diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index 7cf3287d8012..61c26d7174b5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -1,366 +1,599 @@ { - "swagger": "2.0", - "info": { - "title": "Security Insights", - "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2019-01-01-preview" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/providers/Microsoft.SecurityInsights/operations": { - "get": { - "operationId": "Operations_List", - "description": "Lists all operations available Azure Security Insights Resource Provider.", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2019-01-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/providers/Microsoft.SecurityInsights/operations": { + "get": { + "operationId": "Operations_List", + "description": "Lists all operations available Azure Security Insights Resource Provider.", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + } + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "OK. Successfully retrieved operations list.", + "schema": { + "$ref": "#/definitions/operationsList" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" } - ], - "produces": [ - "application/json" - ], - "responses": { - "200": { - "description": "OK. Successfully retrieved operations list.", - "schema": { - "$ref": "#/definitions/operationsList" + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules": { + "get": { + "x-ms-examples": { + "Get all scheduled alert rules.": { + "$ref": "./examples/GetScheduledAlertRules.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Gets all alert rules.", + "operationId": "AlertRules_List", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRulesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}": { + "get": { + "x-ms-examples": { + "Get a scheduled alert rule.": { + "$ref": "./examples/GetScheduledAlertRuleById.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Gets a alert rule.", + "operationId": "AlertRules_Get", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a scheduled alert rule.": { + "$ref": "./examples/CreateScheduledAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Creates or updates the alert rule.", + "operationId": "AlertRules_Create", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/AlertRule" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } } } }, - "x-ms-pageable": { - "nextLinkName": "nextLink" + "delete": { + "x-ms-examples": { + "Delete a scheduled alert rule.": { + "$ref": "./examples/DeleteScheduledAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Delete the alert rule.", + "operationId": "AlertRules_Delete", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/OperationalInsightsResourceProvider" + }, + { + "$ref": "#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } } } }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}": { - "get": { - "x-ms-examples": { - "Get an alert rule.": { - "$ref": "./examples/GetAlertRuleById.json" - } - }, - "tags": [ - "Alert Rules" - ], - "description": "Gets an alert rule.", - "operationId": "AlertRules_Get", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/OperationalInsightsResourceProvider" - }, - { - "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RuleId" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/AlertRule" + "definitions": { + "operation": { + "description": "Operation provided by provider", + "properties": { + "name": { + "type": "string", + "description": "Name of the operation" + }, + "display": { + "type": "object", + "description": "Properties of the operation", + "properties": { + "provider": { + "type": "string", + "description": "Provider name" + }, + "resource": { + "type": "string", + "description": "Resource name" + }, + "operation": { + "type": "string", + "description": "Operation name" + }, + "description": { + "type": "string", + "description": "Description of the operation" + } + } + } } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" + }, + "operationsList": { + "description": "Lists the operations available in the SecurityInsights RP.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of operations.", + "type": "string" + }, + "value": { + "description": "Array of operations", + "type": "array", + "items": { + "$ref": "#/definitions/operation" + } + } + }, + "required": [ + "value" + ] + }, + "CloudError": { + "x-ms-external": true, + "type": "object", + "description": "Error response structure.", + "properties": { + "error": { + "x-ms-client-flatten": true, + "description": "Error data", + "$ref": "#/definitions/CloudErrorBody" + } } - } - } - }, - "put": { - "x-ms-examples": { - "creates or updates an alert rule.": { - "$ref": "./examples/CreateAlertRule.json" - } }, - "tags": [ - "Alert Rules" - ], - "description": "Creates or updates the alert