diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/FileImports.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/FileImports.json new file mode 100644 index 000000000000..64f95a3b891f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/FileImports.json @@ -0,0 +1,564 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2022-05-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports": { + "get": { + "x-ms-examples": { + "Get all file imports.": { + "$ref": "./examples/fileImports/GetFileImports.json" + } + }, + "tags": [ + "FileImports" + ], + "description": "Gets all file imports.", + "operationId": "FileImports_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/FileImportList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}": { + "get": { + "x-ms-examples": { + "Get a file import.": { + "$ref": "./examples/fileImports/GetFileImportById.json" + } + }, + "tags": [ + "FileImports" + ], + "description": "Gets a file import.", + "operationId": "FileImports_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/FileImportId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/FileImport" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create a file import.": { + "$ref": "./examples/fileImports/CreateFileImport.json" + } + }, + "tags": [ + "FileImports" + ], + "description": "Creates the file import.", + "operationId": "FileImports_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/FileImportId" + }, + { + "$ref": "#/parameters/FileImport" + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/FileImport" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a file import.": { + "$ref": "./examples/fileImports/DeleteFileImport.json" + } + }, + "tags": [ + "FileImports" + ], + "description": "Delete the file import.", + "operationId": "FileImports_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/FileImportId" + } + ], + "responses": { + "202": { + "description": "Accepted", + "schema": { + "$ref": "#/definitions/FileImport" + } + }, + "204": { + "description": "No Content" + }, + "200": { + "description": "" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-long-running-operation": true + } + } + }, + "definitions": { + "FileMetadata": { + "description": "Represents a file.", + "properties": { + "fileFormat": { + "description": "The format of the file", + "enum": [ + "CSV", + "JSON", + "Unspecified" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "fileFormat", + "values": [ + { + "description": "A CSV file.", + "value": "CSV" + }, + { + "description": "A JSON file.", + "value": "JSON" + }, + { + "description": "A file of other format.", + "value": "Unspecified" + } + ] + } + }, + "fileName": { + "description": "The name of the file.", + "type": "string" + }, + "fileSize": { + "description": "The size of the file.", + "format": "int32", + "type": "integer" + }, + "fileContentUri": { + "description": "A URI with a valid SAS token to allow uploading / downloading the file.", + "type": "string", + "readOnly": true + }, + "deleteStatus": { + "description": "Indicates whether the file was deleted from the storage account.", + "enum": [ + "Deleted", + "NotDeleted", + "Unspecified" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DeleteStatus", + "values": [ + { + "description": "The file was deleted.", + "value": "Deleted" + }, + { + "description": "The file was not deleted.", + "value": "NotDeleted" + }, + { + "description": "Unspecified", + "value": "Unspecified" + } + ] + }, + "readOnly": true + } + }, + "type": "object" + }, + "FileImport": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/Resource" + } + ], + "description": "Represents a file import in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/FileImportProperties", + "description": "File import properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "FileImportList": { + "description": "List all the file imports.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of file imports.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of file imports.", + "items": { + "$ref": "#/definitions/FileImport" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "FileImportProperties": { + "description": "Describes the FileImport's properties", + "properties": { + "ingestionMode": { + "description": "Describes how to ingest the records in the file.", + "enum": [ + "IngestOnlyIfAllAreValid", + "IngestAnyValidRecords", + "Unspecified" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IngestionMode", + "values": [ + { + "description": "No records should be ingested when invalid records are detected.", + "value": "IngestOnlyIfAllAreValid" + }, + { + "description": "Valid records should still be ingested when invalid records are detected.", + "value": "IngestAnyValidRecords" + }, + { + "description": "Unspecified", + "value": "Unspecified" + } + ] + } + }, + "contentType": { + "description": "The content type of this file.", + "enum": [ + "BasicIndicator", + "StixIndicator", + "Unspecified" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "FileImportContentType", + "values": [ + { + "description": "File containing records with the core fields of an indicator, plus the observables to construct the STIX pattern.", + "value": "BasicIndicator" + }, + { + "description": "File containing STIX indicators.", + "value": "StixIndicator" + }, + { + "description": "File containing other records.", + "value": "Unspecified" + } + ] + } + }, + "createdTimeUTC": { + "description": "The time the file was imported.