537537 "oneOf" : [
538538 {
539539 "$ref" : " #/definitions/EyesOn"
540+ },
541+ {
542+ "$ref" : " #/definitions/EntityAnalytics"
543+ },
544+ {
545+ "$ref" : " #/definitions/Ueba"
540546 }
541547 ],
542548 "properties" : {
552558 },
553559 "name" : {
554560 "type" : " string"
555- "description" : " The setting name. Supports- EyesOn"
561+ "description" : " The setting name. Supports - EyesOn, EntityAnalytics, Ueba "
556562 },
557563 "type" : {
558564 "type" : " string"
567573 " type"
568574 ],
569575 "description" : " Microsoft.SecurityInsights/settings"
576+ },
577+ "watchlists" : {
578+ "type" : " object"
579+ "properties" : {
580+ "apiVersion" : {
581+ "type" : " string"
582+ "enum" : [
583+ " 2019-01-01-preview"
584+ ]
585+ },
586+ "etag" : {
587+ "type" : " string"
588+ "description" : " Etag of the azure resource"
589+ },
590+ "name" : {
591+ "type" : " string"
592+ "description" : " Watchlist Alias"
593+ },
594+ "properties" : {
595+ "oneOf" : [
596+ {
597+ "$ref" : " #/definitions/WatchlistProperties"
598+ },
599+ {
600+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
601+ }
602+ ],
603+ "description" : " Describes watchlist properties"
604+ },
605+ "type" : {
606+ "type" : " string"
607+ "enum" : [
608+ " Microsoft.SecurityInsights/watchlists"
609+ ]
610+ }
611+ },
612+ "required" : [
613+ " apiVersion"
614+ " name"
615+ " properties"
616+ " type"
617+ ],
618+ "description" : " Microsoft.SecurityInsights/watchlists"
570619 }
571620 },
572621 "definitions" : {
12241273 ],
12251274 "description" : " Microsoft.SecurityInsights/cases/relations"
12261275 },
1276+ "EntityAnalytics" : {
1277+ "type" : " object"
1278+ "properties" : {
1279+ "kind" : {
1280+ "type" : " string"
1281+ "enum" : [
1282+ " EntityAnalytics"
1283+ ]
1284+ },
1285+ "properties" : {
1286+ "oneOf" : [
1287+ {
1288+ "$ref" : " #/definitions/EntityAnalyticsProperties"
1289+ },
1290+ {
1291+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
1292+ }
1293+ ],
1294+ "description" : " EntityAnalytics property bag."
1295+ }
1296+ },
1297+ "required" : [
1298+ " kind"
1299+ ],
1300+ "description" : " Settings with single toggle."
1301+ },
1302+ "EntityAnalyticsProperties" : {
1303+ "type" : " object"
1304+ "properties" : {},
1305+ "description" : " EntityAnalytics property bag."
1306+ },
12271307 "EyesOn" : {
12281308 "type" : " object"
12291309 "properties" : {
23052385 " Collection"
23062386 " Exfiltration"
23072387 " CommandAndControl"
2308- " Impact"
2388+ " Impact"
2389+ " PreAttack"
23092390 ]
23102391 }
23112392 },
25462627 },
25472628 "description" : " Threat Intelligence taxii client data connector properties."
25482629 },
2630+ "Ueba" : {
2631+ "type" : " object"
2632+ "properties" : {
2633+ "kind" : {
2634+ "type" : " string"
2635+ "enum" : [
2636+ " Ueba"
2637+ ]
2638+ },
2639+ "properties" : {
2640+ "oneOf" : [
2641+ {
2642+ "$ref" : " #/definitions/UebaProperties"
2643+ },
2644+ {
2645+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2646+ }
2647+ ],
2648+ "description" : " Ueba property bag."
2649+ }
2650+ },
2651+ "required" : [
2652+ " kind"
2653+ ],
2654+ "description" : " Settings with single toggle."
2655+ },
2656+ "UebaProperties" : {
2657+ "type" : " object"
2658+ "properties" : {
2659+ "dataSources" : {
2660+ "oneOf" : [
2661+ {
2662+ "type" : " array"
2663+ "items" : {
2664+ "type" : " string"
2665+ "enum" : [
2666+ " AuditLogs"
2667+ " AzureActivity"
2668+ " SecurityEvent"
2669+ " SigninLogs"
2670+ ]
2671+ }
2672+ },
2673+ {
2674+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2675+ }
2676+ ],
2677+ "description" : " The relevant data sources that enriched by ueba"
2678+ }
2679+ },
2680+ "description" : " Ueba property bag."
2681+ },
25492682 "UserInfo" : {
25502683 "type" : " object"
25512684 "properties" : {
25632696 }
25642697 },
25652698 "description" : " User information that made some action"
2699+ },
2700+ "WatchlistItem" : {
2701+ "type" : " object"
2702+ "properties" : {
2703+ "properties" : {
2704+ "oneOf" : [
2705+ {
2706+ "$ref" : " #/definitions/WatchlistItemProperties"
2707+ },
2708+ {
2709+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2710+ }
2711+ ],
2712+ "description" : " Describes watchlist item properties"
2713+ }
2714+ },
2715+ "description" : " Represents a Watchlist Item in Azure Security Insights."
