From 40acda2771e7afa457efad61048413ee00710905 Mon Sep 17 00:00:00 2001 From: hunngu-ms <63322431+hunngu-ms@users.noreply.github.com> Date: Tue, 17 Nov 2020 21:46:03 -0800 Subject: [PATCH] Threat Intelligence: Update name and descriptions of definitions, parameters (#10949) * Update API descriptions * Resolve Comments * Update parameter name of create/update indicator apis * Fix example issue --- .../2019-01-01-preview/SecurityInsights.json | 231 +++++++++--------- .../AppendTagsThreatIntelligence.json | 2 +- .../CreateThreatIntelligence.json | 2 +- .../QueryThreatIntelligence.json | 2 +- .../ReplaceTagsThreatIntelligence.json | 2 +- ...nce.json => UpdateThreatIntelligence.json} | 2 +- 6 files changed, 115 insertions(+), 126 deletions(-) rename specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/{UpsertThreatIntelligence.json => UpdateThreatIntelligence.json} (98%) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index 319047bcc8fc..0324dc41deb2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -3784,8 +3784,8 @@ "tags": [ "ThreatIntelligence" ], - "description": "Create a threat intelligence.", - "operationId": "CreateThreatIntelligence", + "description": "Create a new threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_CreateIndicator", "parameters": [ { "$ref": "#/parameters/ApiVersion" @@ -3803,24 +3803,24 @@ "$ref": "#/parameters/WorkspaceName" }, { - "$ref": "#/parameters/ThreatIntelligenceIndicatorObjectToUpsert" + "$ref": "#/parameters/ThreatIntelligenceProperties" } ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/ThreatIntelligenceResource" + "$ref": "#/definitions/ThreatIntelligenceInformation" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/ThreatIntelligenceResource" + "$ref": "#/definitions/ThreatIntelligenceInformation" } }, "default": { - "description": "Error response describing why the operation failed.", + "description": "Error response describing why the operation failed to create indicators.", "schema": { "$ref": "#/definitions/CloudError" } @@ -3831,14 +3831,14 @@ "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators": { "get": { "x-ms-examples": { - "Get all threat intelligence.": { + "Get all threat intelligence indicators": { "$ref": "./examples/threatintelligence/GetThreatIntelligence.json" } }, "tags": [ "ThreatIntelligence" ], - "description": "Gets all threat intelligence.", + "description": "Get all threat intelligence indicators.", "operationId": "ThreatIntelligenceIndicators_List", "parameters": [ { @@ -3873,11 +3873,11 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/ThreatIntelligenceResourceList" + "$ref": "#/definitions/ThreatIntelligenceInformationList" } }, "default": { - "description": "Error response describing why the operation failed.", + "description": "Error response describing why the operation failed to get indicators.", "schema": { "$ref": "#/definitions/CloudError" } @@ -3891,14 +3891,14 @@ "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}": { "get": { "x-ms-examples": { - "Get a threat intelligence indicator by name.": { + "View a threat intelligence indicator by name": { "$ref": "./examples/threatintelligence/GetThreatIntelligenceById.json" } }, "tags": [ "ThreatIntelligence" ], - "description": "Gets a threat intelligence indicator.", + "description": "View a threat intelligence indicator by name.", "operationId": "ThreatIntelligenceIndicator_Get", "parameters": [ { @@ -3917,18 +3917,18 @@ "$ref": "#/parameters/WorkspaceName" }, { - "$ref": "#/parameters/ThreatIntelligenceIdentifier" + "$ref": "#/parameters/ThreatIntelligenceName" } ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/ThreatIntelligenceResource" + "$ref": "#/definitions/ThreatIntelligenceInformation" } }, "default": { - "description": "Error response describing why the operation failed.", + "description": "Error response describing why the operation failed to view an indicator.", "schema": { "$ref": "#/definitions/CloudError" } @@ -3937,15 +3937,15 @@ }, "put": { "x-ms-examples": { - "Upsert the Threat Intelligence": { - "$ref": "./examples/threatintelligence/UpsertThreatIntelligence.json" + "Update a threat Intelligence indicator": { + "$ref": "./examples/threatintelligence/UpdateThreatIntelligence.json" } }, "tags": [ "ThreatIntelligence" ], - "description": "Upsert a threat intelligence.", - "operationId": "ThreatIntelligenceIndicatorUpsert_Create", + "description": "Update a threat Intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_Create", "parameters": [ { "$ref": "#/parameters/ApiVersion" @@ -3963,27 +3963,27 @@ "$ref": "#/parameters/WorkspaceName" }, { - "$ref": "#/parameters/ThreatIntelligenceIdentifier" + "$ref": "#/parameters/ThreatIntelligenceName" }, { - "$ref": "#/parameters/ThreatIntelligenceIndicatorObjectToUpsert" + "$ref": "#/parameters/ThreatIntelligenceProperties" } ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/ThreatIntelligenceResource" + "$ref": "#/definitions/ThreatIntelligenceInformation" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/ThreatIntelligenceResource" + "$ref": "#/definitions/ThreatIntelligenceInformation" } }, "default": { - "description": "Error response describing why the operation failed.", + "description": "Error response describing why the operation failed to update an indicator.", "schema": { "$ref": "#/definitions/CloudError" } @@ -3992,14 +3992,14 @@ }, "delete": { "x-ms-examples": { - "Delete the Threat Intelligence": { + "Delete a threat intelligence indicator": { "$ref": "./examples/threatintelligence/DeleteThreatIntelligence.json" } }, "tags": [ "ThreatIntelligence" ], - "description": "Delete a threat intelligence.", + "description": "Delete a threat intelligence indicator.", "operationId": "ThreatIntelligenceIndicator_Delete", "parameters": [ { @@ -4018,7 +4018,7 @@ "$ref": "#/parameters/WorkspaceName" }, { - "$ref": "#/parameters/ThreatIntelligenceIdentifier" + "$ref": "#/parameters/ThreatIntelligenceName" } ], "responses": { @@ -4029,7 +4029,7 @@ "description": "No Content" }, "default": { - "description": "Error response describing why the operation failed.", + "description": "Error response describing why the operation failed to delete an indicator.", "schema": { "$ref": "#/definitions/CloudError" } @@ -4040,15 +4040,15 @@ "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators": { "post": { "x-ms-examples": { - "Get all threat intelligence.": { + "Query threat intelligence indicators as per filtering criteria": { "$ref": "./examples/threatintelligence/QueryThreatIntelligence.json" } }, "tags": [ "ThreatIntelligence" ], - "description": "Query all threat intelligence.", - "operationId": "ThreatIntelligenceIndicatorsList_Query", + "description": "Query threat intelligence indicators as per filtering criteria.", + "operationId": "ThreatIntelligenceIndicator_QueryIndicators", "parameters": [ { "$ref": "#/parameters/ApiVersion" @@ -4066,14 +4066,14 @@ "$ref": "#/parameters/WorkspaceName" }, { - "$ref": "#/parameters/ThreatIntelligenceArmStixQuery" + "$ref": "#/parameters/ThreatIntelligenceFilteringCriteria" } ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/ThreatIntelligenceResourceList" + "$ref": "#/definitions/ThreatIntelligenceInformationList" } }, "default": { @@ -4098,8 +4098,8 @@ "tags": [ "ThreatIntelligence" ], - "description": "Get the threat intelligence metrics.", - "operationId": "ThreatIntelligenceIndicatorMetrics_Get", + "description": "Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source).", + "operationId": "ThreatIntelligenceIndicatorMetrics_List", "parameters": [ { "$ref": "#/parameters/ApiVersion" @@ -4115,20 +4115,17 @@ }, { "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/ThreatIntelligenceIndicatorEntityKind" } ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/ThreatIntelligenceMetricResourceList" + "$ref": "#/definitions/ThreatIntelligenceMetricsList" } }, "default": { - "description": "Error response describing why the operation failed.", + "description": "Error response describing why the operation failed to get metrics.", "schema": { "$ref": "#/definitions/CloudError" } @@ -4139,14 +4136,14 @@ "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags": { "post": { "x-ms-examples": { - "Append tags to a Threat Intelligence": { + "Append tags to a threat intelligence indicator": { "$ref": "./examples/threatintelligence/AppendTagsThreatIntelligence.json" } }, "tags": [ "ThreatIntelligence" ], - "description": "Append tags to a threat intelligence.", + "description": "Append tags to a threat intelligence indicator.", "operationId": "ThreatIntelligenceIndicator_AppendTags", "parameters": [ { @@ -4165,10 +4162,10 @@ "$ref": "#/parameters/WorkspaceName" }, { - "$ref": "#/parameters/ThreatIntelligenceIdentifier" + "$ref": "#/parameters/ThreatIntelligenceName" }, { - "$ref": "#/parameters/ThreatIntelligenceAppendTagsRequestBody" + "$ref": "#/parameters/ThreatIntelligenceAppendTags" } ], "responses": { @@ -4176,7 +4173,7 @@ "description": "OK" }, "default": { - "description": "Error response describing why the operation failed.", + "description": "Error response describing why