-
Notifications
You must be signed in to change notification settings - Fork 5.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Creating first and basic swagger for new RP of ASI (Azure Security Insight). This RP is an extension RP of "Microsoft.operationalinsights", and it is coupled to a Log analytics workspace. This is a first iteration in order to create a simple RP with single endpoint, after it wil work the API will be changed with the actual and full endpoints based on the learnings from this POC. * updating the operationalInsightsResourceProvider to be a global parameter and reuse it in the PUT same as in the GET * Fixing comments from PR * Fixing the Microsoft.OperationalInsight to the right form * Updating the location to be under- "resource-manager" * adding readme files for the swagger * Changing the path of the files to the correct path * Change the location of the readme files * Fixing inconsistency in the naming- changing everything to SecurityInsights * Missed the file when aligned the name to SecurityInsights * Fixing a redundant space in the examples * add alertRule to the CreateAlertRule.json and do some indentation fixes * Creates the "real" API for Scheduled Alert Rules * Update the name alertRule to alertScheduledtRule in the creation example * Fixing comments from PR- * Changing durations to fit standards * Changing operators to fit other RPs * Align naming to scheduledAlertRules * Adding 200 response to DeleteScheduledAlertRule * Changing naming- alertTriggerOperator => triggerOperator alertTriggerThreshold => triggerThreshold * Adding kind to AlertRule and making Scheduled as a specific kind * Fix some errors * Trying to solve the model validator issues * Fixing indentation * Adding data connectors endpoints * fixing nesting issues * Try to fix some checks issues * Try to fix issues once again * Fixing typos * Add actions for alerts * Updating the examples for actions * Move actions next to alert rules * Adding entities * Adding OfficeConsent & Settings * Adding cases APIs * Adding Bookmarks APIs * Fixing comments from review * Fixing path in examples Fixing array results * updating the settings examples * Update "assignedTo" in cases to be the same UserInfo as in Bookmarks * Update cases examples * fixed the CloseReason x-ms-enum name * Fixing comments from PR * Change in dataConnectors from contextId to the relevant ID * Fixing the code according to discussion. Actions will be only nested resource at the moment, so ruleId is not needed currently. Patterns will be removed so Guid will not be mandatory as parameter. ruleName will be cahanged to displayName in AlertRules * Fixing validation error * revert this file * Fixing examples json * updating the operationIds to be more precise
- Loading branch information
1 parent
ee6addc
commit 64f1e0e
Showing
33 changed files
with
3,188 additions
and
538 deletions.
There are no files selected for viewing
2,711 changes: 2,288 additions & 423 deletions
2,711
...ource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json
Large diffs are not rendered by default.
Oops, something went wrong.
44 changes: 44 additions & 0 deletions
44
...SecurityInsights/preview/2019-01-01-preview/examples/actions/CreateActionOfAlertRule.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| { | ||
| "parameters": { | ||
| "api-version": "2019-01-01-preview", | ||
| "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", | ||
| "resourceGroupName": "myRg", | ||
| "workspaceName": "myWorkspace", | ||
| "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", | ||
| "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", | ||
| "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", | ||
| "action": { | ||
| "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", | ||
| "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", | ||
| "type": "Microsoft.SecurityInsights/alertRules/actions", | ||
| "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", | ||
| "properties": { | ||
| "triggerUri": "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" | ||
| } | ||
| } | ||
| }, | ||
| "responses": { | ||
| "200": { | ||
| "body": { | ||
| "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", | ||
| "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", | ||
| "type": "Microsoft.SecurityInsights/alertRules/actions", | ||
| "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", | ||
| "properties": { | ||
| "triggerUri": "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" | ||
| } | ||
| } | ||
| }, | ||
| "201": { | ||
| "body": { | ||
| "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", | ||
| "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", | ||
| "type": "Microsoft.SecurityInsights/alertRules/actions", | ||
| "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", | ||
| "properties": { | ||
| "triggerUri": "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } |
17 changes: 17 additions & 0 deletions
17
...SecurityInsights/preview/2019-01-01-preview/examples/actions/DeleteActionOfAlertRule.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| { | ||
| "parameters": { | ||
| "api-version": "2019-01-01-preview", | ||
| "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", | ||
| "resourceGroupName": "myRg", | ||
| "workspaceName": "myWorkspace", | ||
| "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", | ||
| "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", | ||
| "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" | ||
| }, | ||
| "responses": { | ||
| "200": { | ||
| }, | ||
| "204":{ | ||
| } | ||
| } | ||
| } |
24 changes: 24 additions & 0 deletions
24
...ecurityInsights/preview/2019-01-01-preview/examples/actions/GetActionOfAlertRuleById.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| { | ||
| "parameters": { | ||
| "api-version": "2019-01-01-preview", | ||
| "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", | ||
| "resourceGroupName": "myRg", | ||
| "workspaceName": "myWorkspace", | ||
| "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", | ||
| "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", | ||
| "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" | ||
| }, | ||
| "responses": { | ||
| "200": { | ||
| "body": { | ||
| "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", | ||
| "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", | ||
| "type": "Microsoft.SecurityInsights/alertRules/actions", | ||
| "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", | ||
| "properties": { | ||
