diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index 03a073788341..20a473262ea4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -492,6 +492,18 @@ }, { "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ODataFilter" + }, + { + "$ref": "#/parameters/ODataOrderBy" + }, + { + "$ref": "#/parameters/ODataTop" + }, + { + "$ref": "#/parameters/ODataSkipToken" } ], "responses": { @@ -662,6 +674,173 @@ } } }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments": { + "get": { + "x-ms-examples": { + "Get all case comments.": { + "$ref": "./examples/cases/comments/GetAllCaseComments.json" + } + }, + "tags": [ + "CaseComments" + ], + "description": "Gets all case comments.", + "operationId": "Comments_ListByCase", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/CaseId" + }, + { + "$ref": "#/parameters/ODataFilter" + }, + { + "$ref": "#/parameters/ODataOrderBy" + }, + { + "$ref": "#/parameters/ODataTop" + }, + { + "$ref": "#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/CaseCommentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-odata": "#/definitions/CaseComment", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/cases/{caseId}/comments/{caseCommentId}": { + "get": { + "x-ms-examples": { + "Get a case comment.": { + "$ref": "./examples/cases/comments/GetCaseCommentById.json" + } + }, + "tags": [ + "CaseComments" + ], + "description": "Gets a case comment.", + "operationId": "Cases_GetComment", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/CaseId" + }, + { + "$ref": "#/parameters/CaseCommentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/CaseComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a case comment.": { + "$ref": "./examples/cases/comments/CreateCaseComment.json" + } + }, + "tags": [ + "CaseComments" + ], + "description": "Creates the case comment.", + "operationId": "CaseComments_CreateComment", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/CaseId" + }, + { + "$ref": "#/parameters/CaseCommentId" + }, + { + "$ref": "#/parameters/CaseComment" + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/CaseComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks": { "get": { "x-ms-examples": { @@ -2021,12 +2200,14 @@ "lastUpdatedTimeUtc": { "type": "string", "format": "date-time", - "description": "The last time the case was updated" + "description": "The last time the case was updated", + "readOnly": true }, "createdTimeUtc": { "type": "string", "format": "date-time", - "description": "The time the case was created" + "description": "The time the case was created", + "readOnly": true }, "endTimeUtc": { "type": "string", @@ -2053,7 +2234,7 @@ "type": "string", "description": "The title of the case" }, - "assignedTo": { + "owner": { "type": "object", "description": "Describes a user that the case is assigned to", "$ref": "#/definitions/UserInfo" @@ -2133,6 +2314,8 @@ "enum": [ "Resolved", "Dismissed", + "TruePositive", + "FalsePositive", "Other" ], "x-ms-enum": { @@ -2147,18 +2330,116 @@ "value": "Dismissed", "description": "Case was dismissed" }, + { + "value": "TruePositive", + "description": "Case was true positive" + }, + { + "value": "FalsePositive", + "description": "Case was false positive" + }, { "value": "Other", "description": "Case was closed for another reason" } ] } + }, + "closedReasonText": { + "type": "string", + "description": "the case close reason details" + }, + "relatedAlertIds": { + "type": "array", + "items": { + "type": "string", + "description": "related alert id" + }, + "description": "List of related alert identifiers", + "readOnly": true + }, + "caseNumber": { + "type": "integer", + "description": "a sequential number", + "readOnly": true + }, + "lastComment": { + "type": "string", + "description": "the last comment in the case", + "readOnly": true + }, + "totalComments": { + "type": "integer", + "description": "the number of total comments in the case", + "readOnly": true } }, "required": [ "title", "severity", - "status" + "status", + "startTimeUtc" + ] + }, + "CaseCommentList": { + "description": "List of case comments.", + "properties": { + "nextLink": { + "readOnly": true, + "description": "URL to fetch the next set of comments.", + "type": "string" + }, + "value": { + "description": "Array of comments.", + "type": "array", + "items": { + "$ref": "#/definitions/CaseComment" + } + } + }, + "required": [ + "value" + ] + }, + "CaseComment": { + "type": "object", + "description": "Represents a case comment", + "allOf": [ + { + "$ref": "#/definitions/Resource" + } + ], + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Case comment properties", + "$ref": "#/definitions/CaseCommentProperties" + } + } + }, + "CaseCommentProperties": { + "type": "object", + "description": "Case comment property bag.", + "properties": { + "message": { + "type": "string", + "description": "The comment message" + }, + "createdTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time the comment was created", + "readOnly": true + }, + "userInfo": { + "type": "object", + "description": "Describes the user that created the comment", + "$ref": "#/definitions/UserInfo", + "readOnly": true + } + }, + "required": [ + "message" ] }, "BookmarkList": { @@ -2257,17 +2538,23 @@ "objectId": { "type": "string", "format": "uuid", + "x-nullable": true, "description": "The object id of the user." }, "email": { "type": "string", - "description": "The email of the user." + "description": "The email of the user.", + "readOnly": true }, "name": { "type": "string", - "description": "The name of the user." + "description": "The name of the user.", + "readOnly": true } - } + }, + "required": [ + "objectId" + ] }, "Label": { "description": "Label that will be used to tag and filter on.", @@ -4850,6 +5137,24 @@ }, "x-ms-parameter-location": "method" }, + "CaseCommentId": { + "name": "caseCommentId", + "in": "path", + "required": true, + "type": "string", + "description": "Case comment ID", + "x-ms-parameter-location": "method" + }, + "CaseComment": { + "name": "caseComment", + "in": "body", + "description": "The case comment", + "required": true, + "schema": { + "$ref": "#/definitions/CaseComment" + }, + "x-ms-parameter-location": "method" + }, "BookmarkId": { "name": "bookmarkId", "in": "path", @@ -4945,6 +5250,39 @@ "type": "string", "description": "entity query ID", "x-ms-parameter-location": "method" + }, + "ODataFilter": { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "Filters the results, based on a Boolean condition. Optional.", + "x-ms-parameter-location": "method" + }, + "ODataOrderBy": { + "name": "$orderby", + "in": "query", + "required": false, + "type": "string", + "description": "Sorts the results. Optional.", + "x-ms-parameter-location": "method" + }, + "ODataTop": { + "name": "$top", + "in": "query", + "required": false, + "type": "integer", + "format": "int32", + "description": "Returns only the first n results. Optional.", + "x-ms-parameter-location": "method" + }, + "ODataSkipToken": { + "name": "$skipToken", + "in": "query", + "required": false, + "type": "string", + "description": "Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.", + "x-ms-parameter-location": "method" } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/CreateCase.