diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index 57404bbc87bd..82ca9b909ace 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -1788,6 +1788,12 @@ "Creates or updates an Office365 data connector.": { "$ref": "./examples/dataConnectors/CreateOfficeDataConnetor.json" }, + "Creates or updates a Threat Intelligence Taxii data connector.": { + "$ref": "./examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json" + }, + "Creates or updates an Threat Intelligence Platform data connector.": { + "$ref": "./examples/dataConnectors/CreateThreatIntelligenceDataConnector.json" + }, "Creates or updates a Dynamics365 data connector.": { "$ref": "./examples/dataConnectors/CreateDynamics365DataConnetor.json" } @@ -11173,13 +11179,18 @@ "type": "object" }, "TIDataConnectorProperties": { - "allOf": [ - { - "$ref": "#/definitions/DataConnectorTenantId" - } - ], - "description": "Threat Intelligence Platforms data connector properties.", + "description": "TI (Threat Intelligence) data connector properties.", "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + }, + "tipLookbackPeriod": { + "description": "The lookback period for the feed to be imported.", + "format": "date-time", + "type": "string", + "x-nullable": true + }, "dataTypes": { "$ref": "#/definitions/TIDataConnectorDataTypes", "description": "The available data types for the connector." @@ -11278,6 +11289,40 @@ "description": "The password for the TAXII server.", "type": "string" }, + "taxiiLookbackPeriod": { + "description": "The lookback period for the TAXII server.", + "format": "date-time", + "type": "string", + "x-nullable": true + }, + "pollingFrequency": { + "description": "The polling frequency for the TAXII server.", + "type": "string", + "x-nullable": true, + "enum": [ + "OnceAMinute", + "OnceAnHour", + "OnceADay" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "PollingFrequency", + "values": [ + { + "description": "Once a minute", + "value": "OnceAMinute" + }, + { + "description": "Once an hour", + "value": "OnceAnHour" + }, + { + "description": "Once a day", + "value": "OnceADay" + } + ] + } + }, "dataTypes": { "$ref": "#/definitions/TiTaxiiDataConnectorDataTypes", "description": "The available data types for Threat Intelligence TAXII data connector." diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..61b536af1ffa --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "ThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json new file mode 100644 index 000000000000..9313356bf2f3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json @@ -0,0 +1,82 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "collectionId": "135", + "workspaceId": "dd124572-4962-4495-9bd2-9dade12314b4", + "friendlyName": "testTaxii", + "userName": "--", + "password": "--", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "collectionId": "135", + "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871", + "friendlyName": "testTaxii", + "userName": null, + "password": null, + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "collectionId": "135", + "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871", + "friendlyName": "testTaxii", + "userName": null, + "password": null, + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json index 615ea1d33eef..f87d42dcdfd1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json @@ -17,6 +17,7 @@ "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", "dataTypes": { "indicators": { "state": "Enabled" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json index 1dbd88e790a1..bac15ae677d8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json @@ -23,6 +23,8 @@ "collectionId": "e0b1f32d-1188-48f7-a7a3-de71924e4b5e", "userName": "", "password": "", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", "dataTypes": { "taxiiClient": { "state": "Enabled" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json index 03921b8a6186..253010ed2e5e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json @@ -848,6 +848,9 @@ "x-ms-examples": { "Creates or updates an Office365 data connector.": { "$ref": "./examples/dataConnectors/CreateOfficeDataConnetor.json" + }, + "Creates or updates an Threat Intelligence Platform data connector.": { + "$ref": "./examples/dataConnectors/CreateThreatIntelligenceDataConnector.json" } }, "tags": [ @@ -3338,6 +3341,12 @@ "description": "The tenant id to connect to, and get the data from.", "type": "string" }, + "tipLookbackPeriod": { + "description": "The lookback period for the feed to be imported.", + "format": "date-time", + "type": "string", + "x-nullable": true + }, "dataTypes": { "$ref": "#/definitions/TIDataConnectorDataTypes", "description": "The available data types for the connector." diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..4b10a4d584cd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "ThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetThreatIntelligenceById.json index 6c6fad0178de..033debf19d91 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/examples/dataConnectors/GetThreatIntelligenceById.json @@ -17,6 +17,7 @@ "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", "dataTypes": { "indicators": { "state": "Enabled"