355355 {
356356 "$ref" : " #/definitions/MDATPDataConnector"
357357 },
358+ {
359+ "$ref" : " #/definitions/OfficeATPDataConnector"
360+ },
358361 {
359362 "$ref" : " #/definitions/OfficeDataConnector"
360363 },
574577 ],
575578 "description" : " Microsoft.SecurityInsights/settings"
576579 },
580+ "threatIntelligence_indicators" : {
581+ "type" : " object"
582+ "properties" : {
583+ "apiVersion" : {
584+ "type" : " string"
585+ "enum" : [
586+ " 2019-01-01-preview"
587+ ]
588+ },
589+ "etag" : {
590+ "type" : " string"
591+ "description" : " Etag of the azure resource"
592+ },
593+ "kind" : {
594+ "oneOf" : [
595+ {
596+ "type" : " string"
597+ "enum" : [
598+ " indicator"
599+ ]
600+ },
601+ {
602+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
603+ }
604+ ],
605+ "description" : " The kind of the entity."
606+ },
607+ "name" : {
608+ "type" : " string"
609+ "description" : " Threat Intelligence Identifier"
610+ },
611+ "properties" : {
612+ "oneOf" : [
613+ {
614+ "$ref" : " #/definitions/ThreatIntelligenceIndicatorProperties"
615+ },
616+ {
617+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
618+ }
619+ ],
620+ "description" : " Describes threat intelligence entity properties"
621+ },
622+ "type" : {
623+ "type" : " string"
624+ "enum" : [
625+ " Microsoft.SecurityInsights/threatIntelligence/indicators"
626+ ]
627+ }
628+ },
629+ "required" : [
630+ " apiVersion"
631+ " kind"
632+ " name"
633+ " properties"
634+ " type"
635+ ],
636+ "description" : " Microsoft.SecurityInsights/threatIntelligence/indicators"
637+ },
577638 "watchlists" : {
578639 "type" : " object"
579640 "properties" : {
20862147 ],
20872148 "description" : " MicrosoftSecurityIncidentCreation rule property bag."
20882149 },
2150+ "OfficeATPDataConnector" : {
2151+ "type" : " object"
2152+ "properties" : {
2153+ "kind" : {
2154+ "type" : " string"
2155+ "enum" : [
2156+ " OfficeATP"
2157+ ]
2158+ },
2159+ "properties" : {
2160+ "oneOf" : [
2161+ {
2162+ "$ref" : " #/definitions/OfficeATPDataConnectorProperties"
2163+ },
2164+ {
2165+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2166+ }
2167+ ],
2168+ "description" : " OfficeATP (Office 365 Advanced Threat Protection) data connector properties."
2169+ }
2170+ },
2171+ "required" : [
2172+ " kind"
2173+ ],
2174+ "description" : " Represents OfficeATP (Office 365 Advanced Threat Protection) data connector."
2175+ },
2176+ "OfficeATPDataConnectorProperties" : {
2177+ "type" : " object"
2178+ "properties" : {
2179+ "dataTypes" : {
2180+ "oneOf" : [
2181+ {
2182+ "$ref" : " #/definitions/AlertsDataTypeOfDataConnector"
2183+ },
2184+ {
2185+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2186+ }
2187+ ],
2188+ "description" : " Alerts data type for data connectors."
2189+ },
2190+ "tenantId" : {
2191+ "type" : " string"
2192+ "description" : " The tenant id to connect to, and get the data from."
2193+ }
2194+ },
2195+ "description" : " OfficeATP (Office 365 Advanced Threat Protection) data connector properties."
2196+ },
20892197 "OfficeDataConnector" : {
20902198 "type" : " object"
20912199 "properties" : {
24962604 ],
24972605 "description" : " Scheduled alert rule base property bag."