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/CreateCase.json index 3b30acd68983..da4e043a4570 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/CreateCase.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/CreateCase.json @@ -7,13 +7,8 @@ "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "caseId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "case": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "type": "Microsoft.SecurityInsights/cases", "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { - "lastUpdatedTimeUtc": "2019-01-01T13:15:30Z", - "createdTimeUtc": "2019-01-01T13:15:30Z", "endTimeUtc": "2019-01-01T13:05:30Z", "startTimeUtc": "2019-01-01T13:00:30Z", "labels": [ @@ -22,10 +17,8 @@ ], "description": "This is a demo case", "title": "My case", - "assignedTo": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", - "email": "john@contoso.com", - "name": "john doe" + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" }, "severity": "High", "closeReason": "Resolved", @@ -51,14 +44,16 @@ ], "description": "This is a demo case", "title": "My case", - "assignedTo": { + "owner": { "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", "email": "john@contoso.com", "name": "john doe" }, "severity": "High", "closeReason": "Resolved", - "status": "Closed" + "status": "Closed", + "relatedAlertIds": ["cf441808-2d50-4c10-81af-cdd0b908c121"], + "caseNumber": 3177 } } }, @@ -79,14 +74,16 @@ ], "description": "This is a demo case", "title": "My case", - "assignedTo": { + "owner": { "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", "email": "john@contoso.com", "name": "john doe" }, "severity": "High", "closeReason": "Resolved", - "status": "Closed" + "status": "Closed", + "relatedAlertIds": ["cf441808-2d50-4c10-81af-cdd0b908c121"], + "caseNumber": 3177 } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCaseById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCaseById.json index 0fb96cf9af43..7e406a0248a9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCaseById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCaseById.json @@ -25,14 +25,19 @@ ], "description": "This is a demo case", "title": "My case", - "assignedTo": { + "owner": { "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", "email": "john@contoso.com", "name": "john doe" }, "severity": "High", "closeReason": "Resolved", - "status": "Closed" + "status": "Closed", + "closedReasonText": "case resolved", + "relatedAlertIds": ["cf441808-2d50-4c10-81af-cdd0b908c121"], + "caseNumber": 3177, + "lastComment": "This is a demo case", + "totalComments": 3 } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCases.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCases.json index 3280c62c9c6c..2041ed18a4b2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCases.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCases.json @@ -4,7 +4,9 @@ "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights" + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "$orderby": "properties/createdTimeUtc desc", + "$top": 1 }, "responses": { "200": { @@ -26,14 +28,19 @@ ], "description": "This is a demo case", "title": "My case", - "assignedTo": { + "owner": { "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", "email": "john@contoso.com", "name": "john doe" }, "severity": "High", "closeReason": "Resolved", - "status": "Closed" + "status": "Closed", + "closedReasonText": "case resolved", + "relatedAlertIds": ["cf441808-2d50-4c10-81af-cdd0b908c121"], + "caseNumber": 3177, + "lastComment": "This is a demo case", + "totalComments": 3 } } ] diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/CreateCaseComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/CreateCaseComment.json new file mode 100644 index 000000000000..f87f16a08fc5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/CreateCaseComment.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "caseId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "caseCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "caseComment": { + "properties": { + "message": "Some message" + } + } + }, + "responses": { + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/cases/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "userInfo": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetAllCaseComments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetAllCaseComments.json new file mode 100644 index 000000000000..739f440774dd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetAllCaseComments.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "caseId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/cases/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "userInfo": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetCaseCommentById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetCaseCommentById.json new file mode 100644 index 000000000000..4a6b85d23b77 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/comments/GetCaseCommentById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "caseId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "caseCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/cases/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/cases/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "userInfo": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + } + } + } + } + } +}