[Hub Generated] Review request for Microsoft.Security to add version stable/2019-08-01 (#9653)

* iotAlertType

* alert type example

* add alertType to readme

* Autorest warnings

* Autorest warnings (2)

* fix description

* iotAlert

* examples

* autorest warnings

* added to readme

* update example

* removed vendor

* fix example types

* Updates

* remove vendor

* fix def reference

* updates

* limit and properties property

* Remove alert type list

* extended properties vs entities

* Description

* entities

* Ran prettier

* format

* Added totalCount, fixed nextLink example

* Update types

* move examples

* List alert types

* example paths

* Update tags

* warnings

* fix example

* prettier

* case sensitive

* Example name

Co-authored-by: Liran Chen <[email protected]>

Author: liranc

specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert.json

@@ -11,7 +11,7 @@
       "body": {
         "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Fail/2019-02-02",
         "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Fail/2019-02-02",
-        "type": "Microsoft.Security/IoTSecurityAggregatedAlert",
+        "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedAlerts",
         "properties": {
           "alertType": "IoT_Bruteforce_Fail",
           "alertDisplayName": "Failed Bruteforce",

specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList.json

@@ -12,7 +12,7 @@
           {
             "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Fail/2019-02-02",
             "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Fail/2019-02-02",
-            "type": "Microsoft.Security/IoTSecurityAggregatedAlert",
+            "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedAlerts",
             "properties": {
               "alertType": "IoT_Bruteforce_Fail",
               "alertDisplayName": "Failed Bruteforce",
@@ -43,7 +43,7 @@
           {
             "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Success/2019-02-02",
             "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Success/2019-02-02",
-            "type": "Microsoft.Security/IoTSecurityAggregatedAlert",
+            "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedAlerts",
             "properties": {
               "alertType": "IoT_Bruteforce_Success",
               "alertDisplayName": "Successful Bruteforce",

specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json

@@ -10,7 +10,7 @@
       "body": {
         "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default",
         "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default",
-        "type": "Microsoft.Security/IoTSecuritySolutionAnalyticsModel",
+        "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels",
         "properties": {
           "metrics": {
             "high": 5,

specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList.json

@@ -12,7 +12,7 @@
           {
             "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default",
             "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default",
-            "type": "Microsoft.Security/IoTSecuritySolutionAnalyticsModelList",
+            "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels",
             "properties": {
               "metrics": {
                 "high": 5,

specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation.json

@@ -11,7 +11,7 @@
       "body": {
         "id": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice",
         "name": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice",
-        "type": "Microsoft.Security/IoTSecurityAggregatedRecommendation",
+        "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedRecommendations",
         "properties": {
           "recommendationName": "OpenPortsOnDevice",
           "recommendationDisplayName": "Permissive firewall policy in one of the chains was found",

specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList.json

@@ -12,7 +12,7 @@
           {
             "id": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice",
             "name": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice",
-            "type": "Microsoft.Security/IoTSecurityAggregatedRecommendation",
+            "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedRecommendations",
             "properties": {
               "recommendationName": "OpenPortsOnDevice",
               "recommendationDisplayName": "Permissive firewall policy in one of the chains was found",
@@ -29,7 +29,7 @@
           {
             "id": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/TooLargeIPRange",
             "name": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_InstallAgent",
-            "type": "Microsoft.Security/IoTSecurityAggregatedRecommendation",
+            "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedRecommendations",
             "properties": {
               "recommendationName": "TooLargeIPRange",
               "recommendationDisplayName": "Permissive firewall policy in one of the chains was found",

specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlertTypes/GetIoTAlertType.json

