Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Hub Generated] Review request for Microsoft.SecurityInsights to add version preview/2021-10-01-preview #17837

Merged
merged 11 commits into from
Feb 21, 2022
Merged

[Hub Generated] Review request for Microsoft.SecurityInsights to add version preview/2021-10-01-preview #17837

Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
d76e980
extract MicrosoftSecurityProductName to enum
laithhisham Feb 13, 2022
7011c04
extract AlertRuleTemplateStatus to enum
laithhisham Feb 13, 2022
52f2a39
define FusionAlertRuleTemplateProperties
laithhisham Feb 14, 2022
a62cf05
add back nested properties
laithhisham Feb 14, 2022
51c68aa
add flatten to mitre and fusion properties objects
laithhisham Feb 14, 2022
e5d70f6
change position of required
laithhisham Feb 14, 2022
283d4b5
define MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties
laithhisham Feb 14, 2022
862e5b3
align required + add flatten
laithhisham Feb 14, 2022
2f25af3
fix AlertSeverity ref
laithhisham Feb 14, 2022
abaddac
align type to avoid breaking change
laithhisham Feb 14, 2022
c2600c0
add type for MicrosoftSecurityIncidentCreationAlertRuleTemplateProper…
laithhisham Feb 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
179 changes: 111 additions & 68 deletions ...ts/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AlertRules.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -705,35 +705,39 @@
"type": "array"
},
"status": {
"description": "The alert rule template status.",
"enum": [
"Installed",
"Available",
"NotAvailable"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "TemplateStatus",
"values": [
{
"description": "Alert rule template installed. and can not use more then once",
"value": "Installed"
},
{
"description": "Alert rule template is available.",
"value": "Available"
},
{
"description": "Alert rule template is not available",
"value": "NotAvailable"
}
]
}
"$ref": "#/definitions/AlertRuleTemplateStatus",
"description": "The alert rule template status."
}
},
"type": "object"
},
"AlertRuleTemplateStatus": {
"description": "The alert rule template status.",
"enum": [
"Installed",
"Available",
"NotAvailable"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "TemplateStatus",
"values": [
{
"description": "Alert rule template installed. and can not use more then once",
"value": "Installed"
},
{
"description": "Alert rule template is available.",
"value": "Available"
},
{
"description": "Alert rule template is not available",
"value": "NotAvailable"
}
]
}
},
"AlertRuleTemplateWithMitreProperties": {
"allOf": [
{
Expand Down Expand Up @@ -1164,26 +1168,8 @@
"description": "Represents Fusion alert rule template.",
"properties": {
"properties": {
"allOf": [
{
"$ref": "#/definitions/AlertRuleTemplateWithMitreProperties"
}
],
"$ref": "#/definitions/FusionAlertRuleTemplateProperties",
"description": "Fusion alert rule template properties",
"properties": {
"severity": {
"$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum",
"description": "The severity for alerts created by this alert rule."
},
"sourceSettings": {
"description": "All supported source signal configurations consumed in fusion detection.",
"items": {
"$ref": "#/definitions/FusionTemplateSourceSetting"
},
"x-ms-identifiers": [],
"type": "array"
}
},
"required": [
"displayName",
"description",
Expand All @@ -1192,13 +1178,36 @@
"sourceSettings",
"alertRulesCreatedByTemplateCount"
],
"type": "object",
"x-ms-client-flatten": true
}
},
"type": "object",
"x-ms-discriminator-value": "Fusion"
},
"FusionAlertRuleTemplateProperties": {
"allOf": [
{
"$ref": "#/definitions/AlertRuleTemplateWithMitreProperties"
}
],
"description": "Fusion alert rule template properties",
"properties": {
"severity": {
"$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum",
"description": "The severity for alerts created by this alert rule."
},
"sourceSettings": {
"description": "All supported source signal configurations consumed in fusion detection.",
"items": {
"$ref": "#/definitions/FusionTemplateSourceSetting"
},
"x-ms-identifiers": [],
"type": "array"
}
},
"type": "object",
"x-ms-client-flatten": true
},
"FusionTemplateSourceSetting": {
"description": "Represents a source signal consumed in Fusion detection.",
"properties": {
Expand Down Expand Up @@ -1407,21 +1416,8 @@
"type": "array"
},
"productFilter": {
"description": "The alerts' productName on which the cases will be generated",
"enum": [
"Microsoft Cloud App Security",
"Azure Security Center",
"Azure Advanced Threat Protection",
"Azure Active Directory Identity Protection",
"Azure Security Center for IoT",
"Office 365 Advanced Threat Protection",
"Microsoft Defender Advanced Threat Protection"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "MicrosoftSecurityProductName"
}
"$ref": "#/definitions/MicrosoftSecurityProductName",
"description": "The alerts' productName on which the cases will be generated"
},
"severitiesFilter": {
"description": "the alerts' severities on which the cases will be generated",
Expand All @@ -1436,6 +1432,23 @@
],
"type": "object"
},
"MicrosoftSecurityProductName": {
"description": "The alerts' productName on which the cases will be generated",
"enum": [
"Microsoft Cloud App Security",
"Azure Security Center",
"Azure Advanced Threat Protection",
"Azure Active Directory Identity Protection",
"Azure Security Center for IoT",
"Office 365 Advanced Threat Protection",
"Microsoft Defender Advanced Threat Protection"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "MicrosoftSecurityProductName"
}
},
"MicrosoftSecurityIncidentCreationAlertRuleProperties": {
"allOf": [
{
Expand Down Expand Up @@ -1483,14 +1496,7 @@
"description": "Represents MicrosoftSecurityIncidentCreation rule template.",
"properties": {
"properties": {
"allOf": [
{
"$ref": "#/definitions/AlertRuleTemplatePropertiesBase"
},
{
"$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleCommonProperties"
}
],
"$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties",
"description": "MicrosoftSecurityIncidentCreation rule template properties",
"required": [
"displayName",
Expand All @@ -1506,6 +1512,43 @@
"type": "object",
"x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation"
},
"MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties": {
"allOf": [
{
"$ref": "#/definitions/AlertRuleTemplatePropertiesBase"
}
],
"description": "MicrosoftSecurityIncidentCreation rule template properties",
"properties": {
"displayNamesFilter": {
"description": "the alerts' displayNames on which the cases will be generated",
"items": {
"type": "string"
},
"type": "array"
},
"displayNamesExcludeFilter": {
"description": "the alerts' displayNames on which the cases will not be generated",
"items": {
"type": "string"
},
"type": "array"
},
"productFilter": {
"$ref": "#/definitions/MicrosoftSecurityProductName",
"description": "The alerts' productName on which the cases will be generated"
},
"severitiesFilter": {
"description": "the alerts' severities on which the cases will be generated",
"items": {
"$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum"
},
"type": "array"
}
},
"type": "object",
"x-ms-client-flatten": true
},
"QueryBasedAlertRuleProperties": {
"description": "Query based alert rule base property bag.",
"properties": {
Expand Down