[Hub Generated] Review request for Microsoft.SecurityInsights to add version preview/2019-01-01-preview (#11795)

* Added Watchlist-Item endpoint to Add/Update/Delete Watchlist Item resource

* Adjustments as per ARM Review

* Adjustments as per ARM Review

* Fixed Avecado issues and enhaced Watchlist examples

* Updated Watchlist Item definition

Author: hassanchawiche

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json

@@ -3838,7 +3838,7 @@
         "tags": [
           "Watchlists"
         ],
-        "description": "Creates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint twice : the first call will create am empty Watchlist, and the second one will create its Items.",
+        "description": "Creates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint twice : the first call will create an empty Watchlist, and the second one will create its Items.",
         "operationId": "Watchlists_Create",
         "parameters": [
           {
@@ -3885,6 +3885,115 @@
         }
       }
     },
+    "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}": {
+      "delete": {
+        "x-ms-examples": {
+          "Delete a watchlist Item.": {
+            "$ref": "./examples/watchlists/DeleteWatchlistItem.json"
+          }
+        },
+        "tags": [
+          "WatchlistItems"
+        ],
+        "description": "Delete a watchlist item.",
+        "operationId": "WatchlistItem_Delete",
+        "parameters": [
+          {
+            "$ref": "#/parameters/ApiVersion"
+          },
+          {
+            "$ref": "#/parameters/SubscriptionId"
+          },
+          {
+            "$ref": "#/parameters/ResourceGroupName"
+          },
+          {
+            "$ref": "#/parameters/OperationalInsightsResourceProvider"
+          },
+          {
+            "$ref": "#/parameters/WorkspaceName"
+          },
+          {
+            "$ref": "#/parameters/WatchlistAlias"
+          },
+          {
+            "$ref": "#/parameters/WatchlistItemId"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "OK"
+          },
+          "204": {
+            "description": "No Content"
+          },
+          "default": {
+            "description": "Error response describing why the operation failed.",
+            "schema": {
+              "$ref": "#/definitions/CloudError"
+            }
+          }
+        }
+      },
+      "put": {
+        "x-ms-examples": {
+          "Creates or updates a watchlist item.": {
+            "$ref": "./examples/watchlists/CreateWatchlistItem.json"
+          }
+        },
+        "tags": [
+          "WatchlistItems"
+        ],
+        "description": "Creates or updates a watchlist item.",
+        "operationId": "WatchlistItem_CreateOrUpdate",
+        "parameters": [
+          {
+            "$ref": "#/parameters/ApiVersion"
+          },
+          {
+            "$ref": "#/parameters/SubscriptionId"
+          },
+          {
+            "$ref": "#/parameters/ResourceGroupName"
+          },
+          {
+            "$ref": "#/parameters/OperationalInsightsResourceProvider"
+          },
+          {
+            "$ref": "#/parameters/WorkspaceName"
+          },
+          {
+            "$ref": "#/parameters/WatchlistAlias"
+          },
+          {
+            "$ref": "#/parameters/WatchlistItemId"
+          },
+          {
+            "$ref": "#/parameters/WatchlistItem"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "OK",
+            "schema": {
+              "$ref": "#/definitions/WatchlistItem"
+            }
+          },
+          "201": {
+            "description": "Created",
+            "schema": {
+              "$ref": "#/definitions/WatchlistItem"
+            }
+          },
+          "default": {
+            "description": "Error response describing why the operation failed.",
+            "schema": {
+              "$ref": "#/definitions/CloudError"
+            }
+          }
+        }
+      }
+    },
     "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator": {
       "post": {
         "x-ms-examples": {
@@ -10468,6 +10577,75 @@
       ],
       "type": "object"
     },
+    "WatchlistItem": {
+      "allOf": [
+        {
+          "$ref": "#/definitions/ResourceWithEtag"
+        }
+      ],
+      "description": "Represents a Watchlist item in Azure Security Insights.",
+      "properties": {
+        "properties": {
+          "$ref": "#/definitions/WatchlistItemProperties",
+          "description": "Watchlist Item properties",
+          "x-ms-client-flatten": true
+        }
+      },
+      "type": "object"
+    },
+    "WatchlistItemProperties": {
+      "description": "Describes watchlist item properties",
+      "properties": {
+        "watchlistItemType": {
+          "description": "The type of the watchlist item",
+          "type": "string"
+        },
+        "watchlistItemId": {
+          "description": "The id (a Guid) of the watchlist item",
+          "type": "string"
+        },
+        "tenantId": {
+          "description": "The tenantId to which the watchlist item belongs to",
+          "type": "string"
+        },
+        "isDeleted": {
+          "description": "A flag that indicates if the watchlist item is deleted or not",
+          "type": "boolean"
+        },
+        "created": {
+          "description": "The time the watchlist item was created",
+          "format": "date-time",
+          "type": "string"
+        },
+        "updated": {
+          "description": "The last time the watchlist item was updated",
+          "format": "date-time",
+          "type": "string"
+        },
+        "createdBy": {
+          "$ref": "#/definitions/UserInfo",
+          "description": "Describes a user that created the watchlist item",
+          "type": "object"
+        },
+        "updatedBy": {
+          "$ref": "#/definitions/UserInfo",
+          "description": "Describes a user that updated the watchlist item",
+          "type": "object"
+        },
+        "itemsKeyValue": {
+          "description": "key-value pairs for a watchlist item",
+          "type": "object"
+        },
+        "entityMapping": {
+          "description": "key-value pairs for a watchlist item entity mapping",
+          "type": "object"
+        }
+      },
+      "required": [
+        "itemsKeyValue"
+      ],
+      "type": "object"
+    },
     "ThreatIntelligenceInformationList": {
       "description": "List of all the threat intelligence information objects.",
       "properties": {
@@ -11576,6 +11754,24 @@
       },
       "x-ms-parameter-location": "method"
     },
+    "WatchlistItem": {
+      "description": "The watchlist item",
+      "in": "body",
+      "name": "watchlistItem",
+      "required": true,
+      "schema": {
+        "$ref": "#/definitions/WatchlistItem"
+      },
+      "x-ms-parameter-location": "method"
+    },
+    "WatchlistItemId": {
+      "description": "Watchlist Item Id (GUID)",
+      "in": "path",
+      "name": "watchlistItemId",
+      "required": true,
+      "type": "string",
+      "x-ms-parameter-location": "method"
+    },
     "ThreatIntelligenceName": {
       "description": "Threat intelligence indicator name field.",
       "in": "path",