@@ -0,0 +1,29 @@
+{
+  "parameters": {
+    "api-version": "2019-08-01",
+    "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+    "resourceGroupName": "myGroup",
+    "solutionName": "mySolution",
+    "iotAlertTypeName": "IoT_PrivilegedContainer"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/iotAlertTypes/IoT_PrivilegedContainer",
+        "name": "IoT_PrivilegedContainer",
+        "type": "Microsoft.Security/iotSecuritySolutions/iotAlertTypes",
+        "properties": {
+          "alertDisplayName": "Privileged container detected",
+          "severity": "Medium",
+          "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host  resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.",
+          "providerName": "IoTSecurity",
+          "remediationSteps": [
+            "If the container doesn't need to run in privileged mode, remove the privileges from the container."
+          ],
+          "intent": "Exploitation,Execution",
+          "vendorName": "Microsoft"
+        }
+      }
+    }
+  }
+}

specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlertTypes/GetIoTAlertTypeList.json

@@ -0,0 +1,32 @@
+{
+  "parameters": {
+    "api-version": "2019-08-01",
+    "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+    "resourceGroupName": "myGroup",
+    "solutionName": "mySolution"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "value": [
+          {
+            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/iotAlertTypes",
+            "name": "IoT_PrivilegedContainer",
+            "type": "Microsoft.Security/iotSecuritySolutions/iotAlertTypes",
+            "properties": {
+              "alertDisplayName": "Privileged container detected",
+              "severity": "Medium",
+              "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host  resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.",
+              "providerName": "IoTSecurity",
+              "remediationSteps": [
+                "If the container doesn't need to run in privileged mode, remove the privileges from the container."
+              ],
+              "intent": "Exploitation,Execution",
+              "vendorName": "Microsoft"
+            }
+          }
+        ]
+      }
+    }
+  }
+}

specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlerts/GetIoTAlert.json

@@ -0,0 +1,36 @@
+{
+  "parameters": {
+    "api-version": "2019-08-01",
+    "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+    "resourceGroupName": "myGroup",
+    "solutionName": "mySolution",
+    "iotAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "properties": {
+          "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8",
+          "compromisedEntity": "device-1",
+          "alertType": "IoT_PrivilegedContainer",
+          "startTimeUtc": "2020-05-13T06:32:25Z",
+          "endTimeUtc": "2020-05-13T06:32:25Z",
+          "entities": [
+            {
+              "$id": "1",
+              "CommandLine": "docker run --privileged",
+              "Type": "process"
+            }
+          ],
+          "extendedProperties": {
+            "CommandLine": "docker run --privileged",
+            "User Name": "aUser",
+            "UserId": "",
+            "ParentProcessId": 1593,
+            "DeviceId": "device-1"
+          }
+        }
+      }
+    }
+  }
+}

specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlerts/GetIoTAlertList.json

@@ -0,0 +1,45 @@
+{
+  "parameters": {
+    "api-version": "2019-08-01",
+    "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+    "resourceGroupName": "myGroup",
+    "solutionName": "mySolution",
+    "alertType": "IoT_PrivilegedContainer",
+    "startTimeUtc>": "2020-05-12T06:32:25Z",
+    "startTimeUtc<": "2020-05-14T06:32:25Z",
+    "$limit": 1
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "value": [
+          {
+            "properties": {
+              "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8",
+              "compromisedEntity": "device-1",
+              "alertType": "IoT_PrivilegedContainer",
+              "startTimeUtc": "2020-05-13T06:32:25Z",
+              "endTimeUtc": "2020-05-13T06:32:25Z",
+              "entities": [
+                {
+                  "$id": "1",
+                  "CommandLine": "docker run --privileged",
+                  "Type": "process"
+                }
+              ],
+              "extendedProperties": {
+                "CommandLine": "docker run --privileged",
+                "User Name": "aUser",
+                "UserId": "",
+                "ParentProcessId": 1593,
+                "DeviceId": "device-1"
+              }
+            }
+          }
+        ],
+        "nextLink": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/iotAlerts?api-version=2019-08-01&alertType=IoT_PrivilegedContainer&startTimeUtc>=2020-05-12T06:32:25Z&startTimeUtc<=2020-05-14T06:32:25Z&$limit=1&$skipToken=903e76ff-17eb-4bac-ac8a-2bc31ab68fd8",
+        "totalCount": 23
+      }
+    }
+  }
+}