Azure · PhoenixHe-NV · Jan 7, 2021 · Nov 24, 2020 · Dec 11, 2020 · Dec 11, 2020
diff --git a/...ource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/...ource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json
@@ -3727,7 +3727,7 @@
         "tags": [
           "Watchlists"
         ],
-        "description": "Creates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint twice : the first call will create am empty Watchlist, and the second one will create its Items.",
+        "description": "Creates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint twice : the first call will create an empty Watchlist, and the second one will create its Items.",
         "operationId": "Watchlists_Create",
         "parameters": [
           {
@@ -3774,6 +3774,115 @@
         }
       }
     },
+    "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItem/{watchlistItemId}": {
+      "delete": {
+        "x-ms-examples": {
+          "Delete a watchlist Item.": {
+            "$ref": "./examples/watchlists/DeleteWatchlistItem.json"
+          }
+        },
+        "tags": [
+          "WatchlistItem"
+        ],
+        "description": "Delete a watchlist item.",
+        "operationId": "WatchlistItem_Delete",
+        "parameters": [
+          {
+            "$ref": "#/parameters/ApiVersion"
+          },
+          {
+            "$ref": "#/parameters/SubscriptionId"
+          },
+          {
+            "$ref": "#/parameters/ResourceGroupName"
+          },
+          {
+            "$ref": "#/parameters/OperationalInsightsResourceProvider"
+          },
+          {
+            "$ref": "#/parameters/WorkspaceName"
+          },
+          {
+            "$ref": "#/parameters/WatchlistAlias"
+          },
+          {
+            "$ref": "#/parameters/WatchlistItemId"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "OK"
+          },
+          "204": {
+            "description": "No Content"
+          },
+          "default": {
+            "description": "Error response describing why the operation failed.",
+            "schema": {
+              "$ref": "#/definitions/CloudError"
+            }
+          }
+        }
+      },
+      "put": {
+        "x-ms-examples": {
+          "Creates or updates a watchlist item.": {
+            "$ref": "./examples/watchlists/CreateWatchlistItem.json"
+          }
+        },
+        "tags": [
+          "WatchlistItem"
+        ],
+        "description": "Creates or updates a watchlist item.",
+        "operationId": "WatchlistItem_CreateOrUpdate",
+        "parameters": [
+          {
+            "$ref": "#/parameters/ApiVersion"
+          },
+          {
+            "$ref": "#/parameters/SubscriptionId"
+          },
+          {
+            "$ref": "#/parameters/ResourceGroupName"
+          },
+          {
+            "$ref": "#/parameters/OperationalInsightsResourceProvider"
+          },
+          {
+            "$ref": "#/parameters/WorkspaceName"
+          },
+          {
+            "$ref": "#/parameters/WatchlistAlias"
+          },
+          {
+            "$ref": "#/parameters/WatchlistItemId"
+          },
+          {
+            "$ref": "#/parameters/WatchlistItem"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "OK",
+            "schema": {
+              "$ref": "#/definitions/WatchlistItem"
+            }
+          },
+          "201": {
+            "description": "Created",
+            "schema": {
+              "$ref": "#/definitions/WatchlistItem"
+            }
+          },
+          "default": {
+            "description": "Error response describing why the operation failed.",
+            "schema": {
+              "$ref": "#/definitions/CloudError"
+            }
+          }
+        }
+      }
+    },
     "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator": {
       "post": {
         "x-ms-examples": {
@@ -10061,6 +10170,79 @@
       ],
       "type": "object"
     },
+    "WatchlistItem": {
+      "allOf": [
+        {
+          "$ref": "#/definitions/ResourceWithEtag"
+        }
+      ],
+      "description": "Represents a Watchlist item in Azure Security Insights.",
+      "properties": {
+        "properties": {
+          "$ref": "#/definitions/WatchlistItemProperties",
+          "description": "Watchlist Item properties",
+          "x-ms-client-flatten": true
+        }
+      },
+      "type": "object"
+    },
+    "WatchlistItemProperties": {
+      "description": "Describes watchlist item properties",
+      "properties": {
+        "watchlistItemType": {
+          "description": "The type of the watchlist item",
+          "type": "string"
+        },
+        "watchlistItemId": {
+          "description": "The id (a Guid) of the watchlist item",
+          "type": "string"
+        },
+        "watchlistId": {
+          "description": "The id (a Guid) of the watchlist to which this item belongs to",
+          "type": "string"
+        },
+        "tenantId": {
+          "description": "The tenantId to which the watchlist item belongs to",
+          "type": "string"
+        },
+        "isDeleted": {
+          "description": "A flag that indicates if the watchlist item is deleted or not",
+          "type": "boolean"
+        },
+        "created": {
+          "description": "The time the watchlist item was created",
+          "format": "date-time",
+          "type": "string"
+        },
+        "updated": {
+          "description": "The last time the watchlist item was updated",
+          "format": "date-time",
+          "type": "string"
+        },
+        "createdBy": {
+          "$ref": "#/definitions/UserInfo",