the operation failed to append tags.", "schema": { "$ref": "#/definitions/CloudError" } @@ -4194,7 +4191,7 @@ "tags": [ "ThreatIntelligence" ], - "description": "Replace tags to a threat intelligence.", + "description": "Replace tags added to a threat intelligence indicator.", "operationId": "ThreatIntelligenceIndicator_ReplaceTags", "parameters": [ { @@ -4213,21 +4210,21 @@ "$ref": "#/parameters/WorkspaceName" }, { - "$ref": "#/parameters/ThreatIntelligenceIdentifier" + "$ref": "#/parameters/ThreatIntelligenceName" }, { - "$ref": "#/parameters/ThreatIntelligenceReplaceTagsModel" + "$ref": "#/parameters/ThreatIntelligenceReplaceTags" } ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/ThreatIntelligenceResource" + "$ref": "#/definitions/ThreatIntelligenceInformation" } }, "default": { - "description": "Error response describing why the operation failed.", + "description": "Error response describing why the operation failed to replace tags.", "schema": { "$ref": "#/definitions/CloudError" } @@ -10064,18 +10061,18 @@ ], "type": "object" }, - "ThreatIntelligenceResourceList": { - "description": "List of all the threat intelligence entities.", + "ThreatIntelligenceInformationList": { + "description": "List of all the threat intelligence information objects.", "properties": { "nextLink": { - "description": "URL to fetch the next set of entities.", + "description": "URL to fetch the next set of information objects.", "readOnly": true, "type": "string" }, "value": { - "description": "Array of threat intelligence entities.", + "description": "Array of threat intelligence information objects.", "items": { - "$ref": "#/definitions/ThreatIntelligenceResource" + "$ref": "#/definitions/ThreatIntelligenceInformation" }, "type": "array" } @@ -10084,7 +10081,7 @@ "value" ] }, - "ThreatIntelligenceResource": { + "ThreatIntelligenceInformation": { "allOf": [ { "$ref": "#/definitions/ResourceWithEtag" @@ -10093,7 +10090,7 @@ "$ref": "#/definitions/ThreatIntelligenceResourceKind" } ], - "description": "Threat intelligence resource.", + "description": "Threat intelligence information object.", "discriminator": "kind", "type": "object", "required": [ @@ -10103,7 +10100,7 @@ "ThreatIntelligenceIndicatorModel": { "allOf": [ { - "$ref": "#/definitions/ThreatIntelligenceResource" + "$ref": "#/definitions/ThreatIntelligenceInformation" } ], "description": "Threat intelligence indicator entity.", @@ -10117,13 +10114,13 @@ "type": "object", "x-ms-discriminator-value": "indicator" }, - "ThreatIntelligenceIndicatorWithoutReadOnlyFields": { + "ThreatIntelligenceIndicatorModelForRequestBody": { "allOf": [ { "$ref": "#/definitions/ThreatIntelligenceResourceKind" } ], - "description": "Threat intelligence indicator entity.", + "description": "Threat intelligence indicator entity used in request body.", "properties": { "etag": { "description": "Etag of the azure resource", @@ -10330,8 +10327,8 @@ }, "type": "object" }, - "ThreatIntelligenceArmStixQuery": { - "description": "Describes threat intelligence ARM STIX query", + "ThreatIntelligenceFilteringCriteria": { + "description": "Filtering criteria for querying threat intelligence indicators.", "properties": { "pageSize": { "description": "Page size", @@ -10339,37 +10336,37 @@ "format": "int32" }, "minConfidence": { - "description": "Minimum confidence", + "description": "Minimum confidence.", "type": "integer", "format": "int32" }, "maxConfidence": { - "description": "Maximum confidence", + "description": "Maximum confidence.", "type": "integer", "format": "int32" }, "minValidUntil": { - "description": "Minimum Valid until", + "description": "Start time for ValidUntil filter.", "type": "string" }, "maxValidUntil": { - "description": "Maximum Valid until", + "description": "End time for ValidUntil filter.", "type": "string" }, "includeDisabled": { - "description": "To include disabled indicators", + "description": "Parameter to include/exclude disabled indicators.", "type": "boolean" }, "sortBy": { - "description": "List of Sort rules", + "description": "Columns to sort by and sorting order", "items": { "description": "Sort By", - "$ref": "#/definitions/ThreatIntelligenceArmStixSortBy" + "$ref": "#/definitions/ThreatIntelligenceSortingCriteria" }, "type": "array" }, "sources": { - "description": "Sources of a threat intelligence entity", + "description": "Sources of threat intelligence indicators", "items": { "description": "Source", "type": "string" @@ -10385,52 +10382,52 @@ "type": "array" }, "threatTypes": { - "description": "Threat types", + "description": "Threat