Skip to content

Commit

Permalink
adding changes to alert rules json
Browse files Browse the repository at this point in the history
  • Loading branch information
@viskumar-microsoft
viskumar-microsoft committed Jan 3, 2022
1 parent 5d5e220 commit 603490e
Showing 1 changed file with 207 additions and 0 deletions.
207 changes: 207 additions & 0 deletions ...ts/resource-manager/Microsoft.SecurityInsights/preview/2021-10-01-preview/AlertRules.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -991,6 +991,19 @@
"description": "Determines whether this alert rule is enabled or disabled.",
"type": "boolean"
},
"sourceSettings": {
"description": "Configuration for all supported source signals in fusion detection.",
"items": {
"$ref": "#/definitions/FusionSourceSettings"
},
"x-ms-identifiers": [],
"type": "array"
},
"scenarioExclusionPatterns": {
"description": "Configuration to exclude scenarios in fusion detection.",
"$ref": "#/definitions/FusionScenarioExclusionPattern",
"type": "object"
},
"lastModifiedUtc": {
"description": "The last time that this alert has been modified.",
"format": "date-time",
Expand Down Expand Up @@ -1025,6 +1038,128 @@
],
"type": "object"
},
"FusionSourceSettings": {
"description": "Represents a supported source signal configuration in Fusion detection.",
"properties": {
"enabled": {
"description": "Determines whether this source signal is enabled or disabled in Fusion detection.",
"type": "boolean"
},
"sourceName": {
"description": "Name of the Fusion source signal. Refer to Fusion alert rule template for supported values.",
"type": "string"
},
"sourceSubTypes": {
"description": "Configuration for all source subtypes under this source signal consumed in fusion detection.",
"items": {
"$ref": "#/definitions/FusionSourceSubTypeSetting"
},
"x-ms-identifiers": [],
"type": "array"
}
},
"required": [
"enabled",
"sourceName"
],
"type": "object"
},
"FusionSourceSubTypeSetting": {
"description": "Represents a supported source subtype configuration under a source signal in Fusion detection.",
"properties": {
"enabled": {
"description": "Determines whether this source subtype under source signal is enabled or disabled in Fusion detection.",
"type": "boolean"
},
"sourceSubTypeName": {
"description": "The Name of the source subtype under a given source signal in Fusion detection. Refer to Fusion alert rule template for supported values.",
"type": "string"
},
"severityFilters": {
"description": "Severity configuration for a source subtype consumed in fusion detection.",
"$ref": "#/definitions/FusionSubTypeSeverityFilter",
"type": "object"
}
},
"required": [
"enabled",
"sourceSubTypeName",
"severityFilters"
],
"type": "object"
},
"FusionSubTypeSeverityFilter": {
"description": "Represents severity configuration for a source subtype consumed in Fusion detection.",
"properties": {
"isSupported": {
"description": "Determines whether this source subtype supports severity configuration or not.",
"type": "boolean",
"readOnly": true
},
"filters": {
"description": "Individual Severity configuration settings for a given source subtype consumed in Fusion detection.",
"items": {
"$ref": "#/definitions/FusionSubTypeSeverityFiltersItem"
},
"x-ms-identifiers": [],
"type": "array"
}
},
"type": "object"
},
"FusionSubTypeSeverityFiltersItem": {
"description": "Represents a Severity filter setting for a given source subtype consumed in Fusion detection.",
"properties": {
"severity": {
"$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum",
"description": "The Severity for a given source subtype consumed in Fusion detection."
},
"enabled": {
"description": "Determines whether this severity is enabled or disabled for this source subtype consumed in Fusion detection.",
"type": "boolean"
}
},
"required": [
"severity",
"enabled"
],
"type": "object"
},
"FusionScenarioExclusionPattern": {
"description": "Represents Fusion scenario exclusion patterns in Fusion detection.",
"properties": {
"scenarioExclusionPatterns": {
"description": "Individual scenario exclusion pattern.",
"items": {
"$ref": "#/definitions/FusionScenarioExclusionPatternItem"
},
"x-ms-identifiers": [],
"type": "array"
}
},
"required": [
"scenarioExclusionPatterns"
],
"type": "object"
},
"FusionScenarioExclusionPatternItem": {
"description": "Represents individual Fusion scenario exclusion pattern in Fusion detection.",
"properties": {
"exclusionPattern": {
"description": "Scenario exclusion pattern.",
"type": "string"
},
"dateAddedInUTC": {
"description": "DateTime in UTC.",
"type": "string"
}
},
"required": [
"exclusionPattern",
"dateAddedInUTC"
],
"type": "object"
},
"FusionAlertRuleTemplate": {
"allOf": [
{
Expand All @@ -1046,11 +1181,21 @@
"description": "The severity for alerts created by this alert rule."
}
},
"sourceSettings":
{
"description": "All supported source signal configurations consumed in fusion detection.",
"items": {
"$ref": "#/definitions/FusionTemplateSourceSetting"
},
"x-ms-identifiers": [],
"type": "array"
},
"required": [
"displayName",
"description",
"status",
"severity",
"sourceSettings",
"alertRulesCreatedByTemplateCount"
],
"type": "object",
Expand All @@ -1060,6 +1205,68 @@
"type": "object",
"x-ms-discriminator-value": "Fusion"
},
"FusionTemplateSourceSetting": {
"description": "Represents a source signal consumed in Fusion detection.",
"properties": {
"sourceName": {
"description": "The name of a source signal consumed in Fusion detection.",
"type": "string"
},
"sourceSubTypes": {
"description": "All supported source subtypes under this source signal consumed in fusion detection.",
"items": {
"$ref": "#/definitions/FusionTemplateSourceSubType"
},
"x-ms-identifiers": [],
"type": "array"
}
},
"required": [
"sourceName",
"sourceSubTypes"
],
"type": "object"
},
"FusionTemplateSourceSubType": {
"description": "Represents a source subtype under a source signal consumed in Fusion detection.",
"properties": {
"sourceSubTypeName": {
"description": "The name of source subtype under a source signal consumed in Fusion detection.",
"type": "string"
},
"severityFilter": {
"description": "Severity configuration available for a source subtype consumed in fusion detection.",
"$ref": "#/definitions/FusionTemplateSubTypeSeverityFilter",
"type": "object"
}
},
"required": [
"sourceSubTypeName",
"severityFilter"
],
"type": "object"
},
"FusionTemplateSubTypeSeverityFilter": {
"description": "Represents severity configurations available for a source subtype consumed in Fusion detection.",
"properties": {
"isSupported": {
"description": "Determines whether severity configuration is supported for this source subtype consumed in Fusion detection.",
"type": "boolean"
},
"severityFilters": {
"description": "List of all supported severities for this source subtype consumed in Fusion detection.",
"items": {
"$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum"
},
"x-ms-identifiers": [],
"type": "array"
}
},
"required": [
"isSupported"
],
"type": "object"
},
"ThreatIntelligenceAlertRule": {
"allOf": [
{
Expand Down

0 comments on commit 603490e

Please sign in to comment.