From 32f89e6c00effe3423cd8ae819e85c62f46c0ae1 Mon Sep 17 00:00:00 2001 From: Tim Paterson <=> Date: Wed, 17 Mar 2021 10:09:19 -0300 Subject: [PATCH 1/7] Initial public commit for enrichment APIs --- custom-words.txt | 2 + .../2019-01-01-preview/SecurityInsights.json | 335 ++++++++++++++++++ .../examples/enrichment/GetGeodataByIp.json | 31 ++ .../enrichment/GetWhoisByDomainName.json | 91 +++++ 4 files changed, 459 insertions(+) create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json diff --git a/custom-words.txt b/custom-words.txt index d525092af769..8782dac638b8 100644 --- a/custom-words.txt +++ b/custom-words.txt @@ -709,6 +709,8 @@ generatevpnprofile geobias geocode geocodes +geodata +Geodata Geofence geofences Geofencing diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index ee188bad7882..a0da76944b24 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -1849,6 +1849,90 @@ } } }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/ip/geodata/": { + "get": { + "x-ms-examples": { + "Get geodata for a single IP address": { + "$ref": "./examples/enrichment/GetGeodataByIp.json" + } + }, + "tags": [ + "Enrichment" + ], + "description": "Get geodata for a single IP address", + "operationId": "IPGeodata_Get", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/EnrichmentIpAddress" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EnrichmentIpGeodata" + } + }, + "default": { + "description": "Error response describing why the operation failed to enrich this ip.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/domain/whois/": { + "get": { + "x-ms-examples": { + "Get whois information for a single domain name": { + "$ref": "./examples/enrichment/GetWhoisByDomainName.json" + } + }, + "tags": [ + "Enrichment" + ], + "description": "Get whois information for a single domain name", + "operationId": "DomainWhois_Get", + "parameters": [ + { + "$ref": "#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/EnrichmentDomain" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EnrichmentDomainWhois" + } + }, + "default": { + "description": "Error response describing why the operation failed to enrich this domain.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors": { "get": { "x-ms-examples": { @@ -7708,6 +7792,241 @@ "description": "Dynamics365 requirements check properties.", "type": "object" }, + "EnrichmentDomainWhois": { + "description": "Whois information (plus timestamps) for a given domain", + "properties": { + "domain": { + "description": "The domain for this whois record", + "type": "string" + }, + "server": { + "description": "The timestamp at which this record was created", + "format": "date-time", + "type": "string" + }, + "date": { + "description": "The date portion of the timestamp field", + "type": "string" + }, + "timestamp": { + "description": "The timestamp at which this record was retrieved", + "format": "date-time", + "type": "string" + }, + "created": { + "description": "The timestamp at which this record was created", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The timestamp at which this record was last updated", + "format": "date-time", + "type": "string" + }, + "expires": { + "description": "The timestamp at which this record will expire", + "format": "date-time", + "type": "string" + }, + "parsedWhois": { + "description": "The whois record for a given domain", + "$ref": "#/definitions/EnrichmentDomainWhoisDetails" + } + } + }, + "EnrichmentDomainWhoisDetails": { + "description": "The whois record for a given domain", + "properties": { + "registrar": { + "description": "The registrar associated with this domain", + "$ref": "#/definitions/EnrichmentDomainWhoisRegistrarDetails" + }, + "contacts": { + "description": "The set of contacts associated with this domain", + "$ref": "#/definitions/EnrichmentDomainWhoisContacts" + }, + "nameServers": { + "description": "A list of name servers associated with this domain", + "type": "array", + "items": { + "type": "string" + } + }, + "statuses": { + "description": "The set of status flags for this whois record", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "EnrichmentDomainWhoisRegistrarDetails": { + "description": "The registrar associated with this domain", + "properties": { + "name": { + "description": "The name of this registrar", + "type": "string" + }, + "abuseContactEmail": { + "description": "This registrar's abuse contact email", + "type": "string" + }, + "abuseContactPhone": { + "description": "This registrar's abuse contact phone number", + "type": "string" + }, + "ianaId": { + "description": "This registrar's Internet Assigned Numbers Authority id", + "type": "string" + }, + "url": { + "description": "This registrar's url", + "type": "string" + }, + "whoisServer": { + "description": "The hostname of this registrar's whois server", + "type": "string" + } + } + }, + "EnrichmentDomainWhoisContacts": { + "description": "The set of contacts associated with this