+          "description": "Describes a user that created the watchlist item",
+          "type": "object"
+        },
+        "updatedBy": {
+          "$ref": "#/definitions/UserInfo",
+          "description": "Describes a user that updated the watchlist item",
+          "type": "object"
+        },
+        "watchlistItem": {
+          "description": "key-value pairs for a watchlist item",
+          "type": "object"
+        },
+        "entityMapping": {
+          "description": "key-value pairs for a watchlist item entity mapping",
+          "type": "object"
+        }
+      },
+      "required": [
+        "watchlistItem"
+      ],
+      "type": "object"
+    },
     "ThreatIntelligenceInformationList": {
       "description": "List of all the threat intelligence information objects.",
       "properties": {
@@ -10907,6 +11089,24 @@
       },
       "x-ms-parameter-location": "method"
     },
+    "WatchlistItem": {
+      "description": "The watchlist item",
+      "in": "body",
+      "name": "watchlistItem",
+      "required": true,
+      "schema": {
+        "$ref": "#/definitions/WatchlistItem"
+      },
+      "x-ms-parameter-location": "method"
+    },
+    "WatchlistItemId": {
+      "description": "Watchlist Item Id (GUID)",
+      "in": "path",
+      "name": "watchlistItemId",
+      "required": true,
+      "type": "string",
+      "x-ms-parameter-location": "method"
+    },
     "ThreatIntelligenceName": {
       "description": "Threat intelligence indicator name field.",
       "in": "path",

diff --git a/....SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlistItem.json b/....SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlistItem.json
@@ -0,0 +1,91 @@
+{
+  "parameters": {
+    "api-version": "2019-01-01-preview",
+    "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
+    "resourceGroupName": "myRg",
+    "workspaceName": "myWorkspace",
+    "operationalInsightsResourceProvider": "Microsoft.OperationalInsights",
+    "watchlistAlias": "highValueAsset",
+    "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842",
+    "watchlistItem": {
+      "properties": {
+        "watchlistItem": {
+          "Gateway subnet": "10.0.255.224/27",
+          "Web Tier": "10.0.1.0/24",
+          "Business tier": "10.0.2.0/24",
+          "Data tier": "10.0.2.0/24",
+          "Private DMZ in": "10.0.0.0/27",
+          "Public DMZ out": "10.0.0.96/27"
+        }
+      }
+    }
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/WatchlistItem/",
+        "type": "Microsoft.SecurityInsights/WatchlistItem",
+        "properties": {
+          "watchlistItemType": "watchlist-item",
+          "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842",
+          "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea",
+          "watchlistId": "dc04e26a-19a9-4ad2-9b2b-6e3b050f48bb",
+          "isDeleted": false,
+          "created": "2020-11-15T04:58:56.0748363+00:00",
+          "updated": "2020-11-16T16:05:20+00:00",
+          "createdBy": {
+            "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
+            "email": "john@contoso.com",
+            "name": "john doe"
+          },
+          "updatedBy": {
+            "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
+            "email": "john@contoso.com",
+            "name": "john doe"
+          },
+          "watchlistItem": {
+            "Gateway subnet": "10.0.255.224/27",
+            "Web Tier": "10.0.1.0/24",
+            "Business tier": "10.0.2.0/24",
+            "Data tier": "10.0.2.0/24",
+            "Private DMZ in": "10.0.0.0/27",
+            "Public DMZ out": "10.0.0.96/27"
+          }
+        }
+      }
+    },
+    "201": {
+      "body": {
+        "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/WatchlistItem/",
+        "type": "Microsoft.SecurityInsights/WatchlistItem",
+        "properties": {
+          "watchlistItemType": "watchlist-item",
+          "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842",
+          "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea",
+          "watchlistId": "dc04e26a-19a9-4ad2-9b2b-6e3b050f48bb",
+          "isDeleted": false,
+          "created": "2020-11-15T04:58:56.0748363+00:00",
+          "updated": "2020-11-16T16:05:20+00:00",
+          "createdBy": {
+            "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
+            "email": "john@contoso.com",
+            "name": "john doe"
+          },
+          "updatedBy": {
+            "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
+            "email": "john@contoso.com",
+            "name": "john doe"
+          },
+          "watchlistItem": {
+            "Gateway subnet": "10.0.255.224/27",
+            "Web Tier": "10.0.1.0/24",
+            "Business tier": "10.0.2.0/24",
+            "Data tier": "10.0.2.0/24",
+            "Private DMZ in": "10.0.0.0/27",
+            "Public DMZ out": "10.0.0.96/27"
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/....SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlistItem.json b/....SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlistItem.json
@@ -0,0 +1,15 @@
+{
+  "parameters": {
+    "api-version": "2019-01-01-preview",
+    "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
+    "resourceGroupName": "myRg",
+    "workspaceName": "myWorkspace",
+    "operationalInsightsResourceProvider": "Microsoft.OperationalInsights",
+    "watchlistAlias": "highValueAsset",
+    "watchlistItemId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea"
+  },
+  "responses": {
+    "200": {},
+    "204": {}
+  }
+}