Add MITRE support to alert rules models

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2022-08-01/AlertRules.json

@@ -847,6 +847,13 @@
           "readOnly": true,
           "type": "array",
           "x-ms-identifiers": []
+        },
+        "techniques": {
+          "description": "The techniques of the alert rule",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "required": [
@@ -931,6 +938,13 @@
           },
           "type": "array",
           "x-ms-identifiers": []
+        },
+        "techniques": {
+          "description": "The techniques of the alert rule template",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
         }
       },
       "type": "object"
@@ -1457,6 +1471,13 @@
           "type": "array",
           "x-ms-identifiers": []
         },
+        "techniques": {
+          "description": "The techniques of the alert rule",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "incidentConfiguration": {
           "$ref": "#/definitions/IncidentConfiguration",
           "description": "The settings of the incidents that created from alerts triggered by this analytics rule"
@@ -1552,6 +1573,13 @@
           "type": "array",
           "x-ms-identifiers": []
         },
+        "techniques": {
+          "description": "The techniques of the alert rule template",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "version": {
           "description": "The version of this template - in format <a.b.c>, where all are numbers. For example <1.0.2>.",
           "type": "string"

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2022-08-01/Incidents.json

@@ -1079,29 +1079,6 @@
         "value"
       ]
     },
-    "IncidentOwnerInfo": {
-      "description": "Information on the user an incident is assigned to",
-      "properties": {
-        "email": {
-          "description": "The email of the user the incident is assigned to.",
-          "type": "string"
-        },
-        "assignedTo": {
-          "description": "The name of the user the incident is assigned to.",
-          "type": "string"
-        },
-        "objectId": {
-          "description": "The object id of the user the incident is assigned to.",
-          "format": "uuid",
-          "type": "string"
-        },
-        "userPrincipalName": {
-          "description": "The user principal name of the user the incident is assigned to.",
-          "type": "string"
-        }
-      },
-      "type": "object"
-    },
     "IncidentProperties": {
       "description": "Describes incident properties",
       "properties": {
@@ -1225,7 +1202,7 @@
           "type": "string"
         },
         "owner": {
-          "$ref": "#/definitions/IncidentOwnerInfo",
+          "$ref": "./common/IncidentTypes.json#/definitions/IncidentOwnerInfo",
           "description": "Describes a user that the incident is assigned to",
           "type": "object"
         },

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2022-08-01/common/AlertTypes.json

@@ -41,6 +41,8 @@
     "AttackTactic": {
       "description": "The severity for alerts created by this alert rule.",
       "enum": [
+        "Reconnaissance",
+        "ResourceDevelopment",
         "InitialAccess",
         "Execution",
         "Persistence",
@@ -53,7 +55,9 @@
         "Exfiltration",
         "CommandAndControl",
         "Impact",
-        "PreAttack"
+        "PreAttack",
+        "ImpairProcessControl",
+        "InhibitResponseFunction"
       ],
       "type": "string",
       "x-ms-enum": {