types of threat intelligence indicators", "items": { - "description": "Threat type", + "description": "Threat type of a threat intelligence indicator", "type": "string" }, "type": "array" }, "ids": { - "description": "Ids of threat intelligence entities", + "description": "Ids of threat intelligence indicators", "items": { - "description": "Id of a threat intelligence entity", + "description": "Id of a threat intelligence indicator", "type": "string" }, "type": "array" }, "keywords": { - "description": "Keywords of threat intelligence entities", + "description": "Keywords for searching threat intelligence indicators", "items": { - "description": "keyword of a threat intelligence entity", + "description": "keyword for searching threat intelligence indicators", "type": "string" }, "type": "array" }, "skipToken": { - "description": "Skip Token", + "description": "Skip token.", "type": "string" } }, "type": "object" }, - "ThreatIntelligenceArmStixSortBy": { - "description": "Describes an threat intelligence ARM STIX Sort By", + "ThreatIntelligenceSortingCriteria": { + "description": "List of available columns for sorting", "properties": { "itemKey": { - "description": "Item key", + "description": "Column name", "type": "string" }, "sortOrder": { - "$ref": "#/definitions/ThreatIntelligenceArmStixSortOrder", - "description": "Sort order." + "$ref": "#/definitions/ThreatIntelligenceSortingOrder", + "description": "Sorting order (ascending/descending/unsorted)." } }, "type": "object" }, - "ThreatIntelligenceArmStixSortOrder": { - "description": "Describes an threat intelligence ARM STIX Sort Order", + "ThreatIntelligenceSortingOrder": { + "description": "Sorting order (ascending/descending/unsorted).", "enum": [ "unsorted", "ascending", @@ -10439,7 +10436,7 @@ "type": "string", "x-ms-enum": { "modelAsString": true, - "name": "ThreatIntelligenceArmStixSortBy", + "name": "ThreatIntelligenceSortingCriteria", "values": [ { "value": "unsorted" @@ -10453,11 +10450,11 @@ ] } }, - "ThreatIntelligenceAppendTagsRequestBody": { - "description": "Describes threat intelligence indicator append tags request body", + "ThreatIntelligenceAppendTags": { + "description": "Array of tags to be appended to the threat intelligence indicator.", "properties": { "threatIntelligenceTags": { - "description": "List of threat intelligence tags", + "description": "List of tags to be appended.", "items": { "description": "parameter", "type": "string" @@ -10467,13 +10464,13 @@ }, "type": "object" }, - "ThreatIntelligenceMetricResourceList": { - "description": "List of all the threat intelligence metric resource.", + "ThreatIntelligenceMetricsList": { + "description": "List of all the threat intelligence metric fields (type/threat type/source).", "properties": { "value": { - "description": "Array of threat intelligence metrics resource.", + "description": "Array of threat intelligence metric fields (type/threat type/source).", "items": { - "$ref": "#/definitions/ThreatIntelligenceMetricResource" + "$ref": "#/definitions/ThreatIntelligenceMetrics" }, "type": "array" } @@ -10482,11 +10479,11 @@ "value" ] }, - "ThreatIntelligenceMetricResource": { - "description": "Threat intelligence metric resource.", + "ThreatIntelligenceMetrics": { + "description": "Threat intelligence metrics.", "properties": { "properties": { - "description": "Threat intelligence metric.", + "description": "Threat intelligence metrics.", "$ref": "#/definitions/ThreatIntelligenceMetric" } } @@ -10495,7 +10492,7 @@ "description": "Describes threat intelligence metric", "properties": { "lastUpdatedTimeUtc": { - "description": "Time Metric", + "description": "Last updated indicator metric", "type": "string" }, "threatTypeMetrics": { @@ -10910,59 +10907,51 @@ }, "x-ms-parameter-location": "method" }, - "ThreatIntelligenceIdentifier": { - "description": "Threat Intelligence Identifier", + "ThreatIntelligenceName": { + "description": "Threat intelligence indicator name field.", "in": "path", "name": "name", "required": true, "type": "string", "x-ms-parameter-location": "method" }, - "ThreatIntelligenceIndicatorObjectToUpsert": { - "description": "The threat intelligence entity properties for upsert", + "ThreatIntelligenceProperties": { + "description": "Properties of threat intelligence indicators to create and update.", "in": "body", - "name": "ThreatIntelligenceIndicatorObjectToUpsert", + "name": "ThreatIntelligenceProperties", "required": true, "schema": { - "$ref": "#/definitions/ThreatIntelligenceIndicatorWithoutReadOnlyFields" + "$ref": "#/definitions/ThreatIntelligenceIndicatorModelForRequestBody" }, "x-ms-parameter-location": "method" }, - "ThreatIntelligenceReplaceTagsModel": { - "description": "The