From 799ce4a4912f2a32361d3aaa61f0c50de6e3c7ce Mon Sep 17 00:00:00 2001 From: dosiso <60354892+dosiso@users.noreply.github.com> Date: Thu, 27 Feb 2020 14:14:36 +0200 Subject: [PATCH] Add case and incident tactics (#8288) * Added case tactics * Added incident tactics * Removing redundant comma from incident additional data * Changed tabs to spaces to better match format in file * Rename tactics field (alertTactics=>tactics) * Rename unknown classification to undetermined classification * Undo last commmit --- .../2019-01-01-preview/SecurityInsights.json | 16 ++++++++++++++++ .../examples/cases/CreateCase.json | 2 ++ .../examples/cases/GetCaseById.json | 4 ++++ .../examples/cases/GetCases.json | 4 ++++ .../examples/incidents/CreateIncident.json | 6 ++++-- .../examples/incidents/GetIncidentById.json | 6 +++++- .../examples/incidents/GetIncidents.json | 5 ++++- 7 files changed, 39 insertions(+), 4 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index 2fde4c050cf2..f8c4f762a1c5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -4434,6 +4434,14 @@ "readOnly": true, "type": "array" }, + "tactics": { + "description": "The tactics associated with case", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + }, "severity": { "description": "The severity of the case", "enum": [ @@ -5793,6 +5801,14 @@ }, "readOnly": true, "type": "array" + }, + "tactics": { + "description": "The tactics associated with incident", + "items": { + "$ref": "#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" } }, "type": "object" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/CreateCase.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/CreateCase.json index 670ed172b4e9..175dadb402ec 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/CreateCase.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/CreateCase.json @@ -55,6 +55,7 @@ "relatedAlertIds": [ "cf441808-2d50-4c10-81af-cdd0b908c121" ], + "tactics": [], "caseNumber": 3177 } } @@ -87,6 +88,7 @@ "relatedAlertIds": [ "cf441808-2d50-4c10-81af-cdd0b908c121" ], + "tactics": [], "caseNumber": 3177 } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCaseById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCaseById.json index d1661baf0423..b34d5690dfed 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCaseById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCaseById.json @@ -37,6 +37,10 @@ "relatedAlertIds": [ "cf441808-2d50-4c10-81af-cdd0b908c121" ], + "tactics": [ + "InitialAccess", + "Persistence" + ], "caseNumber": 3177, "lastComment": "This is a demo case", "totalComments": 3 diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCases.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCases.json index 6fe262832ea8..56acd2115f04 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCases.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCases.json @@ -40,6 +40,10 @@ "relatedAlertIds": [ "cf441808-2d50-4c10-81af-cdd0b908c121" ], + "tactics": [ + "InitialAccess", + "Persistence" + ], "caseNumber": 3177, "lastComment": "This is a demo case", "totalComments": 3 diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json index b1a86dc43404..526b48d3be6a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json @@ -51,7 +51,8 @@ "alertsCount": 0, "bookmarksCount": 0, "commentsCount": 3, - "alertProductNames": [] + "alertProductNames": [], + "tactics": [] } } } @@ -84,7 +85,8 @@ "alertsCount": 0, "bookmarksCount": 0, "commentsCount": 3, - "alertProductNames": [] + "alertProductNames": [], + "tactics": [] } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidentById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidentById.json index 878f03ee4baa..98ce12d79286 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidentById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidentById.json @@ -36,7 +36,11 @@ "alertsCount": 0, "bookmarksCount": 0, "commentsCount": 3, - "alertProductNames": [] + "alertProductNames": [], + "tactics": [ + "InitialAccess", + "Persistence" + ] } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidents.json index 7c54eae94a42..1933c0febc34 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidents.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidents.json @@ -39,7 +39,10 @@ "alertsCount": 0, "bookmarksCount": 0, "commentsCount": 3, - "alertProductNames": [] + "alertProductNames": [], + "tactics": [ + "Persistence" + ] } } }