rule.", - "operationId": "AlertRules_Create", - "parameters": [ - { - "$ref": "#/parameters/ApiVersion" - }, - { - "$ref": "#/parameters/SubscriptionId" - }, - { - "$ref": "#/parameters/ResourceGroupName" - }, - { - "$ref": "#/parameters/OperationalInsightsResourceProvider" - }, - { - "$ref": "#/parameters/WorkspaceName" - }, - { - "$ref": "#/parameters/RuleId" - }, - { - "$ref": "#/parameters/AlertRule" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/AlertRule" + "CloudErrorBody": { + "x-ms-external": true, + "type": "object", + "description": "Error details.", + "properties": { + "code": { + "readOnly": true, + "type": "string", + "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically." + }, + "message": { + "readOnly": true, + "type": "string", + "description": "A message describing the error, intended to be suitable for display in a user interface." + } } - }, - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/AlertRule" + }, + "AlertRulesList": { + "description": "List all the alert rules.", + "properties": { + "nextLink": { + "readOnly": true, + "description": "URL to fetch the next set of alert rules.", + "type": "string" + }, + "value": { + "description": "Array of alert rules.", + "type": "array", + "items": { + "$ref": "#/definitions/AlertRule" + } + } + }, + "required": [ + "value" + ] + }, + "AlertRule": { + "type": "object", + "description": "Alert rule.", + "discriminator": "kind", + "allOf": [ + { + "$ref": "#/definitions/Resource" + }, + { + "$ref": "#/definitions/AlertRuleKind" + } + ], + "properties": { + "etag": { + "type": "string", + "description": "Etag of the alert rule." + } } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "#/definitions/CloudError" + }, + "AlertRuleKind": { + "type": "object", + "description": "Describes an Azure resource with kind.", + "properties": { + "kind": { + "type": "string", + "description": "The kind of the alert rule", + "enum": [ + "Scheduled" + ], + "x-ms-enum": { + "name": "AlertRuleKind", + "modelAsString": true, + "values": [ + { + "value": "Scheduled" + } + ] + } + } } - } - } - } - } - }, - "definitions": { - "operation": { - "description": "Operation provided by provider", - "properties": { - "name": { - "type": "string", - "description": "Name of the operation" - }, - "display": { - "type": "object", - "description": "Properties of the operation", + }, + "ScheduledAlertRule": { + "x-ms-discriminator-value": "Scheduled", + "type": "object", + "description": "Represents scheduled alert rule.", + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "properties": { "properties": { - "provider": { - "type": "string", - "description": "Provider name" - }, - "resource": { - "type": "string", - "description": "Resource name" + "x-ms-client-flatten": true, + "description": "Scheduled alert rule properties", + "$ref": "#/definitions/ScheduledAlertRuleProperties" + } + } + }, + "ScheduledAlertRuleProperties": { + "type": "object", + "description": "Alert rule property bag.", + "properties": { + "ruleName": { + "type": "string", + "description": "The name for alerts created by this alert rule." + }, + "description": { + "type": "string", + "description": "The description of the alert rule." + }, + "severity": { + "type": "string", + "enum": [ + "Low", + "Medium", + "High", + "Informational" + ], + "x-ms-enum": { + "name": "Severity", + "modelAsString": false }, - "operation": { - "type": "string", - "description": "Operation name" + "description": "The severity for alerts created by this alert rule." + }, + "enabled": { + "type": "boolean", + "description": "Determines whether this alert rule is enabled or disabled." + }, + "query": { + "type": "string", + "description": "The query that creates alerts for this rule." + }, + "queryFrequency": { + "type": "string", + "format": "duration", + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run." + }, + "queryPeriod": { + "type": "string", + "format": "duration", + "description": "The period (in ISO 8601 duration format) that this alert rule looks at." + }, + "triggerOperator": { + "type": "string", + "enum": [ + "GreaterThan", + "LessThan", + "Equal", + "NotEqual" + ], + "x-ms-enum": { + "name": "triggerOperator", + "modelAsString": false }, - "description": { - "type": "string", - "description": "Description of the operation" - } + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "type": "integer", + "description": "The threshold triggers this alert rule." + }, + "suppressionEnabled": { + "type": "boolean", + "description": "Determines whether the suppression for this alert rule is enabled or disabled." + }, + "suppressionDuration": { + "type": "string", + "format": "duration", + "description": "The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered." + }, + "lastModifiedUtc": { + "type": "string", + "readOnly": true, + "description": "The