From bf1d37fb8d96a9a3473fef32df1fd94f7441562d Mon Sep 17 00:00:00 2001 From: SDK Automation Date: Wed, 19 Aug 2020 15:53:46 +0000 Subject: [PATCH] Generated from f74e7a1e7cb6a705ecdb0582fb5d1bcadc2bd055 fix --- .../Microsoft.SecurityInsights.json | 346 +++++++++++++++++- 1 file changed, 344 insertions(+), 2 deletions(-) diff --git a/schemas/2019-01-01-preview/Microsoft.SecurityInsights.json b/schemas/2019-01-01-preview/Microsoft.SecurityInsights.json index b4bec4a288..fa52320d70 100644 --- a/schemas/2019-01-01-preview/Microsoft.SecurityInsights.json +++ b/schemas/2019-01-01-preview/Microsoft.SecurityInsights.json @@ -537,6 +537,12 @@ "oneOf": [ { "$ref": "#/definitions/EyesOn" + }, + { + "$ref": "#/definitions/EntityAnalytics" + }, + { + "$ref": "#/definitions/Ueba" } ], "properties": { @@ -552,7 +558,7 @@ }, "name": { "type": "string", - "description": "The setting name. Supports- EyesOn" + "description": "The setting name. Supports - EyesOn, EntityAnalytics, Ueba" }, "type": { "type": "string", @@ -567,6 +573,49 @@ "type" ], "description": "Microsoft.SecurityInsights/settings" + }, + "watchlists": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-01-01-preview" + ] + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + }, + "name": { + "type": "string", + "description": "Watchlist Alias" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/WatchlistProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes watchlist properties" + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.SecurityInsights/watchlists" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.SecurityInsights/watchlists" } }, "definitions": { @@ -1224,6 +1273,37 @@ ], "description": "Microsoft.SecurityInsights/cases/relations" }, + "EntityAnalytics": { + "type": "object", + "properties": { + "kind": { + "type": "string", + "enum": [ + "EntityAnalytics" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/EntityAnalyticsProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "EntityAnalytics property bag." + } + }, + "required": [ + "kind" + ], + "description": "Settings with single toggle." + }, + "EntityAnalyticsProperties": { + "type": "object", + "properties": {}, + "description": "EntityAnalytics property bag." + }, "EyesOn": { "type": "object", "properties": { @@ -2305,7 +2385,8 @@ "Collection", "Exfiltration", "CommandAndControl", - "Impact" + "Impact", + "PreAttack" ] } }, @@ -2546,6 +2627,58 @@ }, "description": "Threat Intelligence taxii client data connector properties." }, + "Ueba": { + "type": "object", + "properties": { + "kind": { + "type": "string", + "enum": [ + "Ueba" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/UebaProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Ueba property bag." + } + }, + "required": [ + "kind" + ], + "description": "Settings with single toggle." + }, + "UebaProperties": { + "type": "object", + "properties": { + "dataSources": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "AuditLogs", + "AzureActivity", + "SecurityEvent", + "SigninLogs" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The relevant data sources that enriched by ueba" + } + }, + "description": "Ueba property bag." + }, "UserInfo": { "type": "object", "properties": { @@ -2563,6 +2696,215 @@ } }, "description": "User information that made some action" + }, + "WatchlistItem": { + "type": "object", + "properties": { + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/WatchlistItemProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes watchlist item properties" + } + }, + "description": "Represents a Watchlist Item in Azure Security Insights." + }, + "WatchlistItemProperties": { + "type": "object", + "properties": { + "createdBy": { + "oneOf": [ + { + "$ref": "#/definitions/UserInfo" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "User information that made some action" + }, + "createdTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time the watchlist item was created" + }, + "entityMapping": { + "type": "object", + "properties": {}, + "description": "A key-value pair for a watchlist item entity mapping" + }, + "lastUpdatedTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The last time the watchlist item was updated" + }, + "tenantId": { + "type": "string", + "description": "The tenantId to which this watchlist item belongs to" + }, + "timeToLiveUtc": { + "type": "string", + "format": "date-time", + "description": "The time to live for the watchlist item" + }, + "updatedBy": { + "oneOf": [ + { + "$ref": "#/definitions/UserInfo" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "User information that made some action" + }, + "watchlistId": { + "type": "string", + "description": "The watchlist id of the parent of this watchlist item" + }, + "watchlistItemName": { + "type": "string", + "description": "Name of the watchlist item" + }, + "watchlistItemPair": { + "type": "object", + "properties": {}, + "description": "A key-value pair for a watchlist item" + }, + "watchlistItemType": { + "type": "string", + "description": "The type of the watchlist item" + } + }, + "required": [ + "watchlistId", + "watchlistItemPair" + ], + "description": "Describes watchlist item properties" + }, + "WatchlistProperties": { + "type": "object", + "properties": { + "createdBy": { + "oneOf": [ + { + "$ref": "#/definitions/UserInfo" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "User information that made some action" + }, + "createdTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The time the watchlist was created" + }, + "defaultDuration": { + "type": "string", + "format": "duration", + "description": "The default duration of a watchlist (in ISO 8601 duration format)" + }, + "description": { + "type": "string", + "description": "A description of the watchlist" + }, + "displayName": { + "type": "string", + "description": "The display name of the watchlist" + }, + "labels": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "List of labels relevant to this watchlist" + }, + "lastUpdatedTimeUtc": { + "type": "string", + "format": "date-time", + "description": "The last time the watchlist was updated" + }, + "notes": { + "type": "string", + "description": "The notes of the watchlist" + }, + "provider": { + "type": "string", + "description": "The provider of the watchlist" + }, + "source": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Local file", + "Remote storage" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The source of the watchlist." + }, + "tenantId": { + "type": "string", + "description": "The tenantId where the watchlist belongs to." + }, + "updatedBy": { + "oneOf": [ + { + "$ref": "#/definitions/UserInfo" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "User information that made some action" + }, + "watchlistItems": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/WatchlistItem" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "List of watchlist items." + }, + "watchlistType": { + "type": "string", + "description": "The type of the watchlist" + }, + "workspaceId": { + "type": "string", + "description": "The workspaceId where the watchlist belongs to." + } + }, + "required": [ + "displayName", + "provider", + "source" + ], + "description": "Describes watchlist properties" } } } \ No newline at end of file