Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding new api-version to Microsoft.Security Alerts resource #4902

Merged
merged 6 commits into from
Feb 1, 2019
Merged

Adding new api-version to Microsoft.Security Alerts resource #4902

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
6d92f43
Copy preview/2015-06-01-preview to stable/2019-01-01 (as we want to e…
orparnes Dec 11, 2018
d94a369
Fix alerts examples of version 2015-06-01-preview
orparnes Jan 6, 2019
46730b7
Remove anything that is not "alerts" related from version 2019-01-01
orparnes Jan 6, 2019
4319bbf
Set all changes for "alerts" type of the new version "2019-01-01"
orparnes Jan 6, 2019
2b207c4
Add the stable version to the readme file
orparnes Jan 23, 2019
f862d11
Rollback readme change
orparnes Jan 23, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions ...ity/preview/2015-06-01-preview/examples/Alerts/GetAlertResourceGroupLocation_example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@
"reason": "Some computer reason"
}],
"canBeInvestigated": true,
"isIncident": false,
"entities": [{
"address": "192.0.2.1",
"location": {
Expand Down
1 change: 1 addition & 0 deletions ...rity/preview/2015-06-01-preview/examples/Alerts/GetAlertSubscriptionLocation_example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@
"reason": "Some computer reason"
}],
"canBeInvestigated": true,
"isIncident": false,
"entities": [{
"address": "192.0.2.1",
"location": {
Expand Down
1 change: 1 addition & 0 deletions ...ty/preview/2015-06-01-preview/examples/Alerts/GetAlertsResourceGroupLocation_example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@
"reason": "Some computer reason"
}],
"canBeInvestigated": true,
"isIncident": false,
"entities": [{
"address": "192.0.2.1",
"location": {
Expand Down
1 change: 1 addition & 0 deletions ...t.Security/preview/2015-06-01-preview/examples/Alerts/GetAlertsResourceGroup_example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@
"reason": "Some computer reason"
}],
"canBeInvestigated": true,
"isIncident": false,
"entities": [{
"address": "192.0.2.1",
"location": {
Expand Down
1 change: 1 addition & 0 deletions ...ft.Security/preview/2015-06-01-preview/examples/Alerts/GetAlertsSubscription_example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@
"reason": "Some computer reason"
}],
"canBeInvestigated": true,
"isIncident": false,
"entities": [{
"address": "192.0.2.1",
"location": {
Expand Down
1 change: 1 addition & 0 deletions ...ty/preview/2015-06-01-preview/examples/Alerts/GetAlertsSubscriptionsLocation_example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@
"reason": "Some computer reason"
}],
"canBeInvestigated": true,
"isIncident": false,
"entities": [{
"address": "192.0.2.1",
"location": {
Expand Down
29 changes: 29 additions & 0 deletions ...ion/security/resource-manager/Microsoft.Security/preview/2015-06-01-preview/security.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2017,6 +2017,30 @@
"reportedSeverity": {
"readOnly": true,
"type": "string",
"enum": [
"Silent",
"Information",
"Low",
"High"
],
"x-ms-enum": {
"name": "reportedSeverity",
"modelAsString": true,
"values": [
{
"value": "Silent"
},
{
"value": "Information"
},
{
"value": "Low"
},
{
"value": "High"
}
]
},
"description": "Estimated severity of this alert"
},
"compromisedEntity": {
Expand All @@ -2042,6 +2066,11 @@
"type": "boolean",
"description": "Whether this alert can be investigated with Azure Security Center"
},
"isIncident": {
"readOnly": true,
"type": "boolean",
"description": "Whether this alert is for incident type or not (otherwise - single alert)"
},
"entities": {
"type": "array",
"description": "objects that are related to this alerts",
Expand Down
73 changes: 73 additions & 0 deletions ...oft.Security/stable/2019-01-01/examples/Alerts/GetAlertResourceGroupLocation_example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
{
"parameters": {
"api-version": "2019-01-01",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
"resourceGroupName": "myRg1",
"ascLocation": "westeurope",
"alertName": "2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA"
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA",
"name": "2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA",
"type": "Microsoft.Security/Locations/alerts",
"properties": {
"vendorName": "Microsoft",
"alertDisplayName": "Threat Intelligence Alert",
"alertName": "ThreatIntelligence",
"detectedTimeUtc": "2018-05-01T19:50:47.083633Z",
"description": "Process was detected running on the host and is considered to be suspicious, verify that the user run it",
"remediationSteps": "verify that the user invoked this process\r\nrun antimalware scan of the VM",
"actionTaken": "Detected",
"reportedSeverity": "High",
"compromisedEntity": "vm1",
"associatedResource": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
"instanceId": "f144ee95-a3e5-42da-a279-967d115809aa",
"extendedProperties": {
"user Name": "administrator",
"domain Name": "Contoso",
"attacker IP": "192.0.2.1",