domain", + "properties": { + "admin": { + "description": "The admin contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + }, + "billing": { + "description": "The billing contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + }, + "registrant": { + "description": "The registrant contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + }, + "tech": { + "description": "The technical contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + } + } + }, + "EnrichmentDomainWhoisContact": { + "description": "An individual contact associated with this domain", + "properties": { + "name": { + "description": "The name of this contact", + "type": "string" + }, + "org": { + "description": "This contact's organization", + "type": "string" + }, + "street": { + "description": "A list describing the street address for this contact", + "type": "array", + "items": { + "type": "string" + } + }, + "city": { + "description": "This contact's city", + "type": "string" + }, + "state": { + "description": "This contact's state", + "type": "string" + }, + "postal": { + "description": "This contact's postal code", + "type": "string" + }, + "country": { + "description": "This contact's country", + "type": "string" + }, + "phone": { + "description": "This contact's phone number", + "type": "string" + }, + "fax": { + "description": "This contact's fax number", + "type": "string" + }, + "email": { + "description": "This contact's email address", + "type": "string" + } + } + }, + "EnrichmentIpGeodata": { + "description": "Geodata information for a given IP address", + "properties": { + "carrier": { + "description": "The name of the carrier for this IP", + "type": "string" + }, + "city": { + "description": "The city this IP is located in", + "type": "string" + }, + "cityCf": { + "description": "A numeric rating of confidence that the value in 'city' is correct", + "type": "integer", + "format": "int32" + }, + "continent": { + "description": "The continent this IP is located on", + "type": "string" + }, + "country": { + "description": "The county this IP is located in", + "type": "string" + }, + "countryCf": { + "description": "A numeric rating of confidence that the value in 'country' is correct", + "type": "integer", + "format": "int32" + }, + "ipAddr": { + "description": "The dotted-decimal or colon-separated string representation of the IP", + "type": "string" + }, + "latitude": { + "description": "The latitude of this IP", + "type": "string" + }, + "longitude": { + "description": "The longitude of this IP", + "type": "string" + }, + "organization": { + "description": "The name of the organization for this IP", + "type": "string" + }, + "organizationType": { + "description": "The type of the organization for this IP", + "type": "string" + }, + "region": { + "description": "The geographic region this IP is locate in", + "type": "string" + }, + "state": { + "description": "The state this IP is located in", + "type": "string" + }, + "stateCf": { + "description": "A numeric rating of confidence that the value in 'state' is correct", + "type": "integer", + "format": "int32" + }, + "stateCode": { + "description": "The abbreviated name for the state this IP is located in", + "type": "string" + } + } + }, "Entity": { "allOf": [ { @@ -13910,6 +14229,22 @@ }, "x-ms-parameter-location": "method" }, + "EnrichmentDomain": { + "description": "Domain name to be enriched", + "in": "query", + "name": "domain", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "EnrichmentIpAddress": { + "description": "IP address (v4 or v6) to be enriched", + "in": "query", + "name": "ipAddress", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, "EntityExpandRequestBody": { "description": "The parameters required to execute an expand operation on the given entity.", "in": "body", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json new file mode 100644 index 000000000000..29d39484fe40 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "ipAddress": "1.2.3.4" + }, + "responses": { + "200": { + "body": { + "carrier": "myOrg Incorporated", + "city": "hamilton", + "cityCf": 90, + "continent": "north america", + "country": "canada", + "countryCf": 99, + "ipAddr": "1.2.3.4", + "latitude": "45.2436", + "longitude": "-74.8891", + "organization": "My Organization's name", + "organizationType": "ISP", + "region": "central canada", + "state": "ontario", + "stateCf": null, + "stateCode": "on" + } + } + } +} \ No newline at end of file diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json new file mode 100644 index 000000000000..1552f9b7178b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json @@ -0,0 +1,91 