last time that this alert has been modified." } - } - } - }, - "operationsList": { - "description": "Lists the operations available in the SecurityInsights RP.", - "properties": { - "nextLink": { - "description": "URL to fetch the next set of alerts.", - "type": "string" }, - "value": { - "description": "Array of operations", - "type": "array", - "items": { - "$ref": "#/definitions/operation" + "required": [ + "ruleName", + "description", + "severity", + "enabled", + "query", + "queryFrequency", + "queryPeriod", + "triggerOperator", + "triggerThreshold", + "suppressionEnabled", + "suppressionDuration" + ] + }, + "Resource": { + "x-ms-azure-resource": true, + "description": "An azure resource object", + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "Azure resource Id" + }, + "type": { + "type": "string", + "readOnly": true, + "description": "Azure resource type" + }, + "name": { + "type": "string", + "readOnly": true, + "description": "Azure resource name" } } - }, - "required": [ - "value" - ] - }, - "CloudError": { - "x-ms-external": true, - "type": "object", - "description": "Error response structure.", - "properties": { - "error": { - "x-ms-client-flatten": true, - "description": "Error data", - "$ref": "#/definitions/CloudErrorBody" } - } }, - "CloudErrorBody": { - "x-ms-external": true, - "type": "object", - "description": "Error details.", - "properties": { - "code": { - "readOnly": true, - "type": "string", - "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically." + "parameters": { + "SubscriptionId": { + "name": "subscriptionId", + "in": "path", + "required": true, + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", + "type": "string", + "description": "Azure subscription ID" }, - "message": { - "readOnly": true, - "type": "string", - "description": "A message describing the error, intended to be suitable for display in a user interface." - } - } - }, - "AlertRule": { - "type": "object", - "description": "Alert rule.", - "allOf": [ - { - "$ref": "#/definitions/Resource" - } - ], - "properties": { - "properties": { - "x-ms-client-flatten": true, - "description": "Alert rule properties", - "$ref": "#/definitions/AlertRuleProperties" - } - } - }, - "AlertRuleProperties": { - "type": "object", - "description": "Alert rule property bag.", - "properties": { - "query": { - "type": "string", - "description": "The query that will create alerts for this rule." + "ResourceGroupName": { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group within the user's subscription. The name is case insensitive.", + "pattern": "^[-\\w\\._\\(\\)]+$", + "minLength": 1, + "maxLength": 90, + "x-ms-parameter-location": "method" }, - "period": { - "type": "string", - "description": "The period that the alert will look at." - } - } - }, - "Resource": { - "x-ms-azure-resource": true, - "description": "An azure resource object", - "properties": { - "id": { - "type": "string", - "readOnly": true, - "description": "Azure resource Id" + "ApiVersion": { + "name": "api-version", + "in": "query", + "required": true, + "type": "string", + "enum": [ + "2019-01-01-preview" + ], + "description": "API version for the operation" }, - "type": { - "type": "string", - "readOnly": true, - "description": "Azure resource type" + "OperationalInsightsResourceProvider": { + "name": "operationalInsightsResourceProvider", + "in": "path", + "required": true, + "type": "string", + "description": "The namespace of workspaces resource provider- Microsoft.OperationalInsights.", + "x-ms-parameter-location": "method" }, - "name": { - "type": "string", - "readOnly": true, - "description": "Azure resource name" + "WorkspaceName": { + "name": "workspaceName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the workspace.", + "minLength": 1, + "maxLength": 90, + "x-ms-parameter-location": "method" + }, + "RuleId": { + "name": "ruleId", + "in": "path", + "required": true, + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", + "type": "string", + "description": "Alert rule ID", + "x-ms-parameter-location": "method" + }, + "AlertRule": { + "name": "alertRule", + "in": "body", + "description": "The alert rule", + "required": true, + "schema": { + "$ref": "#/definitions/AlertRule" + }, + "x-ms-parameter-location": "method" } - } - } - }, - "parameters": { - "SubscriptionId": { - "name": "subscriptionId", - "in": "path", - "required": true, - "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", - "type": "string", - "description": "Azure subscription ID" - }, - "ResourceGroupName": { - "name": "resourceGroupName", - "in": "path", - "required": true, - "type": "string", - "description": "The name of the resource group within the user's subscription. The name is case