"resourceType": "Virtual Machine"
},
"state": "Dismissed",
"reportedTimeUtc": "2018-05-02T05:36:12.2089889Z",
"confidenceScore": 0.8,
"confidenceReasons": [{
"type": "User",
"reason": "Some user reason"
}, {
"type": "Process",
"reason": "Some proccess reason"
}, {
"type": "Computer",
"reason": "Some computer reason"
}],
"canBeInvestigated": true,
"isIncident": false,
"entities": [{
"address": "192.0.2.1",
"location": {
"countryCode": "gb",
"state": "wokingham",
"city": "sonning",
"longitude": -0.909,
"latitude": 51.468,
"asn": 6584
},
"threatIntelligence": [{
"providerName": "Team Cymru",
"threatType": "C2",
"threatName": "rarog",
"confidence": 0.8,
"reportLink": "http://www.microsoft.com",
"threatDescription": "In bot armies, the controller is the server machine(s) that gives instructions to the controlled (zombied) hosts that connect to the command and control (C2) network. The controller host is usually running a botnet management application that is sending the commands to the zombied members of the bot army. These commands include, but are not limited to, the following: updating bitcoin wallet information, distributed denial-of-service (DDoS) target listings, updated C2 communication contact lists, and targeting data. C2 servers may be either directly controlled by the malware operators or run on hardware compromised by malware. There are multiple techniques for dynamically changing the control servers so that they are not isolated and brought down. Control servers utilize two general architectures: client-server and peer-to-peer. In a client-server model, all the hosts are controlled by a single server or a few control servers. In a peer-to-peer model, the infected hosts are both clients and servers, and they control other hosts so that instead of isolating the few control servers, all the hosts need to be removed."
}],
"type": "ip"
}]
}
}
}
}
}
72 changes: 72 additions & 0 deletions ...soft.Security/stable/2019-01-01/examples/Alerts/GetAlertSubscriptionLocation_example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
{
"parameters": {
"api-version": "2019-01-01",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
"ascLocation": "westeurope",
"alertName": "2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA"
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA",
"name": "2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA",
"type": "Microsoft.Security/Locations/alerts",
"properties": {
"vendorName": "Microsoft",
"alertDisplayName": "Threat Intelligence Alert",
"alertName": "ThreatIntelligence",
"detectedTimeUtc": "2018-05-01T19:50:47.083633Z",
"description": "Process was detected running on the host and is considered to be suspicious, verify that the user run it",
"remediationSteps": "verify that the user invoked this process\r\nrun antimalware scan of the VM",
"actionTaken": "Detected",
"reportedSeverity": "High",
"compromisedEntity": "vm1",
"associatedResource": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
"instanceId": "f144ee95-a3e5-42da-a279-967d115809aa",
"extendedProperties": {
"user Name": "administrator",
"domain Name": "Contoso",
"attacker IP": "192.0.2.1",
"resourceType": "Virtual Machine"
},
"state": "Dismissed",
"reportedTimeUtc": "2018-05-02T05:36:12.2089889Z",
"confidenceScore": 0.8,
"confidenceReasons": [{
"type": "User",
"reason": "Some user reason"
}, {
"type": "Process",
"reason": "Some proccess reason"
}, {
"type": "Computer",
"reason": "Some computer reason"
}],
"canBeInvestigated": true,
"isIncident": false,
"entities": [{
"address": "192.0.2.1",
"location": {
"countryCode": "gb",
"state": "wokingham",
"city": "sonning",
"longitude": -0.909,
"latitude": 51.468,
"asn": 6584
},
"threatIntelligence": [{
"providerName": "Team Cymru",
"threatType": "C2",
"threatName": "rarog",
"confidence": 0.8,
"reportLink": "http://www.microsoft.com",
"threatDescription": "In bot armies, the controller is the server machine(s) that gives instructions to the controlled (zombied) hosts that connect to the command and control (C2) network. The controller host is usually running a botnet management application that is sending the commands to the zombied members of the bot army. These commands include, but are not limited to, the following: updating bitcoin wallet information, distributed denial-of-service (DDoS) target listings, updated C2 communication contact lists, and targeting data. C2 servers may be either directly controlled by the malware operators or run on hardware compromised by malware. There are multiple techniques for dynamically changing the control servers so that they are not isolated and brought down. Control servers utilize two general architectures: client-server and peer-to-peer. In a client-server model, all the hosts are controlled by a single server or a few control servers. In a peer-to-peer model, the infected hosts are both clients and servers, and they control other hosts so that instead of isolating the few control servers, all the hosts need to be removed."