2716+ },
2717+ "WatchlistItemProperties" : {
2718+ "type" : " object"
2719+ "properties" : {
2720+ "createdBy" : {
2721+ "oneOf" : [
2722+ {
2723+ "$ref" : " #/definitions/UserInfo"
2724+ },
2725+ {
2726+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2727+ }
2728+ ],
2729+ "description" : " User information that made some action"
2730+ },
2731+ "createdTimeUtc" : {
2732+ "type" : " string"
2733+ "format" : " date-time"
2734+ "description" : " The time the watchlist item was created"
2735+ },
2736+ "entityMapping" : {
2737+ "type" : " object"
2738+ "properties" : {},
2739+ "description" : " A key-value pair for a watchlist item entity mapping"
2740+ },
2741+ "lastUpdatedTimeUtc" : {
2742+ "type" : " string"
2743+ "format" : " date-time"
2744+ "description" : " The last time the watchlist item was updated"
2745+ },
2746+ "tenantId" : {
2747+ "type" : " string"
2748+ "description" : " The tenantId to which this watchlist item belongs to"
2749+ },
2750+ "timeToLiveUtc" : {
2751+ "type" : " string"
2752+ "format" : " date-time"
2753+ "description" : " The time to live for the watchlist item"
2754+ },
2755+ "updatedBy" : {
2756+ "oneOf" : [
2757+ {
2758+ "$ref" : " #/definitions/UserInfo"
2759+ },
2760+ {
2761+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2762+ }
2763+ ],
2764+ "description" : " User information that made some action"
2765+ },
2766+ "watchlistId" : {
2767+ "type" : " string"
2768+ "description" : " The watchlist id of the parent of this watchlist item"
2769+ },
2770+ "watchlistItemName" : {
2771+ "type" : " string"
2772+ "description" : " Name of the watchlist item"
2773+ },
2774+ "watchlistItemPair" : {
2775+ "type" : " object"
2776+ "properties" : {},
2777+ "description" : " A key-value pair for a watchlist item"
2778+ },
2779+ "watchlistItemType" : {
2780+ "type" : " string"
2781+ "description" : " The type of the watchlist item"
2782+ }
2783+ },
2784+ "required" : [
2785+ " watchlistId"
2786+ " watchlistItemPair"
2787+ ],
2788+ "description" : " Describes watchlist item properties"
2789+ },
2790+ "WatchlistProperties" : {
2791+ "type" : " object"
2792+ "properties" : {
2793+ "createdBy" : {
2794+ "oneOf" : [
2795+ {
2796+ "$ref" : " #/definitions/UserInfo"
2797+ },
2798+ {
2799+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2800+ }
2801+ ],
2802+ "description" : " User information that made some action"
2803+ },
2804+ "createdTimeUtc" : {
2805+ "type" : " string"
2806+ "format" : " date-time"
2807+ "description" : " The time the watchlist was created"
2808+ },
2809+ "defaultDuration" : {
2810+ "type" : " string"
2811+ "format" : " duration"
2812+ "description" : " The default duration of a watchlist (in ISO 8601 duration format)"
2813+ },
2814+ "description" : {
2815+ "type" : " string"
2816+ "description" : " A description of the watchlist"
2817+ },
2818+ "displayName" : {
2819+ "type" : " string"
2820+ "description" : " The display name of the watchlist"
2821+ },
2822+ "labels" : {
2823+ "oneOf" : [
2824+ {
2825+ "type" : " array"
2826+ "items" : {
2827+ "type" : " string"
2828+ }
2829+ },
2830+ {
2831+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2832+ }
2833+ ],
2834+ "description" : " List of labels relevant to this watchlist"
2835+ },
2836+ "lastUpdatedTimeUtc" : {
2837+ "type" : " string"
2838+ "format" : " date-time"
2839+ "description" : " The last time the watchlist was updated"
2840+ },
2841+ "notes" : {
2842+ "type" : " string"
2843+ "description" : " The notes of the watchlist"
2844+ },
2845+ "provider" : {
2846+ "type" : " string"
2847+ "description" : " The provider of the watchlist"
2848+ },
2849+ "source" : {
2850+ "oneOf" : [
2851+ {
2852+ "type" : " string"
2853+ "enum" : [
2854+ " Local file"
2855+ " Remote storage"
2856+ ]
2857+ },
2858+ {
2859+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2860+ }
2861+ ],
2862+ "description" : " The source of the watchlist."
2863+ },
2864+ "tenantId" : {
2865+ "type" : " string"
2866+ "description" : " The tenantId where the watchlist belongs to."
2867+ },
2868+ "updatedBy" : {
2869+ "oneOf" : [
2870+ {
2871+ "$ref" : " #/definitions/UserInfo"
2872+ },
2873+ {
2874+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2875+ }
2876+ ],
2877+ "description" : " User information that made some action"
2878+ },
2879+ "watchlistItems" : {
2880+ "oneOf" : [
2881+ {
2882+ "type" : " array"
2883+ "items" : {
2884+ "$ref" : " #/definitions/WatchlistItem"
2885+ }
2886+ },
2887+ {
2888+ "$ref" : " https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
2889+ }
2890+ ],
2891+ "description" : " List of watchlist items."
2892+ },
2893+ "watchlistType" : {
2894+ "type" : " string"
2895+ "description" : " The type of the watchlist"
2896+ },
2897+ "workspaceId" : {
2898+ "type" : " string"
2899+ "description" : " The workspaceId where the watchlist belongs to."
2900+ }
2901+ },
2902+ "required" : [
2903+ " displayName"
2904+ " provider"
2905+ " source"
2906+ ],
2907+ "description" : " Describes watchlist properties"
25662908 }
25672909 }
25682910}
0 commit comments