-
Notifications
You must be signed in to change notification settings - Fork 5.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add MITRE support to alert rules models #17198
Add MITRE support to alert rules models #17198
Conversation
Hi, @lilyanc02 Thanks for your PR. I am workflow bot for review process. Here are some small tips. Any feedback about review process or workflow bot, pls contact swagger and tools team. vsswagger@microsoft.com |
Swagger Validation Report
|
Rule | Message |
---|---|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: enabled Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/AlertRules.json#L1050 |
|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: enabled Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/AlertRules.json#L1076 |
|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: isSupported Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/AlertRules.json#L1105 |
|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: enabled Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/AlertRules.json#L1128 |
|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: isSupported Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/AlertRules.json#L1249 |
The following errors/warnings exist before current PR submission:
Only 30 items are listed, please refer to log for more details.
Rule | Message |
---|---|
Since operation 'Entities_Queries' response has model definition 'array', it should be of the form '_list'. Note: If you have already shipped an SDK on top of this spec, fixing this warning may introduce a breaking change. Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/Entities.json#L291 |
|
Since operation 'Entities_GetInsights' response has model definition 'array', it should be of the form '_list'. Note: If you have already shipped an SDK on top of this spec, fixing this warning may introduce a breaking change. Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/Entities.json#L339 |
|
Since operation 'ThreatIntelligenceIndicator_QueryIndicators' response has model definition 'x-ms-pageable', it should be of the form '_list'. Note: If you have already shipped an SDK on top of this spec, fixing this warning may introduce a breaking change. Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/ThreatIntelligence.json#L296 |
|
'GET' operation 'Entities_Queries' should use method name 'Get' or Method name start with 'List'. Note: If you have already shipped an SDK on top of this spec, fixing this warning may introduce a breaking change. Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/Entities.json#L291 |
|
'PUT' operation 'ProductSettings_Update' should use method name 'Create'. Note: If you have already shipped an SDK on top of this spec, fixing this warning may introduce a breaking change. Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/Settings.json#L176 |
|
Consider using x-ms-client-flatten to provide a better end user experience Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/Entities.json#L1030 |
|
Consider using x-ms-client-flatten to provide a better end user experience Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/ThreatIntelligence.json#L1048 |
|
The enum types should have x-ms-enum type extension set with appropriate options. Property name: kind Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/Entities.json#L1203 |
|
Based on the response model schema, operation 'Entities_Queries' might be pageable. Consider adding the x-ms-pageable extension. Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/Entities.json#L281 |
|
Based on the response model schema, operation 'SentinelOnboardingStates_List' might be pageable. Consider adding the x-ms-pageable extension. Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/OnboardingStates.json#L178 |
|
Based on the response model schema, operation 'ProductSettings_List' might be pageable. Consider adding the x-ms-pageable extension. Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/Settings.json#L38 |
|
Based on the response model schema, operation 'ThreatIntelligenceIndicatorMetrics_List' might be pageable. Consider adding the x-ms-pageable extension. Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/ThreatIntelligence.json#L334 |
|
Sku Model definition 'Sku' is not valid. A Sku model must have 'name' property. It can also have 'tier', 'size', 'family', 'capacity' as optional properties. Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/Settings.json#L388 |
|
OperationId has a noun that conflicts with one of the model names in definitions section. The model name will be disambiguated to 'BookmarkModel'. Consider using the plural form of 'Bookmark' to avoid this. Note: If you have already shipped an SDK on top of this spec, fixing this warning may introduce a breaking change. Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/Bookmarks.json#L291 |
|
OperationId has a noun that conflicts with one of the model names in definitions section. The model name will be disambiguated to 'SourceControlModel'. Consider using the plural form of 'SourceControl' to avoid this. Note: If you have already shipped an SDK on top of this spec, fixing this warning may introduce a breaking change. Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/SourceControls.json#L48 |
|
