diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index 0324dc41deb2..7753d546ce6d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -3727,7 +3727,7 @@ "tags": [ "Watchlists" ], - "description": "Creates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint twice : the first call will create am empty Watchlist, and the second one will create its Items.", + "description": "Creates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint twice : the first call will create an empty Watchlist, and the second one will create its Items.", "operationId": "Watchlists_Create", "parameters": [ { @@ -3774,6 +3774,115 @@ } } }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}": { + "delete": { + "x-ms-examples": { + "Delete a watchlist Item.": { + "$ref": "./examples/watchlists/DeleteWatchlistItem.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Delete a watchlist item.", + "operationId": "WatchlistItem_Delete", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a watchlist item.": { + "$ref": "./examples/watchlists/CreateWatchlistItem.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Creates or updates a watchlist item.", + "operationId": "WatchlistItem_CreateOrUpdate", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + }, + { + "$ref": "#/parameters/WatchlistItem" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator": { "post": { "x-ms-examples": { @@ -10061,6 +10170,75 @@ ], "type": "object" }, + "WatchlistItem": { + "allOf": [ + { + "$ref": "#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Watchlist item in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/WatchlistItemProperties", + "description": "Watchlist Item properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WatchlistItemProperties": { + "description": "Describes watchlist item properties", + "properties": { + "watchlistItemType": { + "description": "The type of the watchlist item", + "type": "string" + }, + "watchlistItemId": { + "description": "The id (a Guid) of the watchlist item", + "type": "string" + }, + "tenantId": { + "description": "The tenantId to which the watchlist item belongs to", + "type": "string" + }, + "isDeleted": { + "description": "A flag that indicates if the watchlist item is deleted or not", + "type": "boolean" + }, + "created": { + "description": "The time the watchlist item was created", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The last time the watchlist item was updated", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that created the watchlist item", + "type": "object" + }, + "updatedBy": { + "$ref": "#/definitions/UserInfo", + "description": "Describes a user that updated the watchlist item", + "type": "object" + }, + "itemsKeyValue": { + "description": "key-value pairs for a watchlist item", + "type": "object" + }, + "entityMapping": { + "description": "key-value pairs for a watchlist item entity mapping", + "type": "object" + } + }, + "required": [ + "itemsKeyValue" + ], + "type": "object" + }, "ThreatIntelligenceInformationList": { "description": "List of all the threat intelligence information objects.", "properties": { @@ -10907,6 +11085,24 @@ }, "x-ms-parameter-location": "method" }, + "WatchlistItem": { + "description": "The watchlist item", + "in": "body", + "name": "watchlistItem", + "required": true, + "schema": { + "$ref": "#/definitions/WatchlistItem" + }, + "x-ms-parameter-location": "method" + }, + "WatchlistItemId": { + "description": "Watchlist Item Id (GUID)", + "in": "path", + "name": "watchlistItemId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, "ThreatIntelligenceName": { "description": "Threat intelligence indicator name field.", "in": "path", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlist.json index 7f904a3d9ef0..e1d3cb3aba1e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlist.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlist.json @@ -9,18 +9,10 @@ "watchlist": { "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { - "createdBy": { - "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" - }, "displayName": "High Value Assets Watchlist", "source": "Local file", "provider": "Microsoft", "description": "Watchlist from CSV content", - "labels": [ - "Tag1", - "Tag2" - ], - "defaultDuration": "P1279DT12H30M5S", "numberOfLinesToSkip": 1, "rawContent": "This line will be skipped\nheader1,header2\nvalue1,value2", "contentType": "text/csv" @@ -55,11 +47,6 @@ "watchlistType": "watchlist", "watchlistAlias": "highValueAsset", "isDeleted": false, - "labels": [ - "Tag1", - "Tag2" - ], - "defaultDuration": "P1279DT12H30M5S", "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" } } @@ -91,11 +78,6 @@ "watchlistType": "watchlist", "watchlistAlias": "highValueAsset", "isDeleted": false, - "labels": [ - "Tag1", - "Tag2" - ], - "defaultDuration": "P1279DT12H30M5S", "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlistItem.json new file mode 100644 index 000000000000..294fb55da691 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlistItem.json @@ -0,0 +1,92 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "watchlistItem": { + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "properties": { + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "isDeleted": false, + "created": "2020-11-15T04:58:56.0748363+00:00", + "updated": "2020-11-16T16:05:20+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "isDeleted": false, + "created": "2020-11-15T04:58:56.0748363+00:00", + "updated": "2020-11-16T16:05:20+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlistItem.json new file mode 100644 index 000000000000..dcdd676c646f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlistItem.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea" + }, + "responses": { + "200": {}, + "204": {} + } +}