diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/EnrichmentWithWorkspace.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/EnrichmentWithWorkspace.json new file mode 100644 index 000000000000..96ceb050195d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/EnrichmentWithWorkspace.json @@ -0,0 +1,443 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2024-01-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/enrichment/{enrichmentType}/listGeodataByIp": { + "post": { + "x-ms-examples": { + "Get geodata for a single IP address": { + "$ref": "./examples/enrichment/GetGeodataWithWorkspaceByIp.json" + } + }, + "tags": [ + "Enrichment" + ], + "description": "Get geodata for a single IP address", + "operationId": "ListGeodataByIp", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EnrichmentType" + }, + { + "$ref": "#/parameters/EnrichmentIpAddressBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EnrichmentIpGeodata" + } + }, + "default": { + "description": "Error response describing why the operation failed to enrich this ip.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/enrichment/{enrichmentType}/listWhoisByDomain": { + "post": { + "x-ms-examples": { + "Get whois information for a single domain name": { + "$ref": "./examples/enrichment/GetWhoisWithWorkspaceByDomainName.json" + } + }, + "tags": [ + "Enrichment" + ], + "description": "Get whois information for a single domain name", + "operationId": "ListWhoisByDomain", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EnrichmentType" + }, + { + "$ref": "#/parameters/EnrichmentDomainBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EnrichmentDomainWhois" + } + }, + "default": { + "description": "Error response describing why the operation failed to enrich this domain.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "EnrichmentIpAddressBody": { + "description": "IP address (v4 or v6) to be enriched", + "in": "body", + "name": "ipAddressBody", + "required": true, + "schema": { + "$ref": "#/definitions/EnrichmentIpAddressBody" + }, + "x-ms-parameter-location": "method" + }, + "EnrichmentDomainBody": { + "description": "Domain name to be enriched. Only domain name is accepted", + "in": "body", + "name": "domainBody", + "required": true, + "schema": { + "$ref": "#/definitions/EnrichmentDomainBody" + }, + "x-ms-parameter-location": "method" + }, + "EnrichmentType": { + "description": "Enrichment type", + "in": "path", + "name": "enrichmentType", + "required": true, + "enum": [ + "main" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EnrichmentType", + "values": [ + { + "value": "main" + } + ] + }, + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "EnrichmentIpAddressBody": { + "description": "IP address (v4 or v6) to be enriched", + "properties": { + "ipAddress": { + "description": "The dotted-decimal or colon-separated string representation of the IP address", + "type": "string" + } + }, + "type": "object" + }, + "EnrichmentDomainBody": { + "description": "Domain name to be enriched", + "properties": { + "domain": { + "description": "The domain name", + "type": "string" + } + }, + "type": "object" + }, + "EnrichmentDomainWhois": { + "description": "Whois information for a given domain and associated metadata", + "properties": { + "domain": { + "description": "The domain for this whois record", + "type": "string" + }, + "server": { + "description": "The hostname of this registrar's whois server", + "type": "string" + }, + "created": { + "description": "The timestamp at which this record was created", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The timestamp at which this record was last updated", + "format": "date-time", + "type": "string" + }, + "expires": { + "description": "The timestamp at which this record will expire", + "format": "date-time", + "type": "string" + }, + "parsedWhois": { + "description": "The whois record for a given domain", + "$ref": "#/definitions/EnrichmentDomainWhoisDetails" + } + }, + "type": "object" + }, + "EnrichmentDomainWhoisDetails": { + "description": "The whois record for a given domain", + "properties": { + "registrar": { + "description": "The registrar associated with this domain", + "$ref": "#/definitions/EnrichmentDomainWhoisRegistrarDetails" + }, + "contacts": { + "description": "The set of contacts associated with this domain", + "$ref": "#/definitions/EnrichmentDomainWhoisContacts" + }, + "nameServers": { + "description": "A list of name servers