Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Incidents stable version #14000

Merged
merged 31 commits into from
Jun 7, 2021
+4,683 −53
Merged

New Incidents stable version #14000

Show file tree
Hide file tree
Changes from 30 commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
429ff13
New stable version
roherzbe Apr 18, 2021
fa6411e
revert ApiVersion change
roherzbe Apr 18, 2021
136898f
add operation
roherzbe Apr 18, 2021
de057d3
Add operations to README
roherzbe Apr 18, 2021
73ca514
Add missing definition
roherzbe Apr 19, 2021
8803e0c
Fix ApiVersion
roherzbe Apr 19, 2021
0a4fc8d
Change ApiVersion
roherzbe Apr 19, 2021
9f03b8e
Add update & delete incident comments
roherzbe Apr 20, 2021
1fbc8ed
extracting to common file
roherzbe Apr 20, 2021
bb4b7d2
Revert "extracting to common file"
roherzbe Apr 20, 2021
436cba6
Add new API calls
roherzbe Apr 21, 2021
de9af81
add parameters
roherzbe Apr 22, 2021
b5f2f05
new parameters
roherzbe Apr 27, 2021
3ef1065
fix conflict
roherzbe Apr 27, 2021
dfb29fd
fix conflict 2
roherzbe Apr 27, 2021
974b75f
Merge branch 'master' into feature/roherzbe/NewStableVersion
roherzbe Apr 27, 2021
1f38851
Add integer format
roherzbe Apr 28, 2021
ff00d8f
Merge branch 'feature/roherzbe/NewStableVersion' of https://github.co…
roherzbe Apr 28, 2021
5490316
fix readme
roherzbe Apr 28, 2021
0a294c8
fix Duplicate Schema
roherzbe Apr 28, 2021
992282d
fix ApiVersion
roherzbe Apr 28, 2021
28f2714
ApiVersionParameter
roherzbe May 2, 2021
bed586a
resolve conflict
roherzbe May 2, 2021
cc3fc8b
fix APIVersion
roherzbe May 4, 2021
cf7ede5
Add Incident Relations
roherzbe May 6, 2021
ef19b22
Add missing parameters
roherzbe May 6, 2021
55f1598
fix typo
roherzbe May 6, 2021
5a3c0e3
Add API version to common
roherzbe May 10, 2021
91decea
modelAsString
roherzbe May 10, 2021
24a11a7
revert last 2 changes
roherzbe May 10, 2021
d5df1a3
Text changes in some descriptions
roherzbe Jun 1, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3,866 changes: 3,866 additions & 0 deletions ...rityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-04-01/Incidents.json
View file
Open in desktop

Large diffs are not rendered by default.