| "triggerUri": "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } |
27 changes: 27 additions & 0 deletions
27
...ecurityInsights/preview/2019-01-01-preview/examples/actions/GetAllActionsByAlertRule.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| { | ||
| "parameters": { | ||
| "api-version": "2019-01-01-preview", | ||
| "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", | ||
| "resourceGroupName": "myRg", | ||
| "workspaceName": "myWorkspace", | ||
| "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", | ||
| "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" | ||
| }, | ||
| "responses": { | ||
| "200": { | ||
| "body": { | ||
| "value": [ | ||
| { | ||
| "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", | ||
| "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", | ||
| "type": "Microsoft.SecurityInsights/alertRules/actions", | ||
| "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", | ||
| "properties": { | ||
| "triggerUri": "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" | ||
| } | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
88 changes: 88 additions & 0 deletions
88
...rosoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/CreateBookmark.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| { | ||
| "parameters": { | ||
| "api-version": "2019-01-01-preview", | ||
| "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", | ||
| "resourceGroupName": "myRg", | ||
| "workspaceName": "myWorkspace", | ||
| "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", | ||
| "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", | ||
| "bookmark": { | ||
| "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", | ||
| "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", | ||
| "type": "Microsoft.SecurityInsights/bookmarks", | ||
| "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", | ||
| "properties": { | ||
| "displayName": "My bookmark", | ||
| "createdBy": { | ||
| "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", | ||
| "email": "john@contoso.com", | ||
| "name": "john doe" | ||
| }, | ||
| "updatedBy": { | ||
| "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", | ||
| "email": "john@contoso.com", | ||
| "name": "john doe" | ||
| }, | ||
| "lastUpdatedTimeUtc": "2019-01-01T13:15:30Z", | ||
| "createdTimeUtc": "2019-01-01T13:15:30Z", | ||
| "notes": "Found a suspicious activity", | ||
| "labels": "['Tag1', 'Tag2']", | ||
| "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)" | ||
| } | ||
| } | ||
| }, | ||
| "responses": { | ||
| "200": { | ||
| "body": { | ||
| "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", | ||
| "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", | ||
| "type": "Microsoft.SecurityInsights/bookmarks", | ||
| "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", | ||
| "properties": { | ||
| "displayName": "My bookmark", | ||
| "createdBy": { | ||
| "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", | ||
| "email": "john@contoso.com", | ||
| "name": "john doe" | ||
| }, | ||
| "updatedBy": { | ||
| "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", | ||
| "email": "john@contoso.com", | ||
| "name": "john doe" | ||
| }, | ||
| "lastUpdatedTimeUtc": "2019-01-01T13:15:30Z", | ||
| "createdTimeUtc": "2019-01-01T13:15:30Z", | ||
| "notes": "Found a suspicious activity", | ||
| "labels": "['Tag1', 'Tag2']", | ||
| "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)" | ||
| } | ||
| } | ||
| }, | ||
| "201": { | ||
| "body": { | ||
| "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", | ||
| "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", | ||
| "type": "Microsoft.SecurityInsights/bookmarks", | ||
| "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", | ||
| "properties": { | ||
| "displayName": "My bookmark", | ||
| "createdBy": { | ||
| "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", | ||
| "email": "john@contoso.com", | ||
| "name": "john doe" | ||
| }, | ||
| "updatedBy": { | ||
| "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", | ||
| "email": "john@contoso.com", | ||
| "name": "john doe" | ||
| }, | ||
| "lastUpdatedTimeUtc": "2019-01-01T13:15:30Z", | ||
| "createdTimeUtc": "2019-01-01T13:15:30Z", | ||
| "notes": "Found a suspicious activity", | ||
| "labels": "['Tag1', 'Tag2']", | ||
| "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)" | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } |
16 changes: 16 additions & 0 deletions
16
...rosoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/DeleteBookmark.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| { | ||
| "parameters": { | ||
| "api-version": "2019-01-01-preview", | ||
| "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", | ||
| "resourceGroupName": "myRg", | ||
| "workspaceName": "myWorkspace", | ||
| "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", | ||
| "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" | ||
| }, | ||
| "responses": { | ||
| "200": { | ||
| }, | ||
| "204":{ | ||
| } | ||
| } | ||
| } |
39 changes: 39 additions & 0 deletions
39
...osoft.SecurityInsights/preview/2019-01-01-preview/examples/bookmarks/GetBookmarkById.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| { | ||
| "parameters": { | ||
| "api-version": "2019-01-01-preview", | ||
| "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", | ||
| "resourceGroupName": "myRg", | ||
| "workspaceName": "myWorkspace", | ||
| "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", | ||
| "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" | ||
| }, | ||
| "responses": { | ||
| "200": { | ||
| "body": { | ||
| "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", | ||
| "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", | ||
| "type": "Microsoft.SecurityInsights/bookmarks", | ||
| "kind": "Scheduled", | ||
| "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", | ||
| "properties": { | ||
| "displayName": "My bookmark", | ||
| "createdBy": { | ||
| "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", | ||
| "email": "john@contoso.com", | ||
| "name": "john doe" | ||
| }, | ||
| "updatedBy": { | ||
| "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", | ||
| "email": "john@contoso.com", | ||
| "name": "john doe" | ||
| }, | ||
| "lastUpdatedTimeUtc": "2019-01-01T13:15:30Z", | ||
| "createdTimeUtc": "2019-01-01T13:15:30Z", | ||
| "notes": "Found a suspicious activity", | ||
| "labels": "['Tag1', 'Tag2']", | ||
| "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)" | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.