OperationId has a noun that conflicts with one of the model names in definitions section. The model name will be disambiguated to 'DataConnectorsCheckRequirementsModel'. Consider using the plural form of 'DataConnectorsCheckRequirements' to avoid this. Note: If you have already shipped an SDK on top of this spec, fixing this warning may introduce a breaking change. Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/dataConnectors.json#L425 |
|
OperationId should contain the verb: 'gettimeline' in:'EntitiesGetTimeline_list'. Consider updating the operationId Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/Entities.json#L243 |
|
OperationId should contain the verb: 'dataconnectorscheckrequirements' in:'DataConnectorsCheckRequirements_Post'. Consider updating the operationId Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/dataConnectors.json#L425 |
|
The child tracked resource, 'relations' with immediate parent 'Bookmark', must have a list by immediate parent operation. Location: preview/2021-10-01-preview/common/RelationTypes.json#L30 |
|
The child tracked resource, 'relations' with immediate parent 'Entity', must have a list by immediate parent operation. Location: preview/2021-10-01-preview/common/RelationTypes.json#L30 |
|
The child tracked resource, 'comments' with immediate parent 'Incident', must have a list by immediate parent operation. Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/Incidents.json#L1090 |
|
The child tracked resource, 'relations' with immediate parent 'Incident', must have a list by immediate parent operation. Location: preview/2021-10-01-preview/common/RelationTypes.json#L30 |
|
The child tracked resource, 'watchlistItems' with immediate parent 'Watchlist', must have a list by immediate parent operation. Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/Watchlists.json#L596 |
|
Guid used in model definition 'IncidentOwnerInfo' for property 'objectId'. Usage of Guid is not recommanded. If GUIDs are absolutely required in your service, please get sign off from the Azure API review board. Location: preview/2021-10-01-preview/common/IncidentTypes.json#L179 |
|
Guid used in model definition 'ClientInfo' for property 'objectId'. Usage of Guid is not recommanded. If GUIDs are absolutely required in your service, please get sign off from the Azure API review board. Location: resource-manager/common/2.0/types.json#L35 |
|
Guid used in model definition 'BookmarkExpandParameters' for property 'expansionId'. Usage of Guid is not recommanded. If GUIDs are absolutely required in your service, please get sign off from the Azure API review board. Location: Microsoft.SecurityInsights/preview/2021-10-01-preview/Bookmarks.json#L536 |
|
Guid used in model definition 'UserInfo' for property 'objectId'. Usage of Guid is not recommanded. If GUIDs are absolutely required in your service, please get sign off from the Azure API review board. Location: resource-manager/common/2.0/types.json#L60 |
|
Guid used in model definition 'SubmissionMailEntityProperties' for property 'networkMessageId'. Usage of Guid is not recommanded. If GUIDs are absolutely required in your service, please get sign off from the Azure API review board. Location: preview/2021-10-01-preview/common/EntityTypes.json#L2294 |
|
Guid used in model definition 'SecurityGroupEntityProperties' for property 'objectGuid'. Usage of Guid is not recommanded. If GUIDs are absolutely required in your service, please get sign off from the Azure API review board. Location: preview/2021-10-01-preview/common/EntityTypes.json#L2255 |
|
Guid used in model definition 'MailMessageEntityProperties' for property 'networkMessageId'. Usage of Guid is not recommanded. If GUIDs are absolutely required in your service, please get sign off from the Azure API review board. Location: preview/2021-10-01-preview/common/EntityTypes.json#L1352 |
️️✔️
Avocado succeeded [Detail] [Expand]
Validation passes for Avocado.
️️✔️
ModelValidation succeeded [Detail] [Expand]
Validation passes for ModelValidation.
️️✔️
SemanticValidation succeeded [Detail] [Expand]
Validation passes for SemanticValidation.
️❌
Cross-Version Breaking Changes: 62 Errors, 37 Warnings failed [Detail]
- Compared Swaggers (Based on Oad v0.9.1)
- current:preview/2021-10-01-preview/AlertRules.json compared with base:stable/2020-01-01/AlertRules.json
- current:preview/2021-10-01-preview/AlertRules.json compared with base:preview/2021-09-01-preview/AlertRules.json
- current:2021-10-01-preview/common/AlertTypes.json compared with base:2021-09-01-preview/common/AlertTypes.json
Only 30 items are listed, please refer to log for more details.
The following breaking changes are detected by comparison with latest preview version:
️🔄
SDK Track2 Validation inProgress [Detail]
️️✔️
PrettierCheck succeeded [Detail] [Expand]
Validation passes for PrettierCheck.
️️✔️
SpellCheck succeeded [Detail] [Expand]
Validation passes for SpellCheck.
[Call for Action] To better understand Azure service dev/test scenario, and support Azure service developer better on Swagger and REST API related tests in early phase, please help to fill in with this survey https://aka.ms/SurveyForEarlyPhase. It will take 5 to 10 minutes. If you already complete survey, please neglect this comment. Thanks. |
Swagger Generation Artifacts
|
Thank you for your contribution lilyanc02! We will review the pull request and get back to you soon. |
Hi, @lilyanc02 your PR are labelled with WaitForARMFeedback. A notification email will be sent out shortly afterwards to notify ARM review board(armapireview@microsoft.com). |
Hi @lilyanc02, Your PR has some issues. Please fix the CI sequentially by following the order of
|
This reverts commit 603490e.