}],
"type": "ip"
}]
}
}
}
}
}
74 changes: 74 additions & 0 deletions ...ft.Security/stable/2019-01-01/examples/Alerts/GetAlertsResourceGroupLocation_example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
{
"parameters": {
"api-version": "2019-01-01",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
"resourceGroupName": "myRg1",
"ascLocation": "westeurope"
},
"responses": {
"200": {
"body": {
"value": [{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA",
"name": "2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA",
"type": "Microsoft.Security/Locations/alerts",
"properties": {
"vendorName": "Microsoft",
"alertDisplayName": "Threat Intelligence Alert",
"alertName": "ThreatIntelligence",
"detectedTimeUtc": "2018-05-01T19:50:47.083633Z",
"description": "Process was detected running on the host and is considered to be suspicious, verify that the user run it",
"remediationSteps": "verify that the user invoked this process\r\nrun antimalware scan of the VM",
"actionTaken": "Detected",
"reportedSeverity": "High",
"compromisedEntity": "vm1",
"associatedResource": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
"instanceId": "f144ee95-a3e5-42da-a279-967d115809aa",
"extendedProperties": {
"user Name": "administrator",
"domain Name": "Contoso",
"attacker IP": "192.0.2.1",
"resourceType": "Virtual Machine"
},
"state": "Dismissed",
"reportedTimeUtc": "2018-05-02T05:36:12.2089889Z",
"confidenceScore": 0.8,
"confidenceReasons": [{
"type": "User",
"reason": "Some user reason"
}, {
"type": "Process",
"reason": "Some proccess reason"
}, {
"type": "Computer",
"reason": "Some computer reason"
}],
"canBeInvestigated": true,
"isIncident": false,
"entities": [{
"address": "192.0.2.1",
"location": {
"countryCode": "gb",
"state": "wokingham",
"city": "sonning",
"longitude": -0.909,
"latitude": 51.468,
"asn": 6584
},
"threatIntelligence": [{
"providerName": "Team Cymru",
"threatType": "C2",
"threatName": "rarog",
"confidence": 0.8,
"reportLink": "http://www.microsoft.com",
"threatDescription": "In bot armies, the controller is the server machine(s) that gives instructions to the controlled (zombied) hosts that connect to the command and control (C2) network. The controller host is usually running a botnet management application that is sending the commands to the zombied members of the bot army. These commands include, but are not limited to, the following: updating bitcoin wallet information, distributed denial-of-service (DDoS) target listings, updated C2 communication contact lists, and targeting data. C2 servers may be either directly controlled by the malware operators or run on hardware compromised by malware. There are multiple techniques for dynamically changing the control servers so that they are not isolated and brought down. Control servers utilize two general architectures: client-server and peer-to-peer. In a client-server model, all the hosts are controlled by a single server or a few control servers. In a peer-to-peer model, the infected hosts are both clients and servers, and they control other hosts so that instead of isolating the few control servers, all the hosts need to be removed."
}],
"type": "ip"
}]
}
}]
}
}
}
}
Loading