Azure · msyyc · Feb 9, 2022 · Jan 24, 2022 · Jan 24, 2022 · Jan 24, 2022
diff --git a/...sights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/AutomationRules.json b/...sights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/AutomationRules.json
diff --git a/...rityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/Incidents.json b/...rityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/Incidents.json
@@ -1049,42 +1049,6 @@
       ],
       "type": "object"
     },
-    "IncidentLabel": {
-      "description": "Represents an incident label",
-      "properties": {
-        "labelName": {
-          "description": "The name of the label",
-          "type": "string"
-        },
-        "labelType": {
-          "description": "The type of the label",
-          "enum": [
-            "User",
-            "System"
-          ],
-          "type": "string",
-          "readOnly": true,
-          "x-ms-enum": {
-            "modelAsString": true,
-            "name": "IncidentLabelType",
-            "values": [
-              {
-                "description": "Label manually created by a user",
-                "value": "User"
-              },
-              {
-                "description": "Label automatically created by the system",
-                "value": "System"
-              }
-            ]
-          }
-        }
-      },
-      "required": [
-        "labelName"
-      ],
-      "type": "object"
-    },
     "IncidentList": {
       "description": "List all the incidents.",
       "properties": {
@@ -1235,7 +1199,7 @@
         "labels": {
           "description": "List of labels relevant to this incident",
           "items": {
-            "$ref": "#/definitions/IncidentLabel"
+            "$ref": "./common/IncidentTypes.json#/definitions/IncidentLabel"
           },
           "type": "array"
         },

diff --git a/...s/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/common/IncidentTypes.json b/...s/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/common/IncidentTypes.json
@@ -6,6 +6,109 @@
   },
   "paths": {},
   "definitions": {
+    "IncidentClassificationEnum": {
+      "description": "The reason the incident was closed",
+      "enum": [
+        "Undetermined",
+        "TruePositive",
+        "BenignPositive",
+        "FalsePositive"
+      ],
+      "type": "string",
+      "x-ms-enum": {
+        "modelAsString": true,
+        "name": "IncidentClassification",
+        "values": [
+          {
+            "description": "Incident classification was undetermined",
+            "value": "Undetermined"
+          },
+          {
+            "description": "Incident was true positive",
+            "value": "TruePositive"
+          },
+          {
+            "description": "Incident was benign positive",
+            "value": "BenignPositive"
+          },
+          {
+            "description": "Incident was false positive",
+            "value": "FalsePositive"
+          }
+        ]
+      }
+    },
+    "IncidentClassificationReasonEnum": {
+      "description": "The classification reason the incident was closed with",
+      "enum": [
+        "SuspiciousActivity",
+        "SuspiciousButExpected",
+        "IncorrectAlertLogic",
+        "InaccurateData"
+      ],
+      "type": "string",
+      "x-ms-enum": {
+        "modelAsString": true,
+        "name": "IncidentClassificationReason",
+        "values": [
+          {
+            "description": "Classification reason was suspicious activity",
+            "value": "SuspiciousActivity"
+          },
+          {
+            "description": "Classification reason was suspicious but expected",
+            "value": "SuspiciousButExpected"
+          },
+          {
+            "description": "Classification reason was incorrect alert logic",
+            "value": "IncorrectAlertLogic"
+          },
+          {
+            "description": "Classification reason was inaccurate data",
+            "value": "InaccurateData"
+          }
+        ]
+      }
+    },
+    "IncidentLabel": {
+      "description": "Represents an incident label",
+      "properties": {
+        "labelName": {
+          "description": "The name of the label",
+          "type": "string"
+        },
+        "labelType": {
+          "$ref": "#/definitions/IncidentLabelType"
+        }
+      },
+      "required": [
+        "labelName"
+      ],
+      "type": "object"
+    },
+    "IncidentLabelType": {
+      "description": "The type of the label",
+      "enum": [
+        "User",
+        "AutoAssigned"
+      ],
+      "type": "string",
+      "readOnly": true,
+      "x-ms-enum": {
+        "modelAsString": true,
+        "name": "IncidentLabelType",
+        "values": [
+          {
+            "description": "Label manually created by a user",
+            "value": "User"
+          },
+          {
+            "description": "Label automatically created by the system",
+            "value": "AutoAssigned"
+          }
+        ]
+      }
+    },
     "IncidentSeverityEnum": {
       "description": "The severity of the incident",
       "enum": [
@@ -38,6 +141,83 @@
         ]
       }
     },
+    "IncidentStatusEnum": {
+      "description": "The status of the incident",
+      "enum": [
+        "New",
+        "Active",
+        "Closed"
+      ],
+      "type": "string",
+      "x-ms-enum": {
+        "modelAsString": true,
+        "name": "IncidentStatus",
+        "values": [
+          {
+            "description": "An active incident which isn't being handled currently",
+            "value": "New"
+          },
+          {
+            "description": "An active incident which is being handled",
+            "value": "Active"
+          },
+          {
+            "description": "A non-active incident",
+            "value": "Closed"
+          }
+        ]
+      }
+    },
+    "IncidentOwnerInfo": {
+      "description": "Information on the user an incident is assigned to",
+      "properties": {
+        "email": {
+          "description": "The email of the user the incident is assigned to.",
+          "type": "string"
+        },
+        "assignedTo": {
+          "description": "The name of the user the incident is assigned to.",
+          "type": "string"
+        },
+        "objectId": {
+          "description": "The object id of the user the incident is assigned to.",
+          "format": "uuid",
+          "type": "string"
+        },
+        "userPrincipalName": {
+          "description": "The user principal name of the user the incident is assigned to.",
+          "type": "string"
+        },
+        "ownerType": {
+          "description": "The type of the owner the incident is assigned to.",
+          "type": "string",
+          "enum": [
+            "Unknown",
+            "User",
+            "Group"
+          ],
+          "x-ms-enum": {
+            "modelAsString": true,
+            "name": "OwnerType",
+            "values": [
+              {
+                "description": "The incident owner type is unknown",
+                "value": "Unknown"
+              },
+              {
+                "description": "The incident owner type is an AAD user",
+                "value": "User"
+              },
+              {
+                "description": "The incident owner type is an AAD group",
+                "value": "Group"
+              }
+            ]
+          }
+        }
+      },
+      "type": "object"
+    },
     "IncidentInfo": {
       "description": "Describes related incident information for the bookmark",
       "properties": {