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "domain": "microsoft.com" + }, + "responses": { + "200": { + "body": { + "domain": "microsoft.com", + "server": null, + "date": "2021-02-08", + "timestamp": null, + "created": "2021-02-25T16:15:01.187045Z", + "updated": "2021-02-25T16:15:01.187045Z", + "expires": null, + "parsedWhois": { + "registrar": { + "name": "MarkMonitor, Inc", + "abuseContactPhone": "12083895770", + "abuseContactEmail": "abuse@microsoft.com", + "url": "http://www.markmonitor.com", + "whoisServer": "whois.markmonitor.com" + }, + "contacts": { + "admin": { + "name": "Administrator", + "org": "Microsoft", + "street": [ + "123 Fake Street" + ], + "city": null, + "state": "WA", + "postal": "90210", + "country": "United States", + "phone": "1-800-555-1234", + "fax": null, + "email": "mail@microsoft.com" + }, + "registrant": null, + "billing": { + "name": "Administrator", + "org": "Microsoft", + "street": [ + "123 Fake Street" + ], + "city": null, + "state": "WA", + "postal": "90210", + "country": "United States", + "phone": "1-800-555-1234", + "fax": null, + "email": "mail@microsoft.com" + }, + "tech": { + "name": "Administrator", + "org": "Microsoft", + "street": [ + "123 Fake Street" + ], + "city": null, + "state": "WA", + "postal": "90210", + "country": "United States", + "phone": "1-800-555-1234", + "fax": null, + "email": "mail@microsoft.com" + } + }, + "nameServers": [ + "ns1-205.azure-dns.com", + "ns2-205.azure-dns.net", + "ns3-205.azure-dns.org", + "ns4-205.azure-dns.info" + ], + "statuses": [ + "clientUpdateProhibited", + "clientTransferProhibited", + "clientDeleteProhibited", + "serverUpdateProhibited", + "serverTransferProhibited", + "serverDeleteProhibited" + ] + } + } + } + } +} From a4041b7b470d7a0a390312966f2013394555f05b Mon Sep 17 00:00:00 2001 From: Tim Paterson <=> Date: Wed, 17 Mar 2021 10:31:00 -0300 Subject: [PATCH 2/7] Prettier --- .../examples/enrichment/GetGeodataByIp.json | 60 +++++++++---------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json index 29d39484fe40..ac5602116295 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json @@ -1,31 +1,31 @@ { - "parameters": { - "api-version": "2019-01-01-preview", - "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", - "ipAddress": "1.2.3.4" - }, - "responses": { - "200": { - "body": { - "carrier": "myOrg Incorporated", - "city": "hamilton", - "cityCf": 90, - "continent": "north america", - "country": "canada", - "countryCf": 99, - "ipAddr": "1.2.3.4", - "latitude": "45.2436", - "longitude": "-74.8891", - "organization": "My Organization's name", - "organizationType": "ISP", - "region": "central canada", - "state": "ontario", - "stateCf": null, - "stateCode": "on" - } - } - } -} \ No newline at end of file + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "ipAddress": "1.2.3.4" + }, + "responses": { + "200": { + "body": { + "carrier": "myOrg Incorporated", + "city": "hamilton", + "cityCf": 90, + "continent": "north america", + "country": "canada", + "countryCf": 99, + "ipAddr": "1.2.3.4", + "latitude": "45.2436", + "longitude": "-74.8891", + "organization": "My Organization's name", + "organizationType": "ISP", + "region": "central canada", + "state": "ontario", + "stateCf": null, + "stateCode": "on" + } + } + } +} From 264f86355d921bb4449c23350c68b5bbaa5aa22c Mon Sep 17 00:00:00 2001 From: Tim Paterson <=> Date: Thu, 8 Apr 2021 18:30:54 -0300 Subject: [PATCH 3/7] Add two new fields --- .../preview/2019-01-01-preview/SecurityInsights.json | 8 ++++++++ .../examples/enrichment/GetGeodataByIp.json | 2 ++ 2 files changed, 10 insertions(+) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index a0da76944b24..81a070cd5107 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -7962,6 +7962,10 @@ "EnrichmentIpGeodata": { "description": "Geodata information for a given IP address", "properties": { + "asn": { + "description": "The autonomous system number associated with this IP", + "type": "string" + }, "carrier": { "description": "The name of the carrier for this IP", "type": "string" @@ -7992,6 +7996,10 @@ "description": "The dotted-decimal or colon-separated string representation of the IP", "type": "string" }, + "ipRoutingType": { + "description": "A description of the connection type of this IP", + "type": "string" + }, "latitude": { "description": "The latitude of this IP", "type": "string" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json index ac5602116295..3defc0e8552d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json @@ -10,6 +10,7 @@ "responses": { "200": { "body": { + "asn": "12345", "carrier": "myOrg Incorporated", "city": "hamilton", "cityCf": 90, @@ -17,6 +18,7 @@ "country": "canada", "countryCf": 99, "ipAddr": "1.2.3.4", + "ipRoutingType": "fixed", "latitude": "45.2436", "longitude": "-74.8891", "organization": "My Organization's name", From 0b13b0d56e5be60c656502f5b023d955081d2218 Mon Sep 17 00:00:00 2001 From: Tim Paterson <=> Date: Fri, 9 Apr 2021 10:21:13 -0300 Subject: [PATCH 4/7] Prettier --- .../examples/enrichment/GetGeodataByIp.