insensitive.", - "pattern": "^[-\\w\\._\\(\\)]+$", - "minLength": 1, - "maxLength": 90, - "x-ms-parameter-location": "method" - }, - "ApiVersion": { - "name": "api-version", - "in": "query", - "required": true, - "type": "string", - "enum": [ - "2019-01-01-preview" - ], - "description": "API version for the operation" - }, - "OperationalInsightsResourceProvider": { - "name": "operationalInsightsResourceProvider", - "in": "path", - "required": true, - "type": "string", - "description": "The namespace of workspaces resource provider- Microsoft.OperationalInsights.", - "x-ms-parameter-location": "method" - }, - "WorkspaceName": { - "name": "workspaceName", - "in": "path", - "required": true, - "type": "string", - "description": "The name of the workspace.", - "minLength": 1, - "maxLength": 90, - "x-ms-parameter-location": "method" - }, - "RuleId": { - "name": "ruleId", - "in": "path", - "required": true, - "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", - "type": "string", - "description": "Alert rule ID", - "x-ms-parameter-location": "method" - }, - "AlertRule": { - "name": "alertRule", - "in": "body", - "description": "The alert rule", - "required": true, - "schema": { - "$ref": "#/definitions/AlertRule" - }, - "x-ms-parameter-location": "method" } - } } \ No newline at end of file diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateAlertRule.json deleted file mode 100644 index cc2750031d00..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateAlertRule.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "alertRule": { - "properties": { - "query": "search *", - "period": "24H" - } - } - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/SecurityAlertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "myAlertRule", - "type": "Microsoft.SecurityInsights/SecurityAlertRules", - "properties": { - "query": "search *", - "period": "24H" - } - } - }, - "201": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/SecurityAlertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "myAlertRule", - "type": "Microsoft.SecurityInsights/SecurityAlertRules", - "properties": { - "query": "search *", - "period": "24H" - } - } - } - } -} \ No newline at end of file diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json new file mode 100644 index 000000000000..c607352ac94a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/CreateScheduledAlertRule.json @@ -0,0 +1,77 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "alertRule": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "ruleName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "ruleName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2019-01-01T13:15:30Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "ruleName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false + } + } + } + } +} \ No newline at end of file diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/DeleteScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/DeleteScheduledAlertRule.json new file mode 100644 index 000000000000..17f6dfb42ea8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/DeleteScheduledAlertRule.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + }, + "204":{ + } + } +} \ No newline at end of file diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetAlertRuleById.json deleted file mode 100644 index bdc6331bc313..000000000000 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetAlertRuleById.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" - }, - "responses": { - "200": { - "body": { - "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/SecurityAlertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", - "name": "myAlertRule", - "type": "Microsoft.SecurityInsights/SecurityAlertRules", - "properties": { - "query": "search *", - "period": "24H" - } - } - } - } -} \ No newline at end of file diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRuleById.json new file mode 100644 index 000000000000..78e1755dd733 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRuleById.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "ruleName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2019-01-01T13:15:30Z" + } + } + } + } +} \ No newline at end of file diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRules.json new file mode 100644 index 000000000000..57767b28358e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/GetScheduledAlertRules.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights" + }, + "responses": { + "200": { + "body": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationsManagement/workspaces/myWorkspace/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "ruleName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2019-01-01T13:15:30Z" + } + } + ] + } + } +} \ No newline at end of file