From fe3c5dc4debc563e0acc1955bbd93a8042284b6b Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Wed, 20 May 2020 11:40:42 +0300 Subject: [PATCH 01/36] iotAlertType --- .../stable/2019-08-01/iotAlertTypes.json | 238 ++++++++++++++++++ 1 file changed, 238 insertions(+) create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json new file mode 100644 index 000000000000..e625433cb7c6 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json @@ -0,0 +1,238 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "version": "2019-08-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [{ + "azure_auth": [ + "user_impersonation" + ] + }], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/iotAlertTypes": { + "get": { + "x-ms-examples": { + "Get IoT Alert Types": { + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json" + } + }, + "tags": [ + "IoT Security Solution Analytics" + ], + "description": "List IoT alert types", + "operationId": "IotAlertTypes_List", + "parameters": [{ + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IotAlertTypeList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/iotAlertTypes/{iotAlertTypeName}": { + "get": { + "x-ms-examples": { + "Get IoT Alert Type": { + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json" + } + }, + "operationId": "IotAlertTypes_Get", + "description": "Get IoT alert type", + "parameters": [{ + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + }, + { + "in": "path", + "name": "iotAlertTypeName", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "IoT alert type", + "schema": { + "$ref": "#/definitions/IotAlertType" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + } + } + }, + "definitions": { + "IotAlertTypeList": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/IotAlertType" + } + } + } + }, + "IotAlertType": { + "type": "object", + "description": "IoT alert type.", + "properties": { + "properties": { + "$ref": "#/definitions/IotAlertTypeProperties" + } + }, + "allOf": [{ + "$ref": "../../../common/v1/types.json#/definitions/Resource" + }] + }, + "IotAlertTypeProperties": { + "type": "object", + "description": "IoT alert type information.", + "properties": { + "displayName": { + "readOnly": true, + "type": "string", + "example": "Privileged container detected", + "description": "Display name of the alert type." + }, + "alertSeverity": { + "readOnly": true, + "type": "string", + "example": "Medium", + "description": "Assessed alert severity.", + "enum": [ + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "alertSeverity", + "modelAsString": true, + "values": [{ + "value": "Low" + }, + { + "value": "Medium" + }, + { + "value": "High" + } + ] + } + }, + "description": { + "readOnly": true, + "type": "string", + "description": "Description of the suspected vulnerability and meaning.", + "example": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine." + }, + "providerName": { + "readOnly": true, + "type": "string", + "example": "IoTSecurity", + "description": "Name of the alert type provider." + }, + "vendorName": { + "readOnly": true, + "type": "string", + "example": "Microsoft", + "description": "Name of the alert type vendor." + }, + "remediationSteps": { + "readOnly": true, + "description": "Recommended steps for remediation.", + "type": "array", + "items": { + "type": "string", + "example": "If the container doesn't need to run in privileged mode, remove the privileges from the container." + } + }, + "sourceSystem": { + "readOnly": true, + "type": "string", + "example": "Detection", + "description": "Name of the source system." + }, + "productName": { + "readOnly": true, + "description": "Product name", + "type": "string", + "example": "Azure Security Center for IoT" + }, + "type": { + "readOnly": true, + "description": "Type of the alert", + "type": "string", + "example": "SecurityAlert" + } + } + } + }, + "parameters": { + "SolutionName": { + "name": "solutionName", + "in": "path", + "required": true, + "description": "The name of the IoT security solution.", + "type": "string", + "x-ms-parameter-location": "method" + } + } +} \ No newline at end of file From 0f4d493a94c2cb6cdd69615593e62fbceba58b20 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Wed, 20 May 2020 11:47:58 +0300 Subject: [PATCH 02/36] alert type example --- .../GetIoTAlertType.json | 31 ++++++++++++++++++ .../GetIoTAlertTypeList.json | 32 +++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json new file mode 100644 index 000000000000..caa78dffa328 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "myGroup", + "solutionName": "mySolution", + "iotAlertTypeName": "IoT_PrivilegedContainer" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/analyticsModels/default/iotAlertTypes/IoT_PrivilegedContainer", + "name": "IoT_PrivilegedContainer", + "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/iotAlertTypes", + "properties": { + "displayName": "Privileged container detected", + "alertSeverity": "Medium", + "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.", + "providerName": "IoTSecurity", + "vendorName": "Microsoft", + "remediationSteps": [ + "If the container doesn't need to run in privileged mode, remove the privileges from the container." + ], + "sourceSystem": "Detection", + "productName": "Azure Security Center for IoT", + "type": "SecurityAlert" + } + } + } + } +} \ No newline at end of file diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json new file mode 100644 index 000000000000..dedf4d2bb7c0 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "myGroup", + "solutionName": "mySolution" + }, + "responses": { + "200": { + "body": { + "value": [{ + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/analyticsModels/default/iotAlertTypes", + "name": "IoT_PrivilegedContainer", + "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/iotAlertTypes", + "properties": { + "displayName": "Privileged container detected", + "alertSeverity": "Medium", + "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.", + "providerName": "IoTSecurity", + "vendorName": "Microsoft", + "remediationSteps": [ + "If the container doesn't need to run in privileged mode, remove the privileges from the container." + ], + "sourceSystem": "Detection", + "productName": "Azure Security Center for IoT", + "type": "SecurityAlert" + } + }] + } + } + } +} \ No newline at end of file From 57a561f0a4264ec626dab6aa2ecb697e46e27ce7 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Wed, 20 May 2020 11:53:04 +0300 Subject: [PATCH 03/36] add alertType to readme --- specification/security/resource-manager/readme.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md index b324ff734759..7d25ba3d95d5 100644 --- a/specification/security/resource-manager/readme.md +++ b/specification/security/resource-manager/readme.md @@ -143,6 +143,7 @@ input-file: - Microsoft.Security/stable/2019-08-01/deviceSecurityGroups.json - Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json - Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json +- Microsoft.Security/stable/2019-08-01/iotAlertTypes.json - Microsoft.Security/preview/2015-06-01-preview/locations.json - Microsoft.Security/preview/2015-06-01-preview/operations.json - Microsoft.Security/preview/2015-06-01-preview/tasks.json @@ -296,6 +297,7 @@ These settings apply only when `--tag=package-2019-08-only` is specified on the input-file: - Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json - Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json +- Microsoft.Security/stable/2019-08-01/iotAlertTypes.json # Needed when there is more than one input file override-info: @@ -391,6 +393,7 @@ input-file: - $(this-folder)/Microsoft.Security/stable/2019-08-01/deviceSecurityGroups.json - $(this-folder)/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json - $(this-folder)/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json + - $(this-folder)/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json - $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/serverVulnerabilityAssessments.json - $(this-folder)/Microsoft.Security/stable/2020-01-01/assessmentMetadata.json - $(this-folder)/Microsoft.Security/stable/2020-01-01/assessments.json From f876163ae1b5c36792d64388a1f946b3d7fcecd1 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Wed, 20 May 2020 12:59:31 +0300 Subject: [PATCH 04/36] Autorest warnings --- .../stable/2019-08-01/iotAlertTypes.json | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json index e625433cb7c6..4aed88cc9ce8 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json @@ -98,7 +98,8 @@ "in": "path", "name": "iotAlertTypeName", "required": true, - "type": "string" + "type": "string", + "description": "Name of the alert type" } ], "responses": { @@ -106,6 +107,7 @@ "description": "IoT alert type", "schema": { "$ref": "#/definitions/IotAlertType" + } }, "default": { "description": "Error response describing why the operation failed.", @@ -115,15 +117,16 @@ } } } - } } }, "definitions": { "IotAlertTypeList": { "type": "object", + "description": "List of alert types", "properties": { "value": { "type": "array", + "description": "List data", "items": { "$ref": "#/definitions/IotAlertType" } @@ -135,6 +138,8 @@ "description": "IoT alert type.", "properties": { "properties": { + "x-ms-client-flatten": true, + "description": "Alert type properties", "$ref": "#/definitions/IotAlertTypeProperties" } }, From 653583f7841ec0d27db98d9f7adae9dbfdcec7d2 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Wed, 20 May 2020 12:59:54 +0300 Subject: [PATCH 05/36] Autorest warnings (2) --- specification/security/resource-manager/readme.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md index 7d25ba3d95d5..16d4ab9239c5 100644 --- a/specification/security/resource-manager/readme.md +++ b/specification/security/resource-manager/readme.md @@ -36,6 +36,10 @@ directive: from: iotSecuritySolutionAnalytics.json where: '$.paths["/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels"].get' reason: The list returns limited number of items + - suppress: PageableOperation + from: alertTypes.json + where: '$.paths["/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/alertTypes"].get' + reason: The list returns limited number of items ``` ### Basic Information From fe9923ea83d834c486acd96e075b899fd5dc6c0a Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Wed, 20 May 2020 13:22:24 +0300 Subject: [PATCH 06/36] fix description --- .../Microsoft.Security/stable/2019-08-01/iotAlertTypes.