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json index 3defc0e8552d..b840a1bf6711 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json @@ -10,7 +10,7 @@ "responses": { "200": { "body": { - "asn": "12345", + "asn": "12345", "carrier": "myOrg Incorporated", "city": "hamilton", "cityCf": 90, @@ -18,7 +18,7 @@ "country": "canada", "countryCf": 99, "ipAddr": "1.2.3.4", - "ipRoutingType": "fixed", + "ipRoutingType": "fixed", "latitude": "45.2436", "longitude": "-74.8891", "organization": "My Organization's name", From 5947be9c2f29a5691df22d60a3c0a06f5b1a7a11 Mon Sep 17 00:00:00 2001 From: Tim Paterson <=> Date: Tue, 13 Apr 2021 18:38:06 -0300 Subject: [PATCH 5/7] Remove two fields, fix several descriptions --- .../2019-01-01-preview/SecurityInsights.json | 67 ++++++++----------- .../examples/enrichment/GetGeodataByIp.json | 22 +++--- .../enrichment/GetWhoisByDomainName.json | 16 ++--- 3 files changed, 47 insertions(+), 58 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index 81a070cd5107..9dade7b8eebc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -7793,24 +7793,15 @@ "type": "object" }, "EnrichmentDomainWhois": { - "description": "Whois information (plus timestamps) for a given domain", + "description": "Whois information for a given domain and associated metadata", "properties": { "domain": { "description": "The domain for this whois record", "type": "string" }, "server": { - "description": "The timestamp at which this record was created", - "format": "date-time", - "type": "string" - }, - "date": { - "description": "The date portion of the timestamp field", - "type": "string" - }, - "timestamp": { - "description": "The timestamp at which this record was retrieved", - "format": "date-time", + "description": "The hostname of this registrar's whois server", + "format": "string", "type": "string" }, "created": { @@ -7881,7 +7872,7 @@ "type": "string" }, "url": { - "description": "This registrar's url", + "description": "This registrar's URL", "type": "string" }, "whoisServer": { @@ -7919,7 +7910,7 @@ "type": "string" }, "org": { - "description": "This contact's organization", + "description": "The organization for this contact", "type": "string" }, "street": { @@ -7930,31 +7921,31 @@ } }, "city": { - "description": "This contact's city", + "description": "The city for this contact", "type": "string" }, "state": { - "description": "This contact's state", + "description": "The state for this contact", "type": "string" }, "postal": { - "description": "This contact's postal code", + "description": "The postal code for this contact", "type": "string" }, "country": { - "description": "This contact's country", + "description": "The country for this contact", "type": "string" }, "phone": { - "description": "This contact's phone number", + "description": "The phone number for this contact", "type": "string" }, "fax": { - "description": "This contact's fax number", + "description": "The fax number for this contact", "type": "string" }, "email": { - "description": "This contact's email address", + "description": "The email address for this contact", "type": "string" } } @@ -7963,74 +7954,74 @@ "description": "Geodata information for a given IP address", "properties": { "asn": { - "description": "The autonomous system number associated with this IP", + "description": "The autonomous system number associated with this IP address", "type": "string" }, "carrier": { - "description": "The name of the carrier for this IP", + "description": "The name of the carrier for this IP address", "type": "string" }, "city": { - "description": "The city this IP is located in", + "description": "The city this IP address is located in", "type": "string" }, "cityCf": { - "description": "A numeric rating of confidence that the value in 'city' is correct", + "description": "A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100", "type": "integer", "format": "int32" }, "continent": { - "description": "The continent this IP is located on", + "description": "The continent this IP address is located on", "type": "string" }, "country": { - "description": "The county this IP is located in", + "description": "The county this IP address is located in", "type": "string" }, "countryCf": { - "description": "A numeric rating of confidence that the value in 'country' is correct", + "description": "A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100", "type": "integer", "format": "int32" }, "ipAddr": { - "description": "The dotted-decimal or colon-separated string representation of the IP", + "description": "The dotted-decimal or colon-separated string representation of the IP address", "type": "string" }, "ipRoutingType": { - "description": "A description of the connection type of this IP", + "description": "A description of the connection type of this IP address", "type": "string" }, "latitude": { - "description": "The latitude of this IP", + "description": "The latitude of this IP address", "type": "string" }, "longitude": { - "description": "The longitude of this IP", + "description": "The longitude of this IP address", "type": "string" }, "organization": { - "description": "The