property1": "Property1 information"
+              },
+              "compromisedEntity": "vm1"
+            }
+          }
+        ]
+      }
+    }
+  }
+}

specification/security/resource-manager/Microsoft.Security/stable/2021-11-01/examples/Alerts/GetAlertsResourceGroupLocation_example.json

@@ -0,0 +1,81 @@
+{
+  "parameters": {
+    "api-version": "2021-11-01",
+    "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+    "resourceGroupName": "myRg1"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "value": [
+          {
+            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA",
+            "name": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a",
+            "type": "Microsoft.Security/Locations/alerts",
+            "properties": {
+              "alertType": "VM_EICAR",
+              "systemAlertId": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a",
+              "productComponentName": "",
+              "alertDisplayName": "Azure Security Center test alert (not a threat)",
+              "description": "This is a test alert generated by Azure Security Center. No further action is needed.",
+              "severity": "High",
+              "intent": "Execution",
+              "startTimeUtc": "2020-02-22T00:00:00.0000000Z",
+              "endTimeUtc": "2020-02-22T00:00:00.0000000Z",
+              "resourceIdentifiers": [
+                {
+                  "azureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
+                  "type": "AzureResource"
+                },
+                {
+                  "workspaceId": "f419f624-acad-4d89-b86d-f62fa387f019",
+                  "workspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+                  "workspaceResourceGroup": "myRg1",
+                  "agentId": "75724a01-f021-4aa8-9ec2-329792373e6e",
+                  "type": "LogAnalytics"
+                }
+              ],
+              "remediationSteps": [
+                "No further action is needed."
+              ],
+              "vendorName": "Microsoft",
+              "status": "New",
+              "extendedLinks": [
+                {
+                  "Category": "threat_reports",
+                  "Label": "Report: RDP Brute Forcing",
+                  "Href": "https://contoso.com/reports/DisplayReport",
+                  "Type": "webLink"
+                }
+              ],
+              "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope",
+              "timeGeneratedUtc": "2020-02-23T13:47:58.0000000Z",
+              "productName": "Azure Security Center",
+              "processingEndTimeUtc": "2020-02-23T13:47:58.9205584Z",
+              "entities": [
+                {
+                  "address": "192.0.2.1",
+                  "location": {
+                    "countryCode": "gb",
+                    "state": "wokingham",
+                    "city": "sonning",
+                    "longitude": -0.909,
+                    "latitude": 51.468,
+                    "asn": 6584
+                  },
+                  "type": "ip"
+                }
+              ],
+              "isIncident": true,
+              "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=",
+              "extendedProperties": {
+                "Property1": "Property1 information"
+              },
+              "compromisedEntity": "vm1"
+            }
+          }
+        ]
+      }
+    }
+  }
+}