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json index 4aed88cc9ce8..fedcee0e2098 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json @@ -235,7 +235,7 @@ "name": "solutionName", "in": "path", "required": true, - "description": "The name of the IoT security solution.", + "description": "The name of the IoT Security solution.", "type": "string", "x-ms-parameter-location": "method" } From e4e7fcda01106e56ba4ae36b591af365667ba7fb Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Thu, 21 May 2020 09:47:20 +0300 Subject: [PATCH 07/36] iotAlert --- .../stable/2019-08-01/iotAlert.json | 242 ++++++++++++++++++ .../stable/2019-08-01/iotAlertTypes.json | 14 + 2 files changed, 256 insertions(+) create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlert.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlert.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlert.json new file mode 100644 index 000000000000..92a525462fa7 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlert.json @@ -0,0 +1,242 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "version": "2019-08-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [{ + "azure_auth": [ + "user_impersonation" + ] + }], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/iotAlerts": { + "get": { + "x-ms-examples": { + "Get IoT Alert Types": { + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTAlerts.json" + } + }, + "tags": [ + "IoT Security Solution Analytics" + ], + "description": "List IoT alerts", + "operationId": "IotAlert_List", + "parameters": [{ + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + }, + { + "in": "query", + "name": "since", + "required": false, + "type": "string", + "description": "Filter by minimum startTime (ISO 8601 format)" + }, + { + "in": "query", + "name": "until", + "required": false, + "type": "string", + "description": "Filter by maximum startTime (ISO 8601 format)" + }, + { + "in": "query", + "name": "alertType", + "required": false, + "type": "string", + "description": "Filter by alert type" + }, + { + "in": "query", + "name": "$skipToken", + "required": false, + "type": "string", + "description": "Skip token used for pagination" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/CompactIotAlertPropertiesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/iotAlerts/{iotAlertId}": { + "get": { + "x-ms-examples": { + "Get IoT Alert Type": { + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json" + } + }, + "operationId": "IotAlert_Get", + "description": "Get IoT alert", + "parameters": [{ + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + }, + { + "in": "path", + "name": "iotAlertId", + "required": true, + "type": "string", + "description": "Id of the alert" + } + ], + "responses": { + "200": { + "description": "IoT alert", + "schema": { + "$ref": "#/definitions/IotAlert" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "CompactIotAlertPropertiesList": { + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/CompactIotAlertProperties" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "When available, follow the URI to get the next page of data" + } + } + }, + "CompactIotAlertProperties": { + "type": "object", + "required": [ + "compromisedEntity", + "alertType", + "startTimeUtc" + ], + "properties": { + "compromisedEntity": { + "readOnly": true, + "type": "string", + "example": "device-1" + }, + "alertType": { + "readOnly": true, + "type": "string", + "example": "IoT_PrivilegedContainer" + }, + "startTimeUtc": { + "readOnly": true, + "type": "string", + "example": "2020-05-13T06:32:25Z" + }, + "extendedProperties": { + "readOnly": true, + "type": "object", + "example": { + "CommandLine": "docker run --privileged", + "User Name": "aUser", + "UserId": "", + "ParentProcessId": 1593, + "DeviceId": "device-1" + } + } + } + }, + "IotAlert": { + "type": "object", + "properties": { + "properties": { + "readOnly": true, + "x-ms-client-flatten": true, + "$ref": "#/definitions/IotAlertProperties" + } + }, + "allOf": [{ + "$ref": "../../../common/v1/types.json#/definitions/Resource" + }] + }, + "IotAlertProperties": { + "type": "object", + "properties": { + }, + "allOf": [{ + "$ref": "#/definitions/CompactIotAlertProperties" + }] + } + }, + "parameters": { + "SolutionName": { + "name": "solutionName", + "in": "path", + "required": true, + "description": "The name of the IoT Security solution.", + "type": "string", + "x-ms-parameter-location": "method" + } + } +} \ No newline at end of file diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json index fedcee0e2098..fb4a89aa6987 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json @@ -123,6 +123,9 @@ "IotAlertTypeList": { "type": "object", "description": "List of alert types", + "required": [ + "value" + ], "properties": { "value": { "type": "array", @@ -149,6 +152,17 @@ }, "IotAlertTypeProperties": { "type": "object", + "required": [ + "displayName", + "alertSeverity", + "description", + "providerName", + "vendorName", + "remediationSteps", + "sourceSystem", + "productName", + "type" + ], "description": "IoT alert type information.", "properties": { "displayName": { From 1cbe44314521f8945f13d567ec68b3fc72d7ce42 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Thu, 21 May 2020 10:12:35 +0300 Subject: [PATCH 08/36] examples --- .../GetIoTAlert.json | 31 +++++++++++++++++++ .../GetIoTAlertList.json | 31 +++++++++++++++++++ .../stable/2019-08-01/iotAlert.json | 23 ++++++++------ 3 files changed, 76 insertions(+), 9 deletions(-) create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json new file mode 100644 index 000000000000..b2e13126b098 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "myGroup", + "solutionName": "mySolution", + "iotAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/analyticsModels/default/iotAlerts/903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "name": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/iotAlerts", + "properties": { + "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "compromisedEntity": "device-1", + "alertType": "IoT_PrivilegedContainer", + "startTimeUtc": "2020-05-13T06:32:25Z", + "extendedProperties": { + "CommandLine": "docker run --privileged", + "User Name": "aUser", + "UserId": "", + "ParentProcessId": 1593, + "DeviceId": "device-1" + } + } + } + } + } +} \ No newline at end of file diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json new file mode 100644 index 000000000000..efc291592ada --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "myGroup", + "solutionName": "mySolution", + "alertType": "IoT_PrivilegedContainer", + "since": "2020-05-12T06:32:25Z", + "until": "2020-05-14T06:32:25Z" + }, + "responses": { + "200": { + "body": { + "value": [{ + "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "compromisedEntity": "device-1", + "alertType": "IoT_PrivilegedContainer", + "startTimeUtc": "2020-05-13T06:32:25Z", + "extendedProperties": { + "CommandLine": "docker run --privileged", + "User Name": "aUser", + "UserId": "", + "ParentProcessId": 1593, + "DeviceId": "device-1" + } + }], + "nextLink": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/analyticsModels/default/iotAlerts?api-version=2019-08-01&$skipToken=903e76ff-17eb-4bac-ac8a-2bc31ab68fd8" + } + } + } +} \ No newline at end of file diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlert.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlert.json index 92a525462fa7..f8a60e4d149d 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlert.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlert.json @@ -138,16 +138,16 @@ "description": "IoT alert", "schema": { "$ref": "#/definitions/IotAlert" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../common/v1/types.json#/definitions/CloudError" - } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" } } } + } } }, "definitions": { @@ -174,11 +174,17 @@ "CompactIotAlertProperties": { "type": "object", "required": [ + "systemAlertId", "compromisedEntity", "alertType", "startTimeUtc" ], "properties": { + "systemAlertId": { + "readonly": true, + "type": "string", + "example": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8" + }, "compromisedEntity": { "readOnly": true, "type": "string", @@ -222,8 +228,7 @@ }, "IotAlertProperties": { "type": "object", - "properties": { - }, + "properties": {}, "allOf": [{ "$ref": "#/definitions/CompactIotAlertProperties" }] From faa57cb232c166dd596e8ff6c7fbd0f8ccf47506 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Thu, 21 May 2020 11:10:48 +0300 Subject: [PATCH 09/36] autorest warnings --- .../stable/2019-08-01/iotAlert.json | 28 ++++++----- .../stable/2019-08-01/iotAlertTypes.json | 50 ++++--------------- 2 files changed, 26 insertions(+), 52 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlert.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlert.json index f8a60e4d149d..5dc7b23e9cf1 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlert.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlert.json @@ -36,14 +36,14 @@ "get": { "x-ms-examples": { "Get IoT Alert Types": { - "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTAlerts.json" + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json" } }, "tags": [ "IoT Security Solution Analytics" ], "description": "List IoT alerts", - "operationId": "IotAlert_List", + "operationId": "IotAlerts_List", "parameters": [{ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" }, @@ -111,7 +111,7 @@ "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json" } }, - "operationId": "IotAlert_Get", + "operationId": "IotAlerts_Get", "description": "Get IoT alert", "parameters": [{ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" @@ -152,12 +152,11 @@ }, "definitions": { "CompactIotAlertPropertiesList": { + "description": "List of alerts", "type": "object", - "required": [ - "value" - ], "properties": { "value": { + "description": "List data", "readOnly": true, "type": "array", "items": { @@ -173,34 +172,34 @@ }, "CompactIotAlertProperties": { "type": "object", - "required": [ - "systemAlertId", - "compromisedEntity", - "alertType", - "startTimeUtc" - ], + "description": "Compact version of IoT alert properties", "properties": { "systemAlertId": { - "readonly": true, + "description": "Holds the product canonical identifier of the alert within the scope of a product", + "readOnly": true, "type": "string", "example": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8" }, "compromisedEntity": { + "description": "Display name of the main entity being reported on", "readOnly": true, "type": "string", "example": "device-1" }, "alertType": { + "description": "The type name of the alert", "readOnly": true, "type": "string", "example": "IoT_PrivilegedContainer" }, "startTimeUtc": { + "description": "The impact start time of the alert (the time of the first event or activity included in the alert)", "readOnly": true, "type": "string", "example": "2020-05-13T06:32:25Z" }, "extendedProperties": { + "description": "A bag of fields which extends the general alert properties", "readOnly": true, "type": "object", "example": { @@ -215,10 +214,12 @@ }, "IotAlert": { "type": "object", + "description": "Iot alert", "properties": { "properties": { "readOnly": true, "x-ms-client-flatten": true, + "description": "Iot alert properties", "$ref": "#/definitions/IotAlertProperties" } }, @@ -228,6 +229,7 @@ }, "IotAlertProperties": { "type": "object", + "description": "IoT alert properties", "properties": {}, "allOf": [{ "$ref": "#/definitions/CompactIotAlertProperties" diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json index fb4a89aa6987..1d7322a4f28d 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json @@ -123,9 +123,6 @@ "IotAlertTypeList": { "type": "object", "description": "List of alert types", - "required": [ - "value" - ], "properties": { "value": { "type": "array", @@ -152,31 +149,21 @@ }, "IotAlertTypeProperties": { "type": "object", - "required": [ - "displayName", - "alertSeverity", - "description", - "providerName", - "vendorName", - "remediationSteps", - "sourceSystem", - "productName", - "type" - ], "description": "IoT alert type information.", "properties": { - "displayName": { + "alertDisplayName": { "readOnly": true, "type": "string", "example": "Privileged container detected", - "description": "Display name of the alert type." + "description": "The display name of the alert" }, - "alertSeverity": { + "severity": { "readOnly": true, "type": "string", "example": "Medium", - "description": "Assessed alert severity.", + "description": "The severity of the alert", "enum": [ + "Informational", "Low", "Medium", "High" @@ -185,6 +172,9 @@ "name": "alertSeverity", "modelAsString": true, "values": [{ + "value": "Informational" + }, + { "value": "Low" }, { @@ -206,40 +196,22 @@ "readOnly": true, "type": "string", "example": "IoTSecurity", - "description": "Name of the alert type provider." + "description": "The name of the alert provider or internal partner" }, "vendorName": { "readOnly": true, "type": "string", "example": "Microsoft", - "description": "Name of the alert type vendor." + "description": "The name of the vendor that raise the alert" }, "remediationSteps": { "readOnly": true, - "description": "Recommended steps for remediation.", + "description": "Manual action items to take to remediate the alert", "type": "array", "items": { "type": "string", "example": "If the container doesn't need to run in privileged mode, remove the privileges from the container." } - }, - "sourceSystem": { - "readOnly": true, - "type": "string", - "example": "Detection", - "description": "Name of the source system." - }, - "productName": { - "readOnly": true, - "description": "Product name", - "type": "string", - "example": "Azure Security Center for IoT" - }, - "type": { - "readOnly": true, - "description": "Type of the alert", - "type": "string", - "example": "SecurityAlert" } } } From a39d38d5fa14bbd4ad5d67d4eafb6bd0bcf72e46 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Thu, 21 May 2020 11:13:26 +0300 Subject: [PATCH 10/36] added to readme --- .../stable/2019-08-01/{iotAlert.json => iotAlerts.json} | 0 specification/security/resource-manager/readme.md | 3 +++ 2 files changed, 3 insertions(+) rename specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/{iotAlert.json => iotAlerts.json} (100%) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlert.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json similarity index 100% rename from specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlert.json rename to specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md index 16d4ab9239c5..36f83f3e1fb5 100644 --- a/specification/security/resource-manager/readme.md +++ b/specification/security/resource-manager/readme.md @@ -148,6 +148,7 @@ input-file: - Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json - Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json - Microsoft.Security/stable/2019-08-01/iotAlertTypes.json +- Microsoft.Security/stable/2019-08-01/iotAlerts.json - Microsoft.Security/preview/2015-06-01-preview/locations.json - Microsoft.Security/preview/2015-06-01-preview/operations.json - Microsoft.Security/preview/2015-06-01-preview/tasks.json @@ -302,6 +303,7 @@ input-file: - Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json - Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json - Microsoft.Security/stable/2019-08-01/iotAlertTypes.json +- Microsoft.Security/stable/2019-08-01/iotAlerts.json # Needed when there is more than one input file override-info: @@ -398,6 +400,7 @@ input-file: - $(this-folder)/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json - $(this-folder)/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json - $(this-folder)/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json + - $(this-folder)/Microsoft.Security/stable/2019-08-01/iotAlerts.json - $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/serverVulnerabilityAssessments.json - $(this-folder)/Microsoft.Security/stable/2020-01-01/assessmentMetadata.json - $(this-folder)/Microsoft.Security/stable/2020-01-01/assessments.json From 779024eb797a27f562f86351285fcfb9a7957451 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Thu, 21 May 2020 11:23:57 +0300 Subject: [PATCH 11/36] update example --- .../IoTSecuritySolutionsAnalytics/GetIoTAlertType.json | 9 +++------ .../GetIoTAlertTypeList.json | 9 +++------ 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json index caa78dffa328..9793d19a93c7 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json @@ -13,17 +13,14 @@ "name": "IoT_PrivilegedContainer", "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/iotAlertTypes", "properties": { - "displayName": "Privileged container detected", - "alertSeverity": "Medium", + "alertDisplayName": "Privileged container detected", + "severity": "Medium", "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.", "providerName": "IoTSecurity", "vendorName": "Microsoft", "remediationSteps": [ "If the container doesn't need to run in privileged mode, remove the privileges from the container." - ], - "sourceSystem": "Detection", - "productName": "Azure Security Center for IoT", - "type": "SecurityAlert" + ] } } } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json index dedf4d2bb7c0..ac0199121ee8 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json @@ -13,17 +13,14 @@ "name": "IoT_PrivilegedContainer", "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/iotAlertTypes", "properties": { - "displayName": "Privileged container detected", - "alertSeverity": "Medium", + "alertDisplayName": "Privileged container detected", + "severity": "Medium", "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.", "providerName": "IoTSecurity", "vendorName": "Microsoft", "remediationSteps": [ "If the container doesn't need to run in privileged mode, remove the privileges from the container." - ], - "sourceSystem": "Detection", - "productName": "Azure Security Center for IoT", - "type": "SecurityAlert" + ] } }] } From 72d41b4634b2176690fa59cadada00f3eb129598 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Thu, 21 May 2020 13:17:53 +0300 Subject: [PATCH 12/36] From c5639c1ad44c44174e2c15a363ba1fe2ab667f24 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Thu, 21 May 2020 15:48:38 +0300 Subject: [PATCH 13/36] removed vendor --- .../IoTSecuritySolutionsAnalytics/GetIoTAlertType.json | 1 - .../IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json | 1 - .../Microsoft.Security/stable/2019-08-01/iotAlertTypes.json | 6 ------ 3 files changed, 8 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json index 9793d19a93c7..a51b130f2331 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json @@ -17,7 +17,6 @@ "severity": "Medium", "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.", "providerName": "IoTSecurity", - "vendorName": "Microsoft", "remediationSteps": [ "If the container doesn't need to run in privileged mode, remove the privileges from the container." ] diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json index ac0199121ee8..e4fec2931805 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json @@ -17,7 +17,6 @@ "severity": "Medium", "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.", "providerName": "IoTSecurity", - "vendorName": "Microsoft", "remediationSteps": [ "If the container doesn't need to run in privileged mode, remove the privileges from the container." ] diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json index 1d7322a4f28d..60c4670c52b2 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json @@ -198,12 +198,6 @@ "example": "IoTSecurity", "description": "The name of the alert provider or internal partner" }, - "vendorName": { - "readOnly": true, - "type": "string", - "example": "Microsoft", - "description": "The name of the vendor that raise the alert" - }, "remediationSteps": { "readOnly": true, "description": "Manual action items to take to remediate the alert", From 6b1fcb0c5aafb4ee2d6cbccf8c515a9c7a510d62 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Fri, 22 May 2020 10:14:37 +0300 Subject: [PATCH 14/36] fix example types --- .../GetIoTSecuritySolutionsSecurityAggregatedAlert.json | 2 +- .../GetIoTSecuritySolutionsSecurityAggregatedAlertList.json | 4 ++-- .../GetIoTSecuritySolutionsSecurityAnalytics.json | 2 +- .../GetIoTSecuritySolutionsSecurityAnalyticsList.json | 2 +- .../GetIoTSecuritySolutionsSecurityRecommendation.json | 2 +- .../GetIoTSecuritySolutionsSecurityRecommendationList.json | 4 ++-- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert.json index e5a4a8ad0a32..15000c2b1292 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert.json @@ -11,7 +11,7 @@ "body": { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Fail/2019-02-02", "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Fail/2019-02-02", - "type": "Microsoft.Security/IoTSecurityAggregatedAlert", + "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedAlerts", "properties": { "alertType": "IoT_Bruteforce_Fail", "alertDisplayName": "Failed Bruteforce", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList.json index a29bcea8950d..efdb32bef5d3 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList.json @@ -12,7 +12,7 @@ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Fail/2019-02-02", "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Fail/2019-02-02", - "type": "Microsoft.Security/IoTSecurityAggregatedAlert", + "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedAlerts", "properties": { "alertType": "IoT_Bruteforce_Fail", "alertDisplayName": "Failed Bruteforce", @@ -43,7 +43,7 @@ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Success/2019-02-02", "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Success/2019-02-02", - "type": "Microsoft.Security/IoTSecurityAggregatedAlert", + "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedAlerts", "properties": { "alertType": "IoT_Bruteforce_Success", "alertDisplayName": "Successful Bruteforce", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json index a7337a494529..d46451067bc4 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json @@ -10,7 +10,7 @@ "body": { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", - "type": "Microsoft.Security/IoTSecuritySolutionAnalyticsModel", + "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels", "properties": { "metrics": { "high": 5, diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList.json index aa75fced7adf..05f3130b231d 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList.json @@ -12,7 +12,7 @@ { "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", - "type": "Microsoft.Security/IoTSecuritySolutionAnalyticsModelList", + "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels", "properties": { "metrics": { "high": 5, diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation.json index 51b44a0c90c2..82d08f53e634 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation.json @@ -11,7 +11,7 @@ "body": { "id": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice", "name": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice", - "type": "Microsoft.Security/IoTSecurityAggregatedRecommendation", + "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedRecommendations", "properties": { "recommendationName": "OpenPortsOnDevice", "recommendationDisplayName": "Permissive firewall policy in one of the chains was found", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList.json index 3a331b30297d..84e6845afc78 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList.json @@ -12,7 +12,7 @@ { "id": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice", "name": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice", - "type": "Microsoft.Security/IoTSecurityAggregatedRecommendation", + "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedRecommendations", "properties": { "recommendationName": "OpenPortsOnDevice", "recommendationDisplayName": "Permissive firewall policy in one of the chains was found", @@ -29,7 +29,7 @@ { "id": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/TooLargeIPRange", "name": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_InstallAgent", - "type": "Microsoft.Security/IoTSecurityAggregatedRecommendation", + "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedRecommendations", "properties": { "recommendationName": "TooLargeIPRange", "recommendationDisplayName": "Permissive firewall policy in one of the chains was found", From 53008c7b46d944f7f589f7b7cd3eab1f560e7c7f Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Sun, 24 May 2020 18:14:59 +0300 Subject: [PATCH 15/36] Updates --- .../GetIoTAlert.json | 30 +++++----- .../GetIoTAlertList.json | 11 ++-- .../GetIoTAlertType.json | 1 + .../GetIoTAlertTypeList.json | 1 + .../stable/2019-08-01/iotAlertTypes.json | 6 ++ .../stable/2019-08-01/iotAlerts.json | 60 +++++++------------ 6 files changed, 51 insertions(+), 58 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json index b2e13126b098..202f40f5b9af 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json @@ -9,22 +9,20 @@ "responses": { "200": { "body": { - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/analyticsModels/default/iotAlerts/903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", - "name": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", - "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/iotAlerts", - "properties": { - "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", - "compromisedEntity": "device-1", - "alertType": "IoT_PrivilegedContainer", - "startTimeUtc": "2020-05-13T06:32:25Z", - "extendedProperties": { - "CommandLine": "docker run --privileged", - "User Name": "aUser", - "UserId": "", - "ParentProcessId": 1593, - "DeviceId": "device-1" - } - } + "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "compromisedEntity": "device-1", + "alertType": "IoT_PrivilegedContainer", + "startTimeUtc": "2020-05-13T06:32:25Z", + "endTimeUtc": "2020-05-13T06:32:25Z", + "extendedProperties": { + "CommandLine": "docker run --privileged", + "DeviceId": "device-1" + }, + "entities": [{ + "$id": "1", + "CommandLine": "docker run --privileged", + "Type": "process" + }] } } } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json index efc291592ada..e4fffa4e94d9 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json @@ -16,13 +16,16 @@ "compromisedEntity": "device-1", "alertType": "IoT_PrivilegedContainer", "startTimeUtc": "2020-05-13T06:32:25Z", + "endTimeUtc": "2020-05-13T06:32:25Z", "extendedProperties": { "CommandLine": "docker run --privileged", - "User Name": "aUser", - "UserId": "", - "ParentProcessId": 1593, "DeviceId": "device-1" - } + }, + "entities": [{ + "$id": "1", + "CommandLine": "docker run --privileged", + "Type": "process" + }] }], "nextLink": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/analyticsModels/default/iotAlerts?api-version=2019-08-01&$skipToken=903e76ff-17eb-4bac-ac8a-2bc31ab68fd8" } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json index a51b130f2331..9793d19a93c7 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json @@ -17,6 +17,7 @@ "severity": "Medium", "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.", "providerName": "IoTSecurity", + "vendorName": "Microsoft", "remediationSteps": [ "If the container doesn't need to run in privileged mode, remove the privileges from the container." ] diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json index e4fec2931805..ac0199121ee8 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json @@ -17,6 +17,7 @@ "severity": "Medium", "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.", "providerName": "IoTSecurity", + "vendorName": "Microsoft", "remediationSteps": [ "If the container doesn't need to run in privileged mode, remove the privileges from the container." ] diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json index 60c4670c52b2..047e10a1b084 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json @@ -198,6 +198,12 @@ "example": "IoTSecurity", "description": "The name of the alert provider or internal partner" }, + "vendorName": { + "readOnly": true, + "type": "string", + "example": "Microsoft", + "description": "The name of the vendor that raised the alert" + }, "remediationSteps": { "readOnly": true, "description": "Manual action items to take to remediate the alert", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json index 5dc7b23e9cf1..cdf643ef0bdc 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json @@ -89,7 +89,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/CompactIotAlertPropertiesList" + "$ref": "#/definitions/IotAlertPropertiesList" } }, "default": { @@ -151,7 +151,7 @@ } }, "definitions": { - "CompactIotAlertPropertiesList": { + "IotAlertPropertiesList": { "description": "List of alerts", "type": "object", "properties": { @@ -160,7 +160,7 @@ "readOnly": true, "type": "array", "items": { - "$ref": "#/definitions/CompactIotAlertProperties" + "$ref": "#/definitions/IotAlertProperties" } }, "nextLink": { @@ -170,9 +170,9 @@ } } }, - "CompactIotAlertProperties": { + "IotAlertProperties": { "type": "object", - "description": "Compact version of IoT alert properties", + "description": "IoT alert properties", "properties": { "systemAlertId": { "description": "Holds the product canonical identifier of the alert within the scope of a product", @@ -198,42 +198,26 @@ "type": "string", "example": "2020-05-13T06:32:25Z" }, - "extendedProperties": { - "description": "A bag of fields which extends the general alert properties", + "endTimeUtc": { + "description": "The impact end time of the alert (the time of the last event or activity included in the alert)", "readOnly": true, - "type": "object", - "example": { - "CommandLine": "docker run --privileged", - "User Name": "aUser", - "UserId": "", - "ParentProcessId": 1593, - "DeviceId": "device-1" - } + "type": "string", + "example": "2020-05-13T06:32:25Z" + }, + "entities": { + "type": "array", + "items": { + "type": "object" + }, + "example": [ + { + "$id": "1", + "CommandLine": "docker run --privileged", + "Type": "process" + } + ] } } - }, - "IotAlert": { - "type": "object", - "description": "Iot alert", - "properties": { - "properties": { - "readOnly": true, - "x-ms-client-flatten": true, - "description": "Iot alert properties", - "$ref": "#/definitions/IotAlertProperties" - } - }, - "allOf": [{ - "$ref": "../../../common/v1/types.json#/definitions/Resource" - }] - }, - "IotAlertProperties": { - "type": "object", - "description": "IoT alert properties", - "properties": {}, - "allOf": [{ - "$ref": "#/definitions/CompactIotAlertProperties" - }] } }, "parameters": { From 7ffae80b2be8f163ddda2fe9efb522d43a6e7bec Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Sun, 24 May 2020 19:15:46 +0300 Subject: [PATCH 16/36] remove vendor --- .../IoTSecuritySolutionsAnalytics/GetIoTAlertType.json | 1 - .../IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json | 1 - .../Microsoft.Security/stable/2019-08-01/iotAlertTypes.json | 6 ------ 3 files changed, 8 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json