associated with this domain", + "type": "array", + "items": { + "type": "string" + } + }, + "statuses": { + "description": "The set of status flags for this whois record", + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, + "EnrichmentDomainWhoisRegistrarDetails": { + "description": "The registrar associated with this domain", + "properties": { + "name": { + "description": "The name of this registrar", + "type": "string" + }, + "abuseContactEmail": { + "description": "This registrar's abuse contact email", + "type": "string" + }, + "abuseContactPhone": { + "description": "This registrar's abuse contact phone number", + "type": "string" + }, + "ianaId": { + "description": "This registrar's Internet Assigned Numbers Authority id", + "type": "string" + }, + "url": { + "description": "This registrar's URL", + "type": "string" + }, + "whoisServer": { + "description": "The hostname of this registrar's whois server", + "type": "string" + } + }, + "type": "object" + }, + "EnrichmentDomainWhoisContacts": { + "description": "The set of contacts associated with this domain", + "properties": { + "admin": { + "description": "The admin contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + }, + "billing": { + "description": "The billing contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + }, + "registrant": { + "description": "The registrant contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + }, + "tech": { + "description": "The technical contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + } + }, + "type": "object" + }, + "EnrichmentDomainWhoisContact": { + "description": "An individual contact associated with this domain", + "properties": { + "name": { + "description": "The name of this contact", + "type": "string" + }, + "org": { + "description": "The organization for this contact", + "type": "string" + }, + "street": { + "description": "A list describing the street address for this contact", + "type": "array", + "items": { + "type": "string" + } + }, + "city": { + "description": "The city for this contact", + "type": "string" + }, + "state": { + "description": "The state for this contact", + "type": "string" + }, + "postal": { + "description": "The postal code for this contact", + "type": "string" + }, + "country": { + "description": "The country for this contact", + "type": "string" + }, + "phone": { + "description": "The phone number for this contact", + "type": "string" + }, + "fax": { + "description": "The fax number for this contact", + "type": "string" + }, + "email": { + "description": "The email address for this contact", + "type": "string" + } + }, + "type": "object" + }, + "EnrichmentIpGeodata": { + "description": "Geodata information for a given IP address", + "properties": { + "asn": { + "description": "The autonomous system number associated with this IP address", + "type": "string" + }, + "carrier": { + "description": "The name of the carrier for this IP address", + "type": "string" + }, + "city": { + "description": "The city this IP address is located in", + "type": "string" + }, + "cityConfidenceFactor": { + "description": "A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100", + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 100 + }, + "continent": { + "description": "The continent this IP address is located on", + "type": "string" + }, + "country": { + "description": "The county this IP address is located in", + "type": "string" + }, + "countryConfidenceFactor": { + "description": "A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100", + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 100 + }, + "ipAddr": { + "description": "The dotted-decimal or colon-separated string representation of the IP address", + "type": "string" + }, + "ipRoutingType": { + "description": "A description of the connection type of this IP address", + "type": "string" + }, + "latitude": { + "description": "The latitude of this IP address", + "type": "string" + }, + "longitude": { + "description": "The longitude of this IP address", + "type": "string" + }, + "organization": { + "description": "The name of the organization for this IP address", + "type": "string" + }, + "organizationType": { + "description": "The type of the organization for this IP address", + "type": "string" + }, + "region": { + "description": "The geographic region this IP address is located in", + "type": "string" + }, + "state": { + "description": "The state this IP address