From 0adf7e5cefd52c60bc8037c946f70e6358efedac Mon Sep 17 00:00:00 2001 From: SDKAuto Date: Mon, 31 May 2021 02:17:28 +0000 Subject: [PATCH] CodeGen from PR 14376 in Azure/azure-rest-api-specs Adding Activity Customization to entityQuery resource (#14376) * copy existing API * Change EntityQueryKind * Adding EntityQueryKind parameter * Adding PUT and DELETE for entityQueries, adding Activity as the supported entityQuery * fix example * construct entitiesFilter as a dictionary --- .../Microsoft.SecurityInsights.json | 187 +++++++++++++++++- 1 file changed, 186 insertions(+), 1 deletion(-) diff --git a/schemas/2021-03-01-preview/Microsoft.SecurityInsights.json b/schemas/2021-03-01-preview/Microsoft.SecurityInsights.json index db4b90621b..72dd0bc44e 100644 --- a/schemas/2021-03-01-preview/Microsoft.SecurityInsights.json +++ b/schemas/2021-03-01-preview/Microsoft.SecurityInsights.json @@ -80,6 +80,42 @@ ], "description": "Microsoft.SecurityInsights/dataConnectors" }, + "entityQueries": { + "type": "object", + "oneOf": [ + { + "$ref": "#/definitions/ActivityCustomEntityQuery" + } + ], + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-03-01-preview" + ] + }, + "etag": { + "type": "string", + "description": "Etag of the azure resource" + }, + "name": { + "type": "string", + "description": "entity query ID" + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.SecurityInsights/entityQueries" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.SecurityInsights/entityQueries" + }, "metadata": { "type": "object", "properties": { @@ -449,6 +485,155 @@ ], "description": "AATP (Azure Advanced Threat Protection) data connector properties." }, + "ActivityCustomEntityQuery": { + "type": "object", + "properties": { + "kind": { + "type": "string", + "enum": [ + "Activity" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ActivityEntityQueriesProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes activity entity query properties" + } + }, + "required": [ + "kind" + ], + "description": "Represents Activity entity query." + }, + "ActivityEntityQueriesProperties": { + "type": "object", + "properties": { + "content": { + "type": "string", + "description": "The entity query content to display in timeline" + }, + "description": { + "type": "string", + "description": "The entity query description" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Determines whether this activity is enabled or disabled." + }, + "entitiesFilter": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string" + } + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The query applied only to entities matching to all filters" + }, + "inputEntityType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Account", + "Host", + "File", + "AzureResource", + "CloudApplication", + "DNS", + "FileHash", + "IP", + "Malware", + "Process", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "URL", + "IoTDevice", + "SecurityAlert", + "HuntingBookmark", + "MailCluster", + "MailMessage", + "Mailbox", + "SubmissionMail" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of the query's source entity." + }, + "queryDefinitions": { + "oneOf": [ + { + "$ref": "#/definitions/ActivityEntityQueriesPropertiesQueryDefinitions" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Activity query definitions" + }, + "requiredInputFieldsSets": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string" + } + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "List of the fields of the source entity that are required to run the query" + }, + "templateName": { + "type": "string", + "description": "The template id this activity was created from" + }, + "title": { + "type": "string", + "description": "The entity query title" + } + }, + "description": "Describes activity entity query properties" + }, + "ActivityEntityQueriesPropertiesQueryDefinitions": { + "type": "object", + "properties": { + "query": { + "type": "string", + "description": "The Activity query to run on a given entity" + } + }, + "description": "The Activity query definitions" + }, "AlertsDataTypeOfDataConnector": { "type": "object", "properties": { @@ -1312,7 +1497,7 @@ { "type": "array", "items": { - "type": "object" + "$ref": "#/definitions/MetadataDependencies" } }, {