threat intelligence entity properties for updating tags", + "ThreatIntelligenceReplaceTags": { + "description": "Tags in the threat intelligence indicator to be replaced.", "in": "body", - "name": "ThreatIntelligenceReplaceTagsModel", + "name": "ThreatIntelligenceReplaceTags", "required": true, "schema": { - "$ref": "#/definitions/ThreatIntelligenceIndicatorWithoutReadOnlyFields" + "$ref": "#/definitions/ThreatIntelligenceIndicatorModelForRequestBody" }, "x-ms-parameter-location": "method" }, - "ThreatIntelligenceArmStixQuery": { - "description": "The threat intelligence ARM STIX query", + "ThreatIntelligenceFilteringCriteria": { + "description": "Filtering criteria for querying threat intelligence indicators.", "in": "body", - "name": "ThreatIntelligenceArmStixQuery", + "name": "ThreatIntelligenceFilteringCriteria", "required": true, "schema": { - "$ref": "#/definitions/ThreatIntelligenceArmStixQuery" + "$ref": "#/definitions/ThreatIntelligenceFilteringCriteria" }, "x-ms-parameter-location": "method" }, - "ThreatIntelligenceIndicatorEntityKind": { - "description": "The threat intelligence entity kind", - "in": "query", - "name": "ctiEntityKind", - "required": false, - "type": "string", - "x-ms-parameter-location": "method" - }, - "ThreatIntelligenceAppendTagsRequestBody": { + "ThreatIntelligenceAppendTags": { "description": "The threat intelligence append tags request body", "in": "body", - "name": "ThreatIntelligenceAppendTagsRequestBody", + "name": "ThreatIntelligenceAppendTags", "required": true, "schema": { - "$ref": "#/definitions/ThreatIntelligenceAppendTagsRequestBody" + "$ref": "#/definitions/ThreatIntelligenceAppendTags" }, "x-ms-parameter-location": "method" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json index 127198b2179d..a6e6689cb7f9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json @@ -6,7 +6,7 @@ "workspaceName": "myWorkspace", "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", - "ThreatIntelligenceAppendTagsRequestBody": { + "ThreatIntelligenceAppendTags": { "threatIntelligenceTags": [ "tag1", "tag2" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CreateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CreateThreatIntelligence.json index 1b6935e0a3b7..3f81c79d04fb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CreateThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/CreateThreatIntelligence.json @@ -5,7 +5,7 @@ "resourceGroupName": "myRg", "workspaceName": "myWorkspace", "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "ThreatIntelligenceIndicatorObjectToUpsert": { + "ThreatIntelligenceProperties": { "kind": "indicator", "properties": { "source": "Azure Sentinel", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/QueryThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/QueryThreatIntelligence.json index da7b93120aa6..81ed66651e97 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/QueryThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/QueryThreatIntelligence.json @@ -5,7 +5,7 @@ "resourceGroupName": "myRg", "workspaceName": "myWorkspace", "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "ThreatIntelligenceArmStixQuery": { + "ThreatIntelligenceFilteringCriteria": { "pageSize": 100, "minConfidence": 25, "maxConfidence": 80, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json index c2bd89dcf026..ade5aec86dfc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json @@ -6,7 +6,7 @@ "workspaceName": "myWorkspace", "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", - "ThreatIntelligenceReplaceTagsModel": { + "ThreatIntelligenceReplaceTags": { "etag": "\"0000262c-0000-0800-0000-5e9767060000\"", "kind": "indicator", "properties": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/UpsertThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json similarity index 98% rename from specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/UpsertThreatIntelligence.json rename to specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json index 0b8345af8e3b..7420558b8127 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/UpsertThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json @@ -6,7 +6,7 @@ "workspaceName": "myWorkspace", "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", - "ThreatIntelligenceIndicatorObjectToUpsert": { + "ThreatIntelligenceProperties": { "kind": "indicator", "properties": { "source": "Azure Sentinel",