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlist.json

@@ -9,18 +9,10 @@
     "watchlist": {
       "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
       "properties": {
-        "createdBy": {
-          "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70"
-        },
         "displayName": "High Value Assets Watchlist",
         "source": "Local file",
         "provider": "Microsoft",
         "description": "Watchlist from CSV content",
-        "labels": [
-          "Tag1",
-          "Tag2"
-        ],
-        "defaultDuration": "P1279DT12H30M5S",
         "numberOfLinesToSkip": 1,
         "rawContent": "This line will be skipped\nheader1,header2\nvalue1,value2",
         "contentType": "text/csv"
@@ -55,11 +47,6 @@
           "watchlistType": "watchlist",
           "watchlistAlias": "highValueAsset",
           "isDeleted": false,
-          "labels": [
-            "Tag1",
-            "Tag2"
-          ],
-          "defaultDuration": "P1279DT12H30M5S",
           "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd"
         }
       }
@@ -91,11 +78,6 @@
           "watchlistType": "watchlist",
           "watchlistAlias": "highValueAsset",
           "isDeleted": false,
-          "labels": [
-            "Tag1",
-            "Tag2"
-          ],
-          "defaultDuration": "P1279DT12H30M5S",
           "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd"
         }
       }

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/CreateWatchlistItem.json

@@ -0,0 +1,92 @@
+{
+  "parameters": {
+    "api-version": "2019-01-01-preview",
+    "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
+    "resourceGroupName": "myRg",
+    "workspaceName": "myWorkspace",
+    "operationalInsightsResourceProvider": "Microsoft.OperationalInsights",
+    "watchlistAlias": "highValueAsset",
+    "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842",
+    "watchlistItem": {
+      "etag": "0300bf09-0000-0000-0000-5c37296e0000",
+      "properties": {
+        "itemsKeyValue": {
+          "Gateway subnet": "10.0.255.224/27",
+          "Web Tier": "10.0.1.0/24",
+          "Business tier": "10.0.2.0/24",
+          "Data tier": "10.0.2.0/24",
+          "Private DMZ in": "10.0.0.0/27",
+          "Public DMZ out": "10.0.0.96/27"
+        }
+      }
+    }
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842",
+        "etag": "0300bf09-0000-0000-0000-5c37296e0000",
+        "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems",
+        "properties": {
+          "watchlistItemType": "watchlist-item",
+          "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842",
+          "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea",
+          "isDeleted": false,
+          "created": "2020-11-15T04:58:56.0748363+00:00",
+          "updated": "2020-11-16T16:05:20+00:00",
+          "createdBy": {
+            "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
+            "email": "john@contoso.com",
+            "name": "john doe"
+          },
+          "updatedBy": {
+            "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
+            "email": "john@contoso.com",
+            "name": "john doe"
+          },
+          "itemsKeyValue": {
+            "Gateway subnet": "10.0.255.224/27",
+            "Web Tier": "10.0.1.0/24",
+            "Business tier": "10.0.2.0/24",
+            "Data tier": "10.0.2.0/24",
+            "Private DMZ in": "10.0.0.0/27",
+            "Public DMZ out": "10.0.0.96/27"
+          }
+        }
+      }
+    },
+    "201": {
+      "body": {
+        "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842",
+        "etag": "0300bf09-0000-0000-0000-5c37296e0000",
+        "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems",
+        "properties": {
+          "watchlistItemType": "watchlist-item",
+          "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842",
+          "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea",
+          "isDeleted": false,
+          "created": "2020-11-15T04:58:56.0748363+00:00",
+          "updated": "2020-11-16T16:05:20+00:00",
+          "createdBy": {
+            "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
+            "email": "john@contoso.com",
+            "name": "john doe"
+          },
+          "updatedBy": {
+            "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
+            "email": "john@contoso.com",
+            "name": "john doe"
+          },
+          "itemsKeyValue": {
+            "Gateway subnet": "10.0.255.224/27",
+            "Web Tier": "10.0.1.0/24",
+            "Business tier": "10.0.2.0/24",
+            "Data tier": "10.0.2.0/24",
+            "Private DMZ in": "10.0.0.0/27",
+            "Public DMZ out": "10.0.0.96/27"
+          }
+        }
+      }
+    }
+  }
+}

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/watchlists/DeleteWatchlistItem.json

@@ -0,0 +1,15 @@
+{
+  "parameters": {
+    "api-version": "2019-01-01-preview",
+    "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
+    "resourceGroupName": "myRg",
+    "workspaceName": "myWorkspace",
+    "operationalInsightsResourceProvider": "Microsoft.OperationalInsights",
+    "watchlistAlias": "highValueAsset",
+    "watchlistItemId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea"
+  },
+  "responses": {
+    "200": {},
+    "204": {}
+  }
+}