CodeGen from PR 14376 in Azure/azure-rest-api-specs

Adding Activity Customization to entityQuery resource (#14376) * copy existing API * Change EntityQueryKind * Adding EntityQueryKind parameter * Adding PUT and DELETE for entityQueries, adding Activity as the supported entityQuery * fix example * construct entitiesFilter as a dictionary
Azure · May 31, 2021 · 0adf7e5 · 0adf7e5
1 parent f6dd80a
commit 0adf7e5
Showing 1 changed file with 186 additions and 1 deletion.
diff --git a/schemas/2021-03-01-preview/Microsoft.SecurityInsights.json b/schemas/2021-03-01-preview/Microsoft.SecurityInsights.json
@@ -80,6 +80,42 @@
       ],
       "description": "Microsoft.SecurityInsights/dataConnectors"
     },
+    "entityQueries": {
+      "type": "object",
+      "oneOf": [
+        {
+          "$ref": "#/definitions/ActivityCustomEntityQuery"
+        }
+      ],
+      "properties": {
+        "apiVersion": {
+          "type": "string",
+          "enum": [
+            "2021-03-01-preview"
+          ]
+        },
+        "etag": {
+          "type": "string",
+          "description": "Etag of the azure resource"
+        },
+        "name": {
+          "type": "string",
+          "description": "entity query ID"
+        },
+        "type": {
+          "type": "string",
+          "enum": [
+            "Microsoft.SecurityInsights/entityQueries"
+          ]
+        }
+      },
+      "required": [
+        "apiVersion",
+        "name",
+        "type"
+      ],
+      "description": "Microsoft.SecurityInsights/entityQueries"
+    },
     "metadata": {
       "type": "object",
       "properties": {
@@ -449,6 +485,155 @@
       ],
       "description": "AATP (Azure Advanced Threat Protection) data connector properties."
     },
+    "ActivityCustomEntityQuery": {
+      "type": "object",
+      "properties": {
+        "kind": {
+          "type": "string",
+          "enum": [
+            "Activity"
+          ]
+        },
+        "properties": {
+          "oneOf": [
+            {
+              "$ref": "#/definitions/ActivityEntityQueriesProperties"
+            },
+            {
+              "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
+            }
+          ],
+          "description": "Describes activity entity query properties"
+        }
+      },
+      "required": [
+        "kind"
+      ],
+      "description": "Represents Activity entity query."
+    },
+    "ActivityEntityQueriesProperties": {
+      "type": "object",
+      "properties": {
+        "content": {
+          "type": "string",
+          "description": "The entity query content to display in timeline"
+        },
+        "description": {
+          "type": "string",
+          "description": "The entity query description"
+        },
+        "enabled": {
+          "oneOf": [
+            {
+              "type": "boolean"
+            },
+            {
+              "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
+            }
+          ],
+          "description": "Determines whether this activity is enabled or disabled."
+        },
+        "entitiesFilter": {
+          "oneOf": [
+            {
+              "type": "object",
+              "additionalProperties": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              "properties": {}
+            },
+            {
+              "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
+            }
+          ],
+          "description": "The query applied only to entities matching to all filters"
+        },
+        "inputEntityType": {
+          "oneOf": [
+            {
+              "type": "string",
+              "enum": [
+                "Account",
+                "Host",
+                "File",
+                "AzureResource",
+                "CloudApplication",
+                "DNS",
+                "FileHash",
+                "IP",
+                "Malware",
+                "Process",
+                "RegistryKey",
+                "RegistryValue",
+                "SecurityGroup",
+                "URL",
+                "IoTDevice",
+                "SecurityAlert",
+                "HuntingBookmark",
+                "MailCluster",
+                "MailMessage",
+                "Mailbox",
+                "SubmissionMail"
+              ]
+            },
+            {
+              "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
+            }
+          ],
+          "description": "The type of the query's source entity."
+        },
+        "queryDefinitions": {
+          "oneOf": [
+            {
+              "$ref": "#/definitions/ActivityEntityQueriesPropertiesQueryDefinitions"
+            },
+            {
+              "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
+            }
+          ],
+          "description": "The Activity query definitions"
+        },
+        "requiredInputFieldsSets": {
+          "oneOf": [
+            {
+              "type": "array",
+              "items": {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              }
+            },
+            {
+              "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression"
+            }
+          ],
+          "description": "List of the fields of the source entity that are required to run the query"
+        },
+        "templateName": {
+          "type": "string",
+          "description": "The template id this activity was created from"
+        },
+        "title": {
+          "type": "string",
+          "description": "The entity query title"
+        }
+      },
+      "description": "Describes activity entity query properties"
+    },
+    "ActivityEntityQueriesPropertiesQueryDefinitions": {
+      "type": "object",
+      "properties": {
+        "query": {
+          "type": "string",
+          "description": "The Activity query to run on a given entity"
+        }
+      },
+      "description": "The Activity query definitions"
+    },
     "AlertsDataTypeOfDataConnector": {
       "type": "object",
       "properties": {
@@ -1312,7 +1497,7 @@
             {
               "type": "array",
               "items": {
-                "type": "object"
+                "$ref": "#/definitions/MetadataDependencies"
               }
             },
             {