104 changes: 104 additions & 0 deletions ...nager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/CreateIncident.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
{
"parameters": {
"api-version": "2021-04-01",
"subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
"resourceGroupName": "myRg",
"workspaceName": "myWorkspace",
"incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"incident": {
"etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
"properties": {
"lastActivityTimeUtc": "2019-01-01T13:05:30Z",
"firstActivityTimeUtc": "2019-01-01T13:00:30Z",
"description": "This is a demo incident",
"title": "My incident",
"owner": {
"objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70"
},
"severity": "High",
"classification": "FalsePositive",
"classificationComment": "Not a malicious activity",
"classificationReason": "IncorrectAlertLogic",
"status": "Closed"
}
}
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"type": "Microsoft.SecurityInsights/incidents",
"etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"",
"properties": {
"lastModifiedTimeUtc": "2019-01-01T13:15:30Z",
"createdTimeUtc": "2019-01-01T13:15:30Z",
"lastActivityTimeUtc": "2019-01-01T13:05:30Z",
"firstActivityTimeUtc": "2019-01-01T13:00:30Z",
"description": "This is a demo incident",
"title": "My incident",
"owner": {
"objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
"email": "john.doe@contoso.com",
"userPrincipalName": "john@contoso.com",
"assignedTo": "john doe"
},
"severity": "High",
"classification": "FalsePositive",
"classificationComment": "Not a malicious activity",
"classificationReason": "IncorrectAlertLogic",
"status": "Closed",
"incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"incidentNumber": 3177,
"labels": [],
"relatedAnalyticRuleIds": [],
"additionalData": {
"alertsCount": 0,
"bookmarksCount": 0,
"commentsCount": 3,
"alertProductNames": [],
"tactics": []
}
}
}
},
"201": {
"body": {
"id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"type": "Microsoft.SecurityInsights/incidents",
"etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"",
"properties": {
"lastModifiedTimeUtc": "2019-01-01T13:15:30Z",
"createdTimeUtc": "2019-01-01T13:15:30Z",
"lastActivityTimeUtc": "2019-01-01T13:05:30Z",
"firstActivityTimeUtc": "2019-01-01T13:00:30Z",
"description": "This is a demo incident",
"title": "My incident",
"owner": {
"objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
"email": "john.doe@contoso.com",
"userPrincipalName": "john@contoso.com",
"assignedTo": "john doe"
},
"severity": "High",
"classification": "FalsePositive",
"classificationComment": "Not a malicious activity",
"classificationReason": "IncorrectAlertLogic",
"status": "Closed",
"incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"incidentNumber": 3177,
"labels": [],
"relatedAnalyticRuleIds": [],
"additionalData": {
"alertsCount": 0,
"bookmarksCount": 0,
"commentsCount": 3,
"alertProductNames": [],
"tactics": []
}
}
}
}
}
}
13 changes: 13 additions & 0 deletions ...nager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/DeleteIncident.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{
"parameters": {
"api-version": "2021-04-01",
"subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
"resourceGroupName": "myRg",
"workspaceName": "myWorkspace",
"incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5"
},
"responses": {
"200": {},
"204": {}
}
}
50 changes: 50 additions & 0 deletions ...Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentAlerts.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
{
"parameters": {
"api-version": "2021-04-01",
"subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
"resourceGroupName": "myRg",
"workspaceName": "myWorkspace",
"incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/baa8a239-6fde-4ab7-a093-d09f7b75c58c",
"name": "baa8a239-6fde-4ab7-a093-d09f7b75c58c",
"type": "Microsoft.SecurityInsights/Entities",
"kind": "SecurityAlert",
"properties": {
"systemAlertId": "baa8a239-6fde-4ab7-a093-d09f7b75c58c",
"tactics": [],
"alertDisplayName": "myAlert",
"confidenceLevel": "Unknown",
"severity": "Low",
"vendorName": "Microsoft",
"productName": "Azure Security Center",
"alertType": "myAlert",
"processingEndTime": "2020-07-20T18:21:53.6158361Z",
"status": "New",
"endTimeUtc": "2020-07-20T18:21:53.6158361Z",
"startTimeUtc": "2020-07-20T18:21:53.6158361Z",
"timeGenerated": "2020-07-20T18:21:53.6158361Z",
"resourceIdentifiers": [
{
"type": "LogAnalytics",
"workspaceId": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b",
"subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a",
"resourceGroup": "myRG"
}
],
"additionalData": {
"AlertMessageEnqueueTime": "2020-07-20T18:21:57.304Z"
},
"friendlyName": "myAlert"
}
}
]
}
}
}
}
77 changes: 77 additions & 0 deletions ...rosoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentBookmarks.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
{
"parameters": {
"api-version": "2021-04-01",
"subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
"resourceGroupName": "myRg",
"workspaceName": "myWorkspace",
"incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/afbd324f-6c48-459c-8710-8d1e1cd03812",
"name": "afbd324f-6c48-459c-8710-8d1e1cd03812",
"type": "Microsoft.SecurityInsights/Entities",
"kind": "Bookmark",
"properties": {
"displayName": "SecurityEvent - 868f40f4698d",
"created": "2020-06-17T15:34:01.4265524+00:00",
"updated": "2020-06-17T15:34:01.4265524+00:00",
