diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json index 87aacf936084..1121d592edc7 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json @@ -158,8 +158,11 @@ }, "put": { "x-ms-examples": { - "Create or update a security automation": { - "$ref": "./examples/Automations/PutAutomation_example.json" + "Create or update a security automation for all assessments": { + "$ref": "./examples/Automations/PutAutomationAllAssessments_example.json" + }, + "Create or update a security automation for all high severity assessments": { + "$ref": "./examples/Automations/PutAutomationHighSeverityAssessments_example.json" }, "Disable or enable a security automation": { "$ref": "./examples/Automations/PutDisableAutomation_example.json" @@ -373,6 +376,7 @@ "description": "A valid event source type.", "enum": [ "Assessments", + "SubAssessments", "Alerts" ], "x-ms-enum": { @@ -382,6 +386,9 @@ { "value": "Assessments" }, + { + "value": "SubAssessments" + }, { "value": "Alerts" } diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json new file mode 100644 index 000000000000..9442b2725e30 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json @@ -0,0 +1,102 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "a5caac9c-5c04-49af-b3d0-e204f40345d5", + "automationName": "exampleAutomation", + "resourceGroupName": "exampleResourceGroup", + "Automation": { + "location": "Central US", + "etag": "etag value (must be supplied for update)", + "tags": {}, + "properties": { + "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment", + "isEnabled": true, + "scopes": [ + { + "description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5", + "scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup" + } + ], + "sources": [ + { + "eventSource": "Assessments", + "ruleSets": [] + } + ], + "actions": [ + { + "logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1", + "actionType": "LogicApp", + "uri": "https://exampleTriggerUri1.com" + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation", + "name": "exampleAutomation", + "type": "Microsoft.Security/automations", + "location": "Central US", + "etag": "new etag value", + "tags": {}, + "properties": { + "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment", + "isEnabled": true, + "scopes": [ + { + "description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5", + "scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup" + } + ], + "sources": [ + { + "eventSource": "Assessments", + "ruleSets": [] + } + ], + "actions": [ + { + "logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1", + "actionType": "LogicApp" + } + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/SecurityAutomations/exampleAutomation", + "name": "exampleAutomation", + "type": "Microsoft.Security/SecurityAutomations", + "location": "Central US", + "etag": "new etag value", + "tags": {}, + "properties": { + "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment", + "isEnabled": true, + "scopes": [ + { + "description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5", + "scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup" + } + ], + "sources": [ + { + "eventSource": "Assessments", + "ruleSets": [] + } + ], + "actions": [ + { + "logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1", + "actionType": "LogicApp" + } + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomation_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationHighSeverityAssessments_example.json similarity index 87% rename from specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomation_example.json rename to specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationHighSeverityAssessments_example.json index f0fb970efdf8..d79b128f65df 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomation_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationHighSeverityAssessments_example.json @@ -9,7 +9,7 @@ "etag": "etag value (must be supplied for update)", "tags": {}, "properties": { - "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment", + "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment", "isEnabled": true, "scopes": [ { @@ -24,9 +24,9 @@ { "rules": [ { - "propertyJPath": "$.Entity.AssessmentType", + "propertyJPath": "properties.metadata.severity", "propertyType": "String", - "expectedValue": "customAssessment", + "expectedValue": "High", "operator": "Equals" } ] @@ -54,7 +54,7 @@ "etag": "new etag value", "tags": {}, "properties": { - "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment", + "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment", "isEnabled": true, "scopes": [ { @@ -69,9 +69,9 @@ { "rules": [ { - "propertyJPath": "$.Entity.AssessmentType", + "propertyJPath": "properties.metadata.severity", "propertyType": "String", - "expectedValue": "customAssessment", + "expectedValue": "High", "operator": "Equals" } ] @@ -97,7 +97,7 @@ "etag": "new etag value", "tags": {}, "properties": { - "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment", + "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment", "isEnabled": true, "scopes": [ { @@ -112,9 +112,9 @@ { "rules": [ { - "propertyJPath": "$.Entity.AssessmentType", + "propertyJPath": "properties.metadata.severity", "propertyType": "String", - "expectedValue": "customAssessment", + "expectedValue": "High", "operator": "Equals" } ] diff --git a/specification/security/resource-manager/common/v1/types.json b/specification/security/resource-manager/common/v1/types.json index fca7f0ceb5c6..d97b4a30c1ec 100644 --- a/specification/security/resource-manager/common/v1/types.json +++ b/specification/security/resource-manager/common/v1/types.json @@ -65,7 +65,7 @@ "$ref": "#/definitions/Resource" }, { - "$ref": "#/definitions/Location" + "$ref": "#/definitions/TrackedResourceLocation" }, { "$ref": "#/definitions/Kind" @@ -122,6 +122,16 @@ } } }, + "TrackedResourceLocation": { + "type": "object", + "description": "Describes an Azure resource with location", + "properties": { + "location": { + "type": "string", + "description": "Location where the resource is stored" + } + } + }, "AscLocationList": { "type": "object", "description": "List of locations where ASC saves your data",