is located in", + "type": "string" + }, + "stateConfidenceFactor": { + "description": "A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100", + "type": "integer", + "format": "int32", + "minimum": 0, + "maximum": 100 + }, + "stateCode": { + "description": "The abbreviated name for the state this IP address is located in", + "type": "string" + } + }, + "type": "object" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/examples/enrichment/GetGeodataWithWorkspaceByIp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/examples/enrichment/GetGeodataWithWorkspaceByIp.json new file mode 100644 index 000000000000..ee66bc201eea --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/examples/enrichment/GetGeodataWithWorkspaceByIp.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2024-01-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "enrichmentType": "main", + "ipAddressBody": { + "ipAddress": "1.2.3.4" + } + }, + "responses": { + "200": { + "body": { + "asn": "12345", + "carrier": "Microsoft", + "city": "Redmond", + "cityCf": 90, + "continent": "north america", + "country": "united states", + "countryCf": 99, + "ipAddr": "1.2.3.4", + "ipRoutingType": "fixed", + "latitude": "40.2436", + "longitude": "-100.8891", + "organization": "Microsoft", + "organizationType": "tech", + "region": "western usa", + "state": "washington", + "stateCf": null, + "stateCode": "wa" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/examples/enrichment/GetWhoisWithWorkspaceByDomainName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/examples/enrichment/GetWhoisWithWorkspaceByDomainName.json new file mode 100644 index 000000000000..cd89cdef0867 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2024-01-01-preview/examples/enrichment/GetWhoisWithWorkspaceByDomainName.json @@ -0,0 +1,91 @@ +{ + "parameters": { + "api-version": "2024-01-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "enrichmentType": "main", + "domainBody": { + "domain": "microsoft.com" + } + }, + "responses": { + "200": { + "body": { + "domain": "microsoft.com", + "server": null, + "created": "2021-09-01T16:15:01.187045Z", + "updated": "2021-09-01T16:15:01.187045Z", + "expires": null, + "parsedWhois": { + "registrar": { + "name": "MarkMonitor, Inc", + "abuseContactPhone": "12083895770", + "abuseContactEmail": "abuse@microsoft.com", + "url": "http://www.markmonitor.com", + "whoisServer": "whois.markmonitor.com" + }, + "contacts": { + "admin": { + "name": "Administrator", + "org": "Microsoft", + "street": [ + "One Microsoft Way" + ], + "city": null, + "state": "WA", + "postal": "98052", + "country": "United States", + "phone": "1-800-555-1234", + "fax": null, + "email": "mail@microsoft.com" + }, + "registrant": null, + "billing": { + "name": "Administrator", + "org": "Microsoft", + "street": [ + "One Microsoft Way" + ], + "city": null, + "state": "WA", + "postal": "98052", + "country": "United States", + "phone": "1-800-555-1234", + "fax": null, + "email": "mail@microsoft.com" + }, + "tech": { + "name": "Administrator", + "org": "Microsoft", + "street": [ + "One Microsoft Way" + ], + "city": null, + "state": "WA", + "postal": "98052", + "country": "United States", + "phone": "1-800-555-1234", + "fax": null, + "email": "mail@microsoft.com" + } + }, + "nameServers": [ + "ns1-205.azure-dns.com", + "ns2-205.azure-dns.net", + "ns3-205.azure-dns.org", + "ns4-205.azure-dns.info" + ], + "statuses": [ + "clientUpdateProhibited", + "clientTransferProhibited", + "clientDeleteProhibited", + "serverUpdateProhibited", + "serverTransferProhibited", + "serverDeleteProhibited" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/readme.md b/specification/securityinsights/resource-manager/readme.md index ea8cf46d1a0d..7afe19f4f598 100644 --- a/specification/securityinsights/resource-manager/readme.md +++ b/specification/securityinsights/resource-manager/readme.md @@ -47,6 +47,7 @@ input-file: - Microsoft.SecurityInsights/preview/2024-01-01-preview/ContentProductTemplates.json - Microsoft.SecurityInsights/preview/2024-01-01-preview/ContentTemplates.json - Microsoft.SecurityInsights/preview/2024-01-01-preview/Enrichment.json + - Microsoft.SecurityInsights/preview/2024-01-01-preview/EnrichmentWithWorkspace.json - Microsoft.SecurityInsights/preview/2024-01-01-preview/Entities.json - Microsoft.SecurityInsights/preview/2024-01-01-preview/EntityQueries.json - Microsoft.SecurityInsights/preview/2024-01-01-preview/EntityQueryTemplates.json