index 9793d19a93c7..a51b130f2331 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json @@ -17,7 +17,6 @@ "severity": "Medium", "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.", "providerName": "IoTSecurity", - "vendorName": "Microsoft", "remediationSteps": [ "If the container doesn't need to run in privileged mode, remove the privileges from the container." ] diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json index ac0199121ee8..e4fec2931805 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json @@ -17,7 +17,6 @@ "severity": "Medium", "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.", "providerName": "IoTSecurity", - "vendorName": "Microsoft", "remediationSteps": [ "If the container doesn't need to run in privileged mode, remove the privileges from the container." ] diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json index 047e10a1b084..60c4670c52b2 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json @@ -198,12 +198,6 @@ "example": "IoTSecurity", "description": "The name of the alert provider or internal partner" }, - "vendorName": { - "readOnly": true, - "type": "string", - "example": "Microsoft", - "description": "The name of the vendor that raised the alert" - }, "remediationSteps": { "readOnly": true, "description": "Manual action items to take to remediate the alert", From dcb35e9679fd287a2b04ec425c5ce09241facf35 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Mon, 25 May 2020 09:38:11 +0300 Subject: [PATCH 17/36] fix def reference --- .../Microsoft.Security/stable/2019-08-01/iotAlerts.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json index cdf643ef0bdc..9569c903a717 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json @@ -137,7 +137,7 @@ "200": { "description": "IoT alert", "schema": { - "$ref": "#/definitions/IotAlert" + "$ref": "#/definitions/IotAlertProperties" } }, "default": { From fe611d7c28115dd8d679a8f8cbac10489f06c499 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Mon, 25 May 2020 16:12:39 +0300 Subject: [PATCH 18/36] updates --- .../GetIoTAlertList.json | 4 +- .../GetIoTAlertType.json | 4 +- .../GetIoTAlertTypeList.json | 4 +- .../stable/2019-08-01/iotAlertTypes.json | 83 +++++++++++++++++++ .../stable/2019-08-01/iotAlerts.json | 10 ++- 5 files changed, 97 insertions(+), 8 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json index e4fffa4e94d9..a12f1ed5133f 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json @@ -5,8 +5,8 @@ "resourceGroupName": "myGroup", "solutionName": "mySolution", "alertType": "IoT_PrivilegedContainer", - "since": "2020-05-12T06:32:25Z", - "until": "2020-05-14T06:32:25Z" + "startTimeUtc>": "2020-05-12T06:32:25Z", + "startTimeUtc<": "2020-05-14T06:32:25Z" }, "responses": { "200": { diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json index a51b130f2331..522665597ed9 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json @@ -19,7 +19,9 @@ "providerName": "IoTSecurity", "remediationSteps": [ "If the container doesn't need to run in privileged mode, remove the privileges from the container." - ] + ], + "intent": "Exploitation,Execution", + "vendorName": "Microsoft" } } } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json index e4fec2931805..518f7630b188 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json @@ -19,7 +19,9 @@ "providerName": "IoTSecurity", "remediationSteps": [ "If the container doesn't need to run in privileged mode, remove the privileges from the container." - ] + ], + "intent": "Exploitation,Execution", + "vendorName": "Microsoft" } }] } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json index 60c4670c52b2..2b8f8464fc66 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json @@ -198,6 +198,89 @@ "example": "IoTSecurity", "description": "The name of the alert provider or internal partner" }, + "vendorName": { + "readOnly": true, + "type": "string", + "example": "Microsoft", + "description": "The name of the vendor that raise the alert" + }, + "intent": { + "readOnly": true, + "type": "string", + "example": "Exploitation,Execution", + "description": "Kill chain related intent behind the alert. Could contain multiple enum values (separated by commas)", + "enum": [ + "Unknown", + "PreAttack", + "InitialAccess", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Execution", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact", + "Probing", + "Exploitation" + ], + "x-ms-enum": { + "name": "alertIntent", + "modelAsString": true, + "values": [{ + "value": "Unknown" + }, + { + "value": "PreAttack" + }, + { + "value": "InitialAccess" + }, + { + "value": "Persistence" + }, + { + "value": "PrivilegeEscalation" + }, + { + "value": "DefenseEvasion" + }, + { + "value": "CredentialAccess" + }, + { + "value": "Discovery" + }, + { + "value": "LateralMovement" + }, + { + "value": "Execution" + }, + { + "value": "Collection" + }, + { + "value": "Exfiltration" + }, + { + "value": "CommandAndControl" + }, + { + "value": "Impact" + }, + { + "value": "Probing" + }, + { + "value": "Exploitation" + } + ] + } + }, "remediationSteps": { "readOnly": true, "description": "Manual action items to take to remediate the alert", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json index 9569c903a717..f701613fcff8 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json @@ -58,17 +58,19 @@ }, { "in": "query", - "name": "since", + "name": "startTimeUtc>", + "x-ms-client-name": "minStartTimeUtc", "required": false, "type": "string", - "description": "Filter by minimum startTime (ISO 8601 format)" + "description": "Filter by minimum startTimeUtc (ISO 8601 format)" }, { "in": "query", - "name": "until", + "name": "startTimeUtc<", + "x-ms-client-name": "maxStartTimeUtc", "required": false, "type": "string", - "description": "Filter by maximum startTime (ISO 8601 format)" + "description": "Filter by maximum startTimeUtc (ISO 8601 format)" }, { "in": "query", From 8947bdcc45621f61139e82946b512b7dfb925c1a Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Sun, 31 May 2020 08:52:00 +0300 Subject: [PATCH 19/36] limit and properties property --- .../GetIoTAlert.json | 31 +++++++++-------- .../GetIoTAlertList.json | 34 ++++++++++--------- .../stable/2019-08-01/iotAlerts.json | 26 +++++++++++--- 3 files changed, 55 insertions(+), 36 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json index 202f40f5b9af..423da7ee0ab9 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json @@ -9,21 +9,22 @@ "responses": { "200": { "body": { - "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", - "compromisedEntity": "device-1", - "alertType": "IoT_PrivilegedContainer", - "startTimeUtc": "2020-05-13T06:32:25Z", - "endTimeUtc": "2020-05-13T06:32:25Z", - "extendedProperties": { - "CommandLine": "docker run --privileged", - "DeviceId": "device-1" - }, - "entities": [{ - "$id": "1", - "CommandLine": "docker run --privileged", - "Type": "process" - }] - } + "properties": { + "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "compromisedEntity": "device-1", + "alertType": "IoT_PrivilegedContainer", + "startTimeUtc": "2020-05-13T06:32:25Z", + "endTimeUtc": "2020-05-13T06:32:25Z", + "extendedProperties": { + "CommandLine": "docker run --privileged", + "DeviceId": "device-1" + }, + "entities": [{ + "$id": "1", + "CommandLine": "docker run --privileged", + "Type": "process" + }] + }} } } } \ No newline at end of file diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json index a12f1ed5133f..76eb6144562b 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json @@ -6,27 +6,29 @@ "solutionName": "mySolution", "alertType": "IoT_PrivilegedContainer", "startTimeUtc>": "2020-05-12T06:32:25Z", - "startTimeUtc<": "2020-05-14T06:32:25Z" + "startTimeUtc<": "2020-05-14T06:32:25Z", + "$limit": 1 }, "responses": { "200": { "body": { "value": [{ - "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", - "compromisedEntity": "device-1", - "alertType": "IoT_PrivilegedContainer", - "startTimeUtc": "2020-05-13T06:32:25Z", - "endTimeUtc": "2020-05-13T06:32:25Z", - "extendedProperties": { - "CommandLine": "docker run --privileged", - "DeviceId": "device-1" - }, - "entities": [{ - "$id": "1", - "CommandLine": "docker run --privileged", - "Type": "process" - }] - }], + "properties": { + "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "compromisedEntity": "device-1", + "alertType": "IoT_PrivilegedContainer", + "startTimeUtc": "2020-05-13T06:32:25Z", + "endTimeUtc": "2020-05-13T06:32:25Z", + "extendedProperties": { + "CommandLine": "docker run --privileged", + "DeviceId": "device-1" + }, + "entities": [{ + "$id": "1", + "CommandLine": "docker run --privileged", + "Type": "process" + }] + }}], "nextLink": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/analyticsModels/default/iotAlerts?api-version=2019-08-01&$skipToken=903e76ff-17eb-4bac-ac8a-2bc31ab68fd8" } } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json index f701613fcff8..09fc8019bf7e 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json @@ -79,6 +79,13 @@ "type": "string", "description": "Filter by alert type" }, + { + "in": "query", + "name": "$limit", + "required": false, + "type": "string", + "description": "Limit the number of items returned in a single page" + }, { "in": "query", "name": "$skipToken", @@ -91,7 +98,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/IotAlertPropertiesList" + "$ref": "#/definitions/IotAlertList" } }, "default": { @@ -139,7 +146,7 @@ "200": { "description": "IoT alert", "schema": { - "$ref": "#/definitions/IotAlertProperties" + "$ref": "#/definitions/IotAlert" } }, "default": { @@ -153,8 +160,8 @@ } }, "definitions": { - "IotAlertPropertiesList": { - "description": "List of alerts", + "IotAlertList": { + "description": "List of IoT alerts", "type": "object", "properties": { "value": { @@ -162,7 +169,7 @@ "readOnly": true, "type": "array", "items": { - "$ref": "#/definitions/IotAlertProperties" + "$ref": "#/definitions/IotAlert" } }, "nextLink": { @@ -172,6 +179,15 @@ } } }, + "IotAlert": { + "type": "object", + "description": "IoT alert", + "properties": { + "properties": { + "$ref": "#/definitions/IotAlertProperties" + } + } + }, "IotAlertProperties": { "type": "object", "description": "IoT alert properties", From bd0a0d6486b98388e3de15875820056aaf8e5c87 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Sun, 31 May 2020 08:53:10 +0300 Subject: [PATCH 20/36] Remove