"createdBy": {
"objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd",
"email": "user@microsoft.com",
"name": "user"
},
"updatedBy": {
"objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd",
"email": "user@microsoft.com",
"name": "user"
},
"eventTime": "2020-06-17T15:34:01.4265524+00:00",
"labels": [],
"query": "SecurityEvent\r\n| take 1\n",
"queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}",
"additionalData": {
"ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"",
"EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812"
},
"friendlyName": "SecurityEvent - 868f40f4698d"
}
},
{
"id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/bbbd324f-6c48-459c-8710-8d1e1cd03812",
"name": "bbbd324f-6c48-459c-8710-8d1e1cd03812",
"type": "Microsoft.SecurityInsights/Entities",
"kind": "Bookmark",
"properties": {
"displayName": "SecurityEvent - 868f40f4698d",
"created": "2020-06-17T15:34:01.4265524+00:00",
"updated": "2020-06-17T15:34:01.4265524+00:00",
"createdBy": {
"objectId": "303ca914-5eb6-45e5-9417-fe0797c372fd",
"email": "user@microsoft.com",
"name": "user"
},
"updatedBy": {
"objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd",
"email": "user@microsoft.com",
"name": "user"
},
"eventTime": "2020-06-17T15:34:01.4265524+00:00",
"labels": [],
"query": "SecurityEvent\r\n| take 1\n",
"queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}",
"additionalData": {
"ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"",
"EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812"
},
"friendlyName": "SecurityEvent - 868f40f4698d"
}
}
]
}
}
}
}
34 changes: 34 additions & 0 deletions ...crosoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetAllIncidentEntities.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
{
"parameters": {
"api-version": "2021-04-01",
"subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
"resourceGroupName": "myRg",
"workspaceName": "myWorkspace",
"incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812"
},
"responses": {
"200": {
"body": {
"entities": [
{
"id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/e1d3d618-e11f-478b-98e3-bb381539a8e1",
"name": "e1d3d618-e11f-478b-98e3-bb381539a8e1",
"type": "Microsoft.SecurityInsights/Entities",
"kind": "Account",
"properties": {
"friendlyName": "administrator",
"accountName": "administrator",
"ntDomain": "domain"
}
}
],
"metaData": [
{
"entityKind": "Account",
"count": 1
}
]
}
}
}
}
54 changes: 54 additions & 0 deletions ...ager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetIncidentById.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
{
"parameters": {
"api-version": "2021-04-01",
"subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
"resourceGroupName": "myRg",
"workspaceName": "myWorkspace",
"incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5"
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"type": "Microsoft.SecurityInsights/incidents",
"etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
"properties": {
"lastModifiedTimeUtc": "2019-01-01T13:15:30Z",
"createdTimeUtc": "2019-01-01T13:15:30Z",
"lastActivityTimeUtc": "2019-01-01T13:05:30Z",
"firstActivityTimeUtc": "2019-01-01T13:00:30Z",
"description": "This is a demo incident",
"title": "My incident",
"owner": {
"objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
"email": "john.doe@contoso.com",
"userPrincipalName": "john@contoso.com",
"assignedTo": "john doe"
},
"severity": "High",
"classification": "FalsePositive",
"classificationComment": "Not a malicious activity",
"classificationReason": "InaccurateData",
"status": "Closed",
"incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"incidentNumber": 3177,
"labels": [],
"relatedAnalyticRuleIds": [
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"
],
"additionalData": {
"alertsCount": 0,
"bookmarksCount": 0,
"commentsCount": 3,
"alertProductNames": [],
"tactics": [
"InitialAccess",
"Persistence"
]
}
}
}
}
}
}
59 changes: 59 additions & 0 deletions ...manager/Microsoft.SecurityInsights/stable/2021-04-01/examples/incidents/GetIncidents.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
{
"parameters": {
"api-version": "2021-04-01",
"subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
"resourceGroupName": "myRg",
"workspaceName": "myWorkspace",
"$orderby": "properties/createdTimeUtc desc",
"$top": 1
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"type": "Microsoft.SecurityInsights/incidents",
"etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
"properties": {
"lastModifiedTimeUtc": "2019-01-01T13:15:30Z",
"createdTimeUtc": "2019-01-01T13:15:30Z",
"lastActivityTimeUtc": "2019-01-01T13:05:30Z",
"firstActivityTimeUtc": "2019-01-01T13:00:30Z",
"description": "This is a demo incident",
"title": "My incident",
"owner": {
"objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
"email": "john.doe@contoso.com",
"userPrincipalName": "john@contoso.com",
"assignedTo": "john doe"
},
"severity": "High",
"classification": "FalsePositive",
"classificationComment": "Not a malicious activity",
"classificationReason": "IncorrectAlertLogic",
"status": "Closed",
"incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"incidentNumber": 3177,
"labels": [],
"relatedAnalyticRuleIds": [
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a"
],
"additionalData": {
"alertsCount": 0,
"bookmarksCount": 0,
"commentsCount": 3,
"alertProductNames": [],
"tactics": [
"Persistence"
]
}
}
}
]
}
}
}
}
Loading