diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2022-08-01/AlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2022-08-01/AlertRules.json index 09cee63fc41c..976b7911d1d1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2022-08-01/AlertRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2022-08-01/AlertRules.json @@ -847,6 +847,13 @@ "readOnly": true, "type": "array", "x-ms-identifiers": [] + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "type": "array" } }, "required": [ @@ -931,6 +938,13 @@ }, "type": "array", "x-ms-identifiers": [] + }, + "techniques": { + "description": "The techniques of the alert rule template", + "items": { + "type": "string" + }, + "type": "array" } }, "type": "object" @@ -1457,6 +1471,13 @@ "type": "array", "x-ms-identifiers": [] }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "type": "array" + }, "incidentConfiguration": { "$ref": "#/definitions/IncidentConfiguration", "description": "The settings of the incidents that created from alerts triggered by this analytics rule" @@ -1552,6 +1573,13 @@ "type": "array", "x-ms-identifiers": [] }, + "techniques": { + "description": "The techniques of the alert rule template", + "items": { + "type": "string" + }, + "type": "array" + }, "version": { "description": "The version of this template - in format , where all are numbers. For example <1.0.2>.", "type": "string" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2022-08-01/Incidents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2022-08-01/Incidents.json index 6fb0eb288eee..472dfb161095 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2022-08-01/Incidents.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2022-08-01/Incidents.json @@ -1079,29 +1079,6 @@ "value" ] }, - "IncidentOwnerInfo": { - "description": "Information on the user an incident is assigned to", - "properties": { - "email": { - "description": "The email of the user the incident is assigned to.", - "type": "string" - }, - "assignedTo": { - "description": "The name of the user the incident is assigned to.", - "type": "string" - }, - "objectId": { - "description": "The object id of the user the incident is assigned to.", - "format": "uuid", - "type": "string" - }, - "userPrincipalName": { - "description": "The user principal name of the user the incident is assigned to.", - "type": "string" - } - }, - "type": "object" - }, "IncidentProperties": { "description": "Describes incident properties", "properties": { @@ -1225,7 +1202,7 @@ "type": "string" }, "owner": { - "$ref": "#/definitions/IncidentOwnerInfo", + "$ref": "./common/IncidentTypes.json#/definitions/IncidentOwnerInfo", "description": "Describes a user that the incident is assigned to", "type": "object" }, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2022-08-01/common/AlertTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2022-08-01/common/AlertTypes.json index ff0c0a7d8e97..bb1bfb7755fa 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2022-08-01/common/AlertTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2022-08-01/common/AlertTypes.json @@ -41,6 +41,8 @@ "AttackTactic": { "description": "The severity for alerts created by this alert rule.", "enum": [ + "Reconnaissance", + "ResourceDevelopment", "InitialAccess", "Execution", "Persistence", @@ -53,7 +55,9 @@ "Exfiltration", "CommandAndControl", "Impact", - "PreAttack" + "PreAttack", + "ImpairProcessControl", + "InhibitResponseFunction" ], "type": "string", "x-ms-enum": {