24982606 },
2607+ "ThreatIntelligenceGranularMarkingModel" : {
2608+ "type" : " object"
2609+ "properties" : {
2610+ "language" : {
2611+ "type" : " string"
2612+ "description" : " Language granular marking model"
2613+ },
2614+ "markingRef" : {
2615+ "oneOf" : [
2616+ {
2617+ "type" : " integer"
2618+ },
2619+ {
2620+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2621+ }
2622+ ],
2623+ "description" : " marking reference granular marking model"
2624+ },
2625+ "selectors" : {
2626+ "oneOf" : [
2627+ {
2628+ "type" : " array"
2629+ "items" : {
2630+ "type" : " string"
2631+ }
2632+ },
2633+ {
2634+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2635+ }
2636+ ],
2637+ "description" : " granular marking model selectors"
2638+ }
2639+ },
2640+ "description" : " Describes threat granular marking model entity"
2641+ },
2642+ "ThreatIntelligenceIndicatorProperties" : {
2643+ "type" : " object"
2644+ "properties" : {
2645+ "confidence" : {
2646+ "oneOf" : [
2647+ {
2648+ "type" : " integer"
2649+ },
2650+ {
2651+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2652+ }
2653+ ],
2654+ "description" : " Confidence of threat intelligence entity"
2655+ },
2656+ "created" : {
2657+ "type" : " string"
2658+ "description" : " Created by"
2659+ },
2660+ "createdByRef" : {
2661+ "type" : " string"
2662+ "description" : " Created by reference of threat intelligence entity"
2663+ },
2664+ "description" : {
2665+ "type" : " string"
2666+ "description" : " Description of a threat intelligence entity"
2667+ },
2668+ "displayName" : {
2669+ "type" : " string"
2670+ "description" : " Display name of a threat intelligence entity"
2671+ },
2672+ "externalId" : {
2673+ "type" : " string"
2674+ "description" : " External ID of threat intelligence entity"
2675+ },
2676+ "externalReferences" : {
2677+ "oneOf" : [
2678+ {
2679+ "type" : " array"
2680+ "items" : {
2681+ "type" : " string"
2682+ }
2683+ },
2684+ {
2685+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2686+ }
2687+ ],
2688+ "description" : " External References"
2689+ },
2690+ "granularMarkings" : {
2691+ "oneOf" : [
2692+ {
2693+ "type" : " array"
2694+ "items" : {
2695+ "$ref" : " #/definitions/ThreatIntelligenceGranularMarkingModel"
2696+ }
2697+ },
2698+ {
2699+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2700+ }
2701+ ],
2702+ "description" : " Granular Markings"
2703+ },
2704+ "indicatorTypes" : {
2705+ "oneOf" : [
2706+ {
2707+ "type" : " array"
2708+ "items" : {
2709+ "type" : " string"
2710+ }
2711+ },
2712+ {
2713+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2714+ }
2715+ ],
2716+ "description" : " Indicator types of threat intelligence entities"
2717+ },
2718+ "killChainPhases" : {
2719+ "oneOf" : [
2720+ {
2721+ "type" : " array"
2722+ "items" : {
2723+ "$ref" : " #/definitions/ThreatIntelligenceKillChainPhase"
2724+ }
2725+ },
2726+ {
2727+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2728+ }
2729+ ],
2730+ "description" : " Kill chain phases"
2731+ },
2732+ "labels" : {
2733+ "oneOf" : [
2734+ {
2735+ "type" : " array"
2736+ "items" : {
2737+ "type" : " string"
2738+ }
2739+ },
2740+ {
2741+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2742+ }
2743+ ],
2744+ "description" : " Labels of threat intelligence entity"
2745+ },
2746+ "lastUpdatedTimeUtc" : {
2747+ "type" : " string"
2748+ "description" : " Last updated time in UTC"
2749+ },
2750+ "modified" : {
2751+ "type" : " string"
2752+ "description" : " Modified by"
2753+ },
2754+ "pattern" : {
2755+ "type" : " string"
2756+ "description" : " Pattern of a threat intelligence entity"
2757+ },
2758+ "patternType" : {
2759+ "type" : " string"
2760+ "description" : " Pattern type of a threat intelligence entity"
2761+ },
2762+ "revoked" : {
2763+ "oneOf" : [
2764+ {
2765+ "type" : " boolean"
2766+ },
2767+ {
2768+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2769+ }
2770+ ],
2771+ "description" : " Is threat intelligence entity revoked"
2772+ },
2773+ "source" : {
2774+ "type" : " string"
2775+ "description" : " Source of a threat intelligence entity"
2776+ },
2777+ "threatIntelligenceTags" : {
2778+ "oneOf" : [
2779+ {
2780+ "type" : " array"
2781+ "items" : {
2782+ "type" : " string"
2783+ }
2784+ },
2785+ {
2786+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2787+ }
2788+ ],
2789+ "description" : " List of tags"
2790+ },
2791+ "threatTypes" : {
2792+ "oneOf" : [
2793+ {
2794+ "type" : " array"
2795+ "items" : {
2796+ "type" : " string"
2797+ }
2798+ },
2799+ {
2800+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2801+ }
2802+ ],
2803+ "description" : " Threat types"
2804+ },
2805+ "validFrom" : {
2806+ "type" : " string"
2807+ "description" : " Valid from"
2808+ },
2809+ "validUntil" : {
2810+ "type" : " string"
2811+ "description" : " Valid until"
2812+ }
2813+ },
2814+ "description" : " Describes threat intelligence entity properties"
2815+ },
2816+ "ThreatIntelligenceKillChainPhase" : {
2817+ "type" : " object"
2818+ "properties" : {
2819+ "killChainName" : {
2820+ "type" : " string"
2821+ "description" : " Kill chainName name"
2822+ },
2823+ "phaseName" : {
2824+ "oneOf" : [
2825+ {
2826+ "type" : " integer"
2827+ },
2828+ {
2829+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2830+ }
2831+ ],
2832+ "description" : " Phase name"
2833+ }
2834+ },
2835+ "description" : " Describes threat kill chain phase entity"
2836+ },
24992837 "TIDataConnector" : {
25002838 "type" : " object"
25012839 "properties" : {
29703308 "description" : " Describes watchlist properties"
29713309 }
29723310 }
2973- }
3311+ }
0 commit comments