name of the organization for this IP", + "description": "The name of the organization for this IP address", "type": "string" }, "organizationType": { - "description": "The type of the organization for this IP", + "description": "The type of the organization for this IP address", "type": "string" }, "region": { - "description": "The geographic region this IP is locate in", + "description": "The geographic region this IP address is located in", "type": "string" }, "state": { - "description": "The state this IP is located in", + "description": "The state this IP address is located in", "type": "string" }, "stateCf": { - "description": "A numeric rating of confidence that the value in 'state' is correct", + "description": "A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100", "type": "integer", "format": "int32" }, "stateCode": { - "description": "The abbreviated name for the state this IP is located in", + "description": "The abbreviated name for the state this IP address is located in", "type": "string" } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json index b840a1bf6711..23a8f28c5b79 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json @@ -4,29 +4,29 @@ "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "ipAddress": "1.2.3.4" }, "responses": { "200": { "body": { "asn": "12345", - "carrier": "myOrg Incorporated", - "city": "hamilton", + "carrier": "Microsoft", + "city": "Redmond", "cityCf": 90, "continent": "north america", - "country": "canada", + "country": "united states", "countryCf": 99, "ipAddr": "1.2.3.4", "ipRoutingType": "fixed", - "latitude": "45.2436", - "longitude": "-74.8891", - "organization": "My Organization's name", - "organizationType": "ISP", - "region": "central canada", - "state": "ontario", + "latitude": "40.2436", + "longitude": "-100.8891", + "organization": "Microsoft", + "organizationType": "tech", + "region": "western usa", + "state": "washington", "stateCf": null, - "stateCode": "on" + "stateCode": "wa" } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json index 1552f9b7178b..6d318e17732b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json @@ -4,7 +4,7 @@ "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalIinsights", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "domain": "microsoft.com" }, "responses": { @@ -12,8 +12,6 @@ "body": { "domain": "microsoft.com", "server": null, - "date": "2021-02-08", - "timestamp": null, "created": "2021-02-25T16:15:01.187045Z", "updated": "2021-02-25T16:15:01.187045Z", "expires": null, @@ -30,11 +28,11 @@ "name": "Administrator", "org": "Microsoft", "street": [ - "123 Fake Street" + "One Microsoft Way" ], "city": null, "state": "WA", - "postal": "90210", + "postal": "98052", "country": "United States", "phone": "1-800-555-1234", "fax": null, @@ -45,11 +43,11 @@ "name": "Administrator", "org": "Microsoft", "street": [ - "123 Fake Street" + "One Microsoft Way" ], "city": null, "state": "WA", - "postal": "90210", + "postal": "98052", "country": "United States", "phone": "1-800-555-1234", "fax": null, @@ -59,11 +57,11 @@ "name": "Administrator", "org": "Microsoft", "street": [ - "123 Fake Street" + "One Microsoft Way" ], "city": null, "state": "WA", - "postal": "90210", + "postal": "98052", "country": "United States", "phone": "1-800-555-1234", "fax": null, From bcaebcd47461025cc0dc174ac01b8e1fdeea3fba Mon Sep 17 00:00:00 2001 From: Tim Paterson <=> Date: Wed, 28 Apr 2021 16:28:58 -0300 Subject: [PATCH 6/7] Remove unneeded format line --- .../preview/2019-01-01-preview/SecurityInsights.json | 1 - 1 file changed, 1 deletion(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json index 9dade7b8eebc..f7a1d2656d01 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json @@ -7801,7 +7801,6 @@ }, "server": { "description": "The hostname of this registrar's whois server", - "format": "string", "type": "string" }, "created": { From cb2557bd6fb02b0b0497a669d8cfccb07a0509a6 Mon Sep 17 00:00:00 2001 From: Tim Paterson <=> Date: Fri, 30 Apr 2021 20:30:03 -0300 Subject: [PATCH 7/7] Remove incorrect references to operational insights and workspacename --- .../2019-01-01-preview/examples/enrichment/GetGeodataByIp.json | 2 -- .../examples/enrichment/GetWhoisByDomainName.json | 2 -- 2 files changed, 4 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json index 23a8f28c5b79..a351f5e1ecfe 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json @@ -3,8 +3,6 @@ "api-version": "2019-01-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "ipAddress": "1.2.3.4" }, "responses": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json index 6d318e17732b..446f5f059cad 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json @@ -3,8 +3,6 @@ "api-version": "2019-01-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", - "workspaceName": "myWorkspace", - "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", "domain": "microsoft.com" }, "responses": {