alert type list --- .../GetIoTAlertTypeList.json | 30 ----------- .../stable/2019-08-01/iotAlertTypes.json | 54 ------------------- 2 files changed, 84 deletions(-) delete mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json deleted file mode 100644 index 518f7630b188..000000000000 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "parameters": { - "api-version": "2019-08-01", - "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "resourceGroupName": "myGroup", - "solutionName": "mySolution" - }, - "responses": { - "200": { - "body": { - "value": [{ - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/analyticsModels/default/iotAlertTypes", - "name": "IoT_PrivilegedContainer", - "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/iotAlertTypes", - "properties": { - "alertDisplayName": "Privileged container detected", - "severity": "Medium", - "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.", - "providerName": "IoTSecurity", - "remediationSteps": [ - "If the container doesn't need to run in privileged mode, remove the privileges from the container." - ], - "intent": "Exploitation,Execution", - "vendorName": "Microsoft" - } - }] - } - } - } -} \ No newline at end of file diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json index 2b8f8464fc66..ddb4d884b161 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json @@ -32,47 +32,6 @@ } }, "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/iotAlertTypes": { - "get": { - "x-ms-examples": { - "Get IoT Alert Types": { - "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json" - } - }, - "tags": [ - "IoT Security Solution Analytics" - ], - "description": "List IoT alert types", - "operationId": "IotAlertTypes_List", - "parameters": [{ - "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" - }, - { - "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" - }, - { - "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/SolutionName" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/IotAlertTypeList" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../common/v1/types.json#/definitions/CloudError" - } - } - } - } - }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/iotAlertTypes/{iotAlertTypeName}": { "get": { "x-ms-examples": { @@ -120,19 +79,6 @@ } }, "definitions": { - "IotAlertTypeList": { - "type": "object", - "description": "List of alert types", - "properties": { - "value": { - "type": "array", - "description": "List data", - "items": { - "$ref": "#/definitions/IotAlertType" - } - } - } - }, "IotAlertType": { "type": "object", "description": "IoT alert type.", From d00ba92cc728a6ef8ae5086ebab8858983f9b442 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Sun, 31 May 2020 09:29:26 +0300 Subject: [PATCH 21/36] extended properties vs entities --- .../GetIoTAlert.json | 10 ++++---- .../GetIoTAlertList.json | 10 ++++---- .../stable/2019-08-01/iotAlerts.json | 24 +++++++++---------- 3 files changed, 19 insertions(+), 25 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json index 423da7ee0ab9..2c4e8530f1f3 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json @@ -17,13 +17,11 @@ "endTimeUtc": "2020-05-13T06:32:25Z", "extendedProperties": { "CommandLine": "docker run --privileged", + "User Name": "aUser", + "UserId": "", + "ParentProcessId": 1593, "DeviceId": "device-1" - }, - "entities": [{ - "$id": "1", - "CommandLine": "docker run --privileged", - "Type": "process" - }] + } }} } } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json index 76eb6144562b..437308af16f6 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json @@ -21,13 +21,11 @@ "endTimeUtc": "2020-05-13T06:32:25Z", "extendedProperties": { "CommandLine": "docker run --privileged", + "User Name": "aUser", + "UserId": "", + "ParentProcessId": 1593, "DeviceId": "device-1" - }, - "entities": [{ - "$id": "1", - "CommandLine": "docker run --privileged", - "Type": "process" - }] + } }}], "nextLink": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/analyticsModels/default/iotAlerts?api-version=2019-08-01&$skipToken=903e76ff-17eb-4bac-ac8a-2bc31ab68fd8" } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json index 09fc8019bf7e..d71e54a7892b 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json @@ -83,7 +83,7 @@ "in": "query", "name": "$limit", "required": false, - "type": "string", + "type": "integer", "description": "Limit the number of items returned in a single page" }, { @@ -222,18 +222,16 @@ "type": "string", "example": "2020-05-13T06:32:25Z" }, - "entities": { - "type": "array", - "items": { - "type": "object" - }, - "example": [ - { - "$id": "1", - "CommandLine": "docker run --privileged", - "Type": "process" - } - ] + "extendedProperties": { + "type": "object", + "description": "A bag of fields which extends the alert information", + "example": { + "CommandLine": "docker run --privileged", + "User Name": "aUser", + "UserId": "", + "ParentProcessId": 1593, + "DeviceId": "device-1" + } } } } From 1f80c4b396ec037a491f95992f9f66d3e8039409 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Sun, 31 May 2020 10:17:20 +0300 Subject: [PATCH 22/36] Description --- .../Microsoft.Security/stable/2019-08-01/iotAlerts.json | 1 + 1 file changed, 1 insertion(+) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json index d71e54a7892b..b3fdf7f5b70c 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json @@ -184,6 +184,7 @@ "description": "IoT alert", "properties": { "properties": { + "description": "Alert properties", "$ref": "#/definitions/IotAlertProperties" } } From 7cc807d956b95807a0951263c6aab51133110cd4 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Sun, 31 May 2020 10:52:04 +0300 Subject: [PATCH 23/36] entities --- .../IoTSecuritySolutionsAnalytics/GetIoTAlert.json | 5 +++++ .../GetIoTAlertList.json | 5 +++++ .../stable/2019-08-01/iotAlerts.json | 13 +++++++++++++ 3 files changed, 23 insertions(+) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json index 2c4e8530f1f3..392140dcb47f 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json @@ -15,6 +15,11 @@ "alertType": "IoT_PrivilegedContainer", "startTimeUtc": "2020-05-13T06:32:25Z", "endTimeUtc": "2020-05-13T06:32:25Z", + "entities": [{ + "$id": "1", + "CommandLine": "docker run --privileged", + "Type": "process" + }], "extendedProperties": { "CommandLine": "docker run --privileged", "User Name": "aUser", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json index 437308af16f6..8683992fb695 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json @@ -19,6 +19,11 @@ "alertType": "IoT_PrivilegedContainer", "startTimeUtc": "2020-05-13T06:32:25Z", "endTimeUtc": "2020-05-13T06:32:25Z", + "entities": [{ + "$id": "1", + "CommandLine": "docker run --privileged", + "Type": "process" + }], "extendedProperties": { "CommandLine": "docker run --privileged", "User Name": "aUser", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json index b3fdf7f5b70c..c0afcf7a7f89 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json @@ -223,6 +223,19 @@ "type": "string", "example": "2020-05-13T06:32:25Z" }, + "entities": { + "type": "array", + "items": { + "type": "object" + }, + "example": [ + { + "$id": "1", + "CommandLine": "docker run --privileged", + "Type": "process" + } + ] + }, "extendedProperties": { "type": "object", "description": "A bag of fields which extends the alert information", From 240f3774e68d687d87570a64baa168234e9fec01 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Sun, 31 May 2020 11:19:18 +0300 Subject: [PATCH 24/36] Ran prettier --- .../GetIoTAlert.json | 11 +++-- .../GetIoTAlertList.json | 45 ++++++++++--------- .../GetIoTAlertType.json | 2 +- .../stable/2019-08-01/iotAlertTypes.json | 45 +++++++++++-------- .../stable/2019-08-01/iotAlerts.json | 20 +++++---- 5 files changed, 71 insertions(+), 52 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json index 392140dcb47f..a93e1cf0bc37 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json @@ -15,11 +15,13 @@ "alertType": "IoT_PrivilegedContainer", "startTimeUtc": "2020-05-13T06:32:25Z", "endTimeUtc": "2020-05-13T06:32:25Z", - "entities": [{ + "entities": [ + { "$id": "1", "CommandLine": "docker run --privileged", "Type": "process" - }], + } + ], "extendedProperties": { "CommandLine": "docker run --privileged", "User Name": "aUser", @@ -27,7 +29,8 @@ "ParentProcessId": 1593, "DeviceId": "device-1" } - }} + } + } } } -} \ No newline at end of file +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json index 8683992fb695..776c06980dfa 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json @@ -12,28 +12,33 @@ "responses": { "200": { "body": { - "value": [{ - "properties": { - "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", - "compromisedEntity": "device-1", - "alertType": "IoT_PrivilegedContainer", - "startTimeUtc": "2020-05-13T06:32:25Z", - "endTimeUtc": "2020-05-13T06:32:25Z", - "entities": [{ - "$id": "1", - "CommandLine": "docker run --privileged", - "Type": "process" - }], - "extendedProperties": { - "CommandLine": "docker run --privileged", - "User Name": "aUser", - "UserId": "", - "ParentProcessId": 1593, - "DeviceId": "device-1" + "value": [ + { + "properties": { + "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "compromisedEntity": "device-1", + "alertType": "IoT_PrivilegedContainer", + "startTimeUtc": "2020-05-13T06:32:25Z", + "endTimeUtc": "2020-05-13T06:32:25Z", + "entities": [ + { + "$id": "1", + "CommandLine": "docker run --privileged", + "Type": "process" + } + ], + "extendedProperties": { + "CommandLine": "docker run --privileged", + "User Name": "aUser", + "UserId": "", + "ParentProcessId": 1593, + "DeviceId": "device-1" + } } - }}], + } + ], "nextLink": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/analyticsModels/default/iotAlerts?api-version=2019-08-01&$skipToken=903e76ff-17eb-4bac-ac8a-2bc31ab68fd8" } } } -} \ No newline at end of file +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json index 522665597ed9..a3fea958ade0 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json @@ -26,4 +26,4 @@ } } } -} \ No newline at end of file +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json index ddb4d884b161..e4f19254412b 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json @@ -15,11 +15,13 @@ "produces": [ "application/json" ], - "security": [{ - "azure_auth": [ - "user_impersonation" - ] - }], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], "securityDefinitions": { "azure_auth": { "type": "oauth2", @@ -41,7 +43,8 @@ }, "operationId": "IotAlertTypes_Get", "description": "Get IoT alert type", - "parameters": [{ + "parameters": [ + { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" }, { @@ -66,16 +69,16 @@ "description": "IoT alert type", "schema": { "$ref": "#/definitions/IotAlertType" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../common/v1/types.json#/definitions/CloudError" - } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" } } } + } } }, "definitions": { @@ -89,9 +92,11 @@ "$ref": "#/definitions/IotAlertTypeProperties" } }, - "allOf": [{ - "$ref": "../../../common/v1/types.json#/definitions/Resource" - }] + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] }, "IotAlertTypeProperties": { "type": "object", @@ -117,7 +122,8 @@ "x-ms-enum": { "name": "alertSeverity", "modelAsString": true, - "values": [{ + "values": [ + { "value": "Informational" }, { @@ -176,7 +182,8 @@ "x-ms-enum": { "name": "alertIntent", "modelAsString": true, - "values": [{ + "values": [ + { "value": "Unknown" }, { @@ -249,4 +256,4 @@ "x-ms-parameter-location": "method" } } -} \ No newline at end of file +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json index c0afcf7a7f89..db8e2b72d34e 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json @@ -15,11 +15,13 @@ "produces": [ "application/json" ], - "security": [{ - "azure_auth": [ - "user_impersonation" - ] - }], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], "securityDefinitions": { "azure_auth": { "type": "oauth2", @@ -44,7 +46,8 @@ ], "description": "List IoT alerts", "operationId": "IotAlerts_List", - "parameters": [{ + "parameters": [ + { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" }, { @@ -122,7 +125,8 @@ }, "operationId": "IotAlerts_Get", "description": "Get IoT alert", - "parameters": [{ + "parameters": [ + { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" }, { @@ -260,4 +264,4 @@ "x-ms-parameter-location": "method" } } -} \ No newline at end of file +} From 9ef922d68f5284f52a2700b8fc320a7fade8cac7 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Sun, 31 May 2020 11:54:06 +0300 Subject: [PATCH 25/36] format --- .../Microsoft.Security/stable/2019-08-01/iotAlerts.json | 1 + 1 file changed, 1 insertion(+) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json index db8e2b72d34e..297456105019 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json @@ -87,6 +87,7 @@ "name": "$limit", "required": false, "type": "integer", + "format": "int32", "description": "Limit the number of items returned in a single page" }, { From 62a66e7f2645adde531f34e184971883e3e826a3 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Tue, 9 Jun 2020 16:34:31 +0300 Subject: [PATCH 26/36] Added totalCount, fixed nextLink example --- .../IoTSecuritySolutionsAnalytics/GetIoTAlertList.json | 3 ++- .../Microsoft.Security/stable/2019-08-01/iotAlerts.json | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json index 776c06980dfa..bd23ee057117 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json @@ -37,7 +37,8 @@ } } ], - "nextLink": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/analyticsModels/default/iotAlerts?api-version=2019-08-01&$skipToken=903e76ff-17eb-4bac-ac8a-2bc31ab68fd8" + "nextLink": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/analyticsModels/default/iotAlerts?api-version=2019-08-01&alertType=IoT_PrivilegedContainer&startTimeUtc>=2020-05-12T06:32:25Z&startTimeUtc<=2020-05-14T06:32:25Z&$limit=1&$skipToken=903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "totalCount": 23 } } } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json index 297456105019..c928d3fc6b80 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json @@ -181,6 +181,12 @@ "readOnly": true, "type": "string", "description": "When available, follow the URI to get the next page of data" + }, + "totalCount": { + "readOnly": true, + "format": "int32", + "type": "integer", + "description": "Total count of alerts that conforms with the given filter options (not affected by page size)" } } }, From 8b3667128e27a0017041803b33e94ad19813343f Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Thu, 11 Jun 2020 13:08:03 +0300 Subject: [PATCH 27/36] Update types --- .../examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json | 3 +++ .../IoTSecuritySolutionsAnalytics/GetIoTAlertList.json | 2 +- .../IoTSecuritySolutionsAnalytics/GetIoTAlertType.json | 4 ++-- .../Microsoft.Security/stable/2019-08-01/iotAlertTypes.json | 2 +- .../Microsoft.Security/stable/2019-08-01/iotAlerts.json | 4 ++-- 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json index a93e1cf0bc37..d93b8cd32eb9 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json @@ -9,6 +9,9 @@ "responses": { "200": { "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/iotAlerts/903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "name": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/iotAlerts", "properties": { "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", "compromisedEntity": "device-1", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json index bd23ee057117..af86889cbe2f 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json @@ -37,7 +37,7 @@ } } ], - "nextLink": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/analyticsModels/default/iotAlerts?api-version=2019-08-01&alertType=IoT_PrivilegedContainer&startTimeUtc>=2020-05-12T06:32:25Z&startTimeUtc<=2020-05-14T06:32:25Z&$limit=1&$skipToken=903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "nextLink": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/iotAlerts?api-version=2019-08-01&alertType=IoT_PrivilegedContainer&startTimeUtc>=2020-05-12T06:32:25Z&startTimeUtc<=2020-05-14T06:32:25Z&$limit=1&$skipToken=903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", "totalCount": 23 } } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json index a3fea958ade0..59ef397db7a3 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json @@ -9,9 +9,9 @@ "responses": { "200": { "body": { - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/analyticsModels/default/iotAlertTypes/IoT_PrivilegedContainer", + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/iotAlertTypes/IoT_PrivilegedContainer", "name": "IoT_PrivilegedContainer", - "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/iotAlertTypes", + "type": "Microsoft.Security/iotSecuritySolutions/iotAlertTypes", "properties": { "alertDisplayName": "Privileged container detected", "severity": "Medium", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json index e4f19254412b..bdf5c6a16eb9 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json @@ -34,7 +34,7 @@ } }, "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/iotAlertTypes/{iotAlertTypeName}": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/iotAlertTypes/{iotAlertTypeName}": { "get": { "x-ms-examples": { "Get IoT Alert Type": { diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json index c928d3fc6b80..fa6631723cb6 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json @@ -34,7 +34,7 @@ } }, "paths": { - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/iotAlerts": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/iotAlerts": { "get": { "x-ms-examples": { "Get IoT Alert Types": { @@ -117,7 +117,7 @@ } } }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/iotAlerts/{iotAlertId}": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/iotAlerts/{iotAlertId}": { "get": { "x-ms-examples": { "Get IoT Alert Type": { From 0ceb11ca39aaa80a95ac182775b0d13be2ad6495 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Thu, 11 Jun 2020 13:08:54 +0300 Subject: [PATCH 28/36] move examples --- .../GetIoTAlertType.json | 0 .../{IoTSecuritySolutionsAnalytics => IotAlerts}/GetIoTAlert.json | 0 .../GetIoTAlertList.json | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/{IoTSecuritySolutionsAnalytics => IotAlertTypes}/GetIoTAlertType.json (100%) rename specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/{IoTSecuritySolutionsAnalytics => IotAlerts}/GetIoTAlert.json (100%) rename specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/{IoTSecuritySolutionsAnalytics => IotAlerts}/GetIoTAlertList.json (100%) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlertTypes/GetIoTAlertType.json similarity index 100% rename from specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json rename to specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlertTypes/GetIoTAlertType.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlerts/GetIoTAlert.json similarity index 100% rename from specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json rename to specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlerts/GetIoTAlert.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlerts/GetIoTAlertList.json similarity index 100% rename from specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json rename to specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlerts/GetIoTAlertList.json From 8ce92739dbbe46803081d703c717b076df7850ab Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Thu, 11 Jun 2020 13:11:58 +0300 Subject: [PATCH 29/36] List alert types --- .../IotAlertTypes/GetIoTAlertTypeList.json | 30 +++++++++++ .../stable/2019-08-01/iotAlertTypes.json | 54 +++++++++++++++++++ 2 files changed, 84 insertions(+) create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlertTypes/GetIoTAlertTypeList.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlertTypes/GetIoTAlertTypeList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlertTypes/GetIoTAlertTypeList.json new file mode 100644 index 000000000000..8cd3db99abfb --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlertTypes/GetIoTAlertTypeList.