…review-fusionUIV2 Adding fusion v2 ui api documentation
…review-fusionUIV2 updating the readonly properties for fusion v2 api
What is your base api-version? Are these Your PR is not following the very first bullet point from our onboarding doc: Please create a new PR where:
Failing to do these steps forces us to review the entire spec again instead of focusing only on the updates which results in review delays (possible 1 week+). Since you already have a spec updated it will be easy for you to do 1-3 from above and step 4 becomes pasting your updated contents. |
@jorgecotillo The diffs you see in this PR are with the previous version as this branch was auto-generated by OpenAPI Hub. The tool creates a dev branch for collaboration and automatically does steps 1-3 in the first three commits (1. e6f778f We recently had a correspondence with DevDiv team and an ARM reviewer regarding the best practice for collaboration when creating new versions and we got no final reply. @akning-ms please let us know if using the OpenAPI Hub tool as it is isn't the best practice. |
* Adds base for updating Microsoft.SecurityInsights from version preview/2021-09-01-preview to version 2021-10-01-preview * Updates readme * Updates API version in new specs and examples * Add IoT data connector (#17086) * add Iot data connector * fix kind in getIotById * add deleted files * add missing newlines * fix newlines * Revert "Add IoT data connector (#17086)" (#17170) This reverts commit a11dd79. * Adding providerIncidentUrl & techniques to IncidentAdditionalData (#17173) * Adding providerIncidentUrl to Incident * Adding techniques to incident * Dev sentinel 2021 10 01 preview (#17314) * Bookmarks 2021-10-01-preview * prettier * definitions * rename Co-authored-by: Igal Shapira <igshapir@microsoft.com> * Data connectors 2021 10 01 preview office connectors added (#17193) * Project and PowerBI specs added. * Space removed * File with a wrong name removed * More changer added * Example files with inconsistent naming removed * dataConnectors json updated * Ref fixed * Prettier applied Co-authored-by: Ido Klotz <idoklotz@microsoft.com> * AutomationRules preview 2021_10_01 (#17325) * h * first * examples * prettier * path * fixes * prettier * examples * Z * Z * responses * fix * fixes * fix * prettier * PR Fixes * PR Fixes * PR Fixes * fix * fix * fix * fix * Last * PR Fixes * Last * tryFix * tryFix * incidentTypes * fix Co-authored-by: Roy Reinhorn <roreinho@microsoft.com> * Add MITRE support to alert rules models (#17198) * Update alert rules models with tactics and techniques * Add attack tactics new enum values * Update alert rules models examples * Fix techniques type * Update files with prettier * Insert validations fixes * Fix validations * Fixes in alert rules models * Fix alert rules models and examples * adding changes to alert rules json * Revert "adding changes to alert rules json" This reverts commit 603490e. * Adding fusion v2 ui api documentation * some fixes * adding prettier fixes * removing unwanted property * updating the readonly properties Co-authored-by: Lilyan Cohen <licohen@microsoft.com> Co-authored-by: Vishal Kumar <viskumar@microsoft.com> * ErrorResponse changed to CloudError (#17477) Co-authored-by: Ido Klotz <idoklotz@microsoft.com> * Done (#17488) Co-authored-by: Roy Reinhorn <roreinho@microsoft.com> * Adding tenantId (#17533) Co-authored-by: Ido Klotz <idoklotz@microsoft.com> * Done (#17556) Co-authored-by: Roy Reinhorn <roreinho@microsoft.com> * Fix LindDiff and SemanticValidation (#17584) Co-authored-by: ShaniFelig <74960756+ShaniFelig@users.noreply.github.com> Co-authored-by: roherzbe <52486962+roherzbe@users.noreply.github.com> Co-authored-by: Igal <igal.shapira@gmail.com> Co-authored-by: Igal Shapira <igshapir@microsoft.com> Co-authored-by: Ido Klotz <idoklotz@gmail.com> Co-authored-by: Ido Klotz <idoklotz@microsoft.com> Co-authored-by: royrein <37300636+royrein@users.noreply.github.com> Co-authored-by: Roy Reinhorn <roreinho@microsoft.com> Co-authored-by: lilyanc02 <46589651+lilyanc02@users.noreply.github.com> Co-authored-by: Lilyan Cohen <licohen@microsoft.com> Co-authored-by: Vishal Kumar <viskumar@microsoft.com>
MSFT employees can try out our new experience at OpenAPI Hub - one location for using our validation tools and finding your workflow.
Changelog
Add a changelog entry for this PR by answering the following questions:
Contribution checklist:
If any further question about AME onboarding or validation tools, please view the FAQ.
ARM API Review Checklist
Otherwise your PR may be subject to ARM review requirements. Complete the following:
Check this box if any of the following apply to the PR so that label "WaitForARMFeedback" will be added automatically to begin ARM API Review. Failure to comply may result in delays to the manifest.
-[ ] To review changes efficiently, ensure you copy the existing version into the new directory structure for first commit and then push new changes, including version updates, in separate commits.
Ensure you've reviewed following guidelines including ARM resource provider contract and REST guidelines. Estimated time (4 hours). This is required before you can request review from ARM API Review board.
If you are blocked on ARM review and want to get the PR merged with urgency, please get the ARM oncall for reviews (RP Manifest Approvers team under Azure Resource Manager service) from IcM and reach out to them.
Breaking Change Review Checklist
If any of the following scenarios apply to the PR, request approval from the Breaking Change Review Board as defined in the Breaking Change Policy.
Action: to initiate an evaluation of the breaking change, create a new intake using the template for breaking changes. Addition details on the process and office hours are on the Breaking change Wiki.
Please follow the link to find more details on PR review process.