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "myGroup", + "solutionName": "mySolution" + }, + "responses": { + "200": { + "body": { + "value": [{ + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/iotAlertTypes", + "name": "IoT_PrivilegedContainer", + "type": "Microsoft.Security/iotSecuritySolutions/iotAlertTypes", + "properties": { + "alertDisplayName": "Privileged container detected", + "severity": "Medium", + "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.", + "providerName": "IoTSecurity", + "remediationSteps": [ + "If the container doesn't need to run in privileged mode, remove the privileges from the container." + ], + "intent": "Exploitation,Execution", + "vendorName": "Microsoft" + } + }] + } + } + } +} \ No newline at end of file diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json index bdf5c6a16eb9..08955e5b405a 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json @@ -34,6 +34,47 @@ } }, "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/iotAlertTypes": { + "get": { + "x-ms-examples": { + "Get IoT Alert Types": { + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json" + } + }, + "tags": [ + "IoT Security Solution Analytics" + ], + "description": "List IoT alert types", + "operationId": "IotAlertTypes_List", + "parameters": [{ + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IotAlertTypeList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/iotAlertTypes/{iotAlertTypeName}": { "get": { "x-ms-examples": { @@ -82,6 +123,19 @@ } }, "definitions": { + "IotAlertTypeList": { + "type": "object", + "description": "List of alert types", + "properties": { + "value": { + "type": "array", + "description": "List data", + "items": { + "$ref": "#/definitions/IotAlertType" + } + } + } + }, "IotAlertType": { "type": "object", "description": "IoT alert type.", From 59c5810ef3127ac846119661b7cee79fe5c43ec8 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Thu, 11 Jun 2020 13:13:28 +0300 Subject: [PATCH 30/36] example paths --- .../Microsoft.Security/stable/2019-08-01/iotAlertTypes.json | 4 ++-- .../Microsoft.Security/stable/2019-08-01/iotAlerts.json | 4 ++-- specification/security/resource-manager/readme.md | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json index 08955e5b405a..ef71932877b9 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json @@ -38,7 +38,7 @@ "get": { "x-ms-examples": { "Get IoT Alert Types": { - "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTAlertTypeList.json" + "$ref": "./examples/iotAlertTypes/GetIoTAlertTypeList.json" } }, "tags": [ @@ -79,7 +79,7 @@ "get": { "x-ms-examples": { "Get IoT Alert Type": { - "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTAlertType.json" + "$ref": "./examples/iotAlertTypes/GetIoTAlertType.json" } }, "operationId": "IotAlertTypes_Get", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json index fa6631723cb6..0c56766c30f8 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json @@ -38,7 +38,7 @@ "get": { "x-ms-examples": { "Get IoT Alert Types": { - "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTAlertList.json" + "$ref": "./examples/IotAlerts/GetIoTAlertList.json" } }, "tags": [ @@ -121,7 +121,7 @@ "get": { "x-ms-examples": { "Get IoT Alert Type": { - "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTAlert.json" + "$ref": "./examples/IotAlerts/GetIoTAlert.json" } }, "operationId": "IotAlerts_Get", diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md index 13403fda5bf3..0035f481895e 100644 --- a/specification/security/resource-manager/readme.md +++ b/specification/security/resource-manager/readme.md @@ -38,7 +38,7 @@ directive: reason: The list returns limited number of items - suppress: PageableOperation from: alertTypes.json - where: '$.paths["/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/alertTypes"].get' + where: '$.paths["/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/alertTypes"].get' reason: The list returns limited number of items ``` From b7e5b78b533a3f9449f8b5a7aa776c9051575fec Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Thu, 11 Jun 2020 13:19:13 +0300 Subject: [PATCH 31/36] Update tags --- .../Microsoft.Security/stable/2019-08-01/iotAlertTypes.json | 5 ++++- .../Microsoft.Security/stable/2019-08-01/iotAlerts.json | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json index ef71932877b9..2bb6f7ba5b04 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json @@ -42,7 +42,7 @@ } }, "tags": [ - "IoT Security Solution Analytics" + "IoT Security Alert Types" ], "description": "List IoT alert types", "operationId": "IotAlertTypes_List", @@ -82,6 +82,9 @@ "$ref": "./examples/iotAlertTypes/GetIoTAlertType.json" } }, + "tags": [ + "IoT Security Alert Types" + ], "operationId": "IotAlertTypes_Get", "description": "Get IoT alert type", "parameters": [ diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json index 0c56766c30f8..839ab7b886a5 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json @@ -42,7 +42,7 @@ } }, "tags": [ - "IoT Security Solution Analytics" + "IoT Security Alerts" ], "description": "List IoT alerts", "operationId": "IotAlerts_List", @@ -124,6 +124,9 @@ "$ref": "./examples/IotAlerts/GetIoTAlert.json" } }, + "tags": [ + "IoT Security Alerts" + ], "operationId": "IotAlerts_Get", "description": "Get IoT alert", "parameters": [ From eace64fcf7594fb6be91380d1a8f8a2f89d04aeb Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Thu, 11 Jun 2020 13:34:23 +0300 Subject: [PATCH 32/36] warnings --- .../Microsoft.Security/stable/2019-08-01/iotAlerts.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json index 839ab7b886a5..db7ab44d5238 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json @@ -198,6 +198,7 @@ "description": "IoT alert", "properties": { "properties": { + "x-ms-client-flatten": true, "description": "Alert properties", "$ref": "#/definitions/IotAlertProperties" } @@ -238,6 +239,7 @@ "example": "2020-05-13T06:32:25Z" }, "entities": { + "description": "A list of entities related to the alert", "type": "array", "items": { "type": "object" From 61d65defca22cd2e842ebcbae704bd5ceb9b751d Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Thu, 11 Jun 2020 13:42:25 +0300 Subject: [PATCH 33/36] fix example --- .../stable/2019-08-01/examples/IotAlerts/GetIoTAlert.json | 3 --- 1 file changed, 3 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlerts/GetIoTAlert.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlerts/GetIoTAlert.json index d93b8cd32eb9..a93e1cf0bc37 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlerts/GetIoTAlert.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlerts/GetIoTAlert.json @@ -9,9 +9,6 @@ "responses": { "200": { "body": { - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/iotAlerts/903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", - "name": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", - "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/iotAlerts", "properties": { "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", "compromisedEntity": "device-1", From ca71dc5e8dbce81ec85a5dc3f5bd7fc11e12e20d Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Thu, 11 Jun 2020 13:56:31 +0300 Subject: [PATCH 34/36] prettier --- .../IotAlertTypes/GetIoTAlertTypeList.json | 34 ++++++++++--------- .../stable/2019-08-01/iotAlertTypes.json | 3 +- 2 files changed, 20 insertions(+), 17 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlertTypes/GetIoTAlertTypeList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlertTypes/GetIoTAlertTypeList.json index 8cd3db99abfb..e4cab077fa81 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlertTypes/GetIoTAlertTypeList.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlertTypes/GetIoTAlertTypeList.json @@ -8,23 +8,25 @@ "responses": { "200": { "body": { - "value": [{ - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/iotAlertTypes", - "name": "IoT_PrivilegedContainer", - "type": "Microsoft.Security/iotSecuritySolutions/iotAlertTypes", - "properties": { - "alertDisplayName": "Privileged container detected", - "severity": "Medium", - "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.", - "providerName": "IoTSecurity", - "remediationSteps": [ - "If the container doesn't need to run in privileged mode, remove the privileges from the container." - ], - "intent": "Exploitation,Execution", - "vendorName": "Microsoft" + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Security/iotSecuritySolutions/mySolution/iotAlertTypes", + "name": "IoT_PrivilegedContainer", + "type": "Microsoft.Security/iotSecuritySolutions/iotAlertTypes", + "properties": { + "alertDisplayName": "Privileged container detected", + "severity": "Medium", + "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.", + "providerName": "IoTSecurity", + "remediationSteps": [ + "If the container doesn't need to run in privileged mode, remove the privileges from the container." + ], + "intent": "Exploitation,Execution", + "vendorName": "Microsoft" + } } - }] + ] } } } -} \ No newline at end of file +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json index 2bb6f7ba5b04..63ab5ce32a5e 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json @@ -46,7 +46,8 @@ ], "description": "List IoT alert types", "operationId": "IotAlertTypes_List", - "parameters": [{ + "parameters": [ + { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" }, { From b72787c525b41268994843ba2d6ecb7d5b7149e7 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Thu, 11 Jun 2020 14:03:51 +0300 Subject: [PATCH 35/36] case sensitive --- .../Microsoft.Security/stable/2019-08-01/iotAlertTypes.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json index 63ab5ce32a5e..a98dca5b354b 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlertTypes.json @@ -38,7 +38,7 @@ "get": { "x-ms-examples": { "Get IoT Alert Types": { - "$ref": "./examples/iotAlertTypes/GetIoTAlertTypeList.json" + "$ref": "./examples/IotAlertTypes/GetIoTAlertTypeList.json" } }, "tags": [ @@ -80,7 +80,7 @@ "get": { "x-ms-examples": { "Get IoT Alert Type": { - "$ref": "./examples/iotAlertTypes/GetIoTAlertType.json" + "$ref": "./examples/IotAlertTypes/GetIoTAlertType.json" } }, "tags": [ From 2025638667aeae8a4f1d6273b309d85e76260227 Mon Sep 17 00:00:00 2001 From: Liran Chen Date: Sun, 21 Jun 2020 08:43:55 +0300 Subject: [PATCH 36/36] Example name --- .../Microsoft.Security/stable/2019-08-01/iotAlerts.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json index db7ab44d5238..b51e7a792f22 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json @@ -37,7 +37,7 @@ "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/iotAlerts": { "get": { "x-ms-examples": { - "Get IoT Alert Types": { + "Get IoT Alerts": { "$ref": "./examples/IotAlerts/GetIoTAlertList.json" } }, @@ -120,7 +120,7 @@ "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/iotAlerts/{iotAlertId}": { "get": { "x-ms-examples": { - "Get IoT Alert Type": { + "Get IoT Alert": { "$ref": "./examples/IotAlerts/GetIoTAlert.json" } },