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "errorFile": { + "description": "Represents the error file (if the import was ingested with errors or failed the validation).", + "$ref": "#/definitions/FileMetadata", + "readOnly": true, + "type": "object" + }, + "errorsPreview": { + "description": "An ordered list of some of the errors that were encountered during validation.", + "items": { + "description": "An error that were encountered during validation.", + "$ref": "#/definitions/ValidationError" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "importFile": { + "description": "Represents the imported file.", + "$ref": "#/definitions/FileMetadata", + "type": "object" + }, + "ingestedRecordCount": { + "description": "The number of records that have been successfully ingested.", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "source": { + "description": "The source for the data in the file.", + "type": "string" + }, + "state": { + "description": "The state of the file import.", + "enum": [ + "FatalError", + "Ingested", + "IngestedWithErrors", + "InProgress", + "Invalid", + "WaitingForUpload", + "Unspecified" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "FileImportState", + "values": [ + { + "description": "A fatal error has occurred while ingesting the file.", + "value": "FatalError" + }, + { + "description": "The file has been ingested.", + "value": "Ingested" + }, + { + "description": "The file has been ingested with errors.", + "value": "IngestedWithErrors" + }, + { + "description": "The file ingestion is in progress.", + "value": "InProgress" + }, + { + "description": "The file is invalid.", + "value": "Invalid" + }, + { + "description": "Waiting for the file to be uploaded.", + "value": "WaitingForUpload" + }, + { + "description": "Unspecified state.", + "value": "Unspecified" + } + ] + } + }, + "totalRecordCount": { + "description": "The number of records in the file.", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "validRecordCount": { + "description": "The number of records that have passed validation.", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "filesValidUntilTimeUTC": { + "description": "The time the files associated with this import are deleted from the storage account.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "importValidUntilTimeUTC": { + "description": "The time the file import record is soft deleted from the database and history.", + "format": "date-time", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "ingestionMode", + "contentType", + "importFile", + "source" + ], + "type": "object" + }, + "ValidationError": { + "description": "Describes an error encountered in the file during validation.", + "properties": { + "recordIndex": { + "description": "The number of the record that has the error.", + "type": "integer", + "format": "int32" + }, + "errorMessages": { + "description": "A list of descriptions of the error.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + } + }, + "parameters": { + "FileImportId": { + "description": "File import ID", + "in": "path", + "name": "fileImportId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "FileImport": { + "description": "The file import", + "in": "body", + "name": "fileImport", + "required": true, + "schema": { + "$ref": "#/definitions/FileImport" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/fileImports/CreateFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/fileImports/CreateFileImport.json new file mode 100644 index 000000000000..2559e9f6867f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/fileImports/CreateFileImport.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "api-version": "2022-05-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "fileImport": { + "properties": { + "source": "mySource", + "importFile": { + "fileName": "myFile.json", + "fileSize": 4653, + "fileFormat": "JSON" + }, + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords" + } + } + }, + "responses": { + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "properties": { + "importFile": { + "fileName": "myFile.json", + "fileSize": 4653, + "fileFormat": "JSON", + "fileContentUri": "https://sentinelimportswus2.blob.core.windows.net/78c2e51a-3cd3-4ca0-a2d4-e7effb9a05fe/43967a5e-47a7-474e-afb8-2081e9b99ca1/fileName.json?skoid=40ca3ff4-ed1d-4c65-a409-8c6caff8a6d5&sktid=72f988bf-86f1-41af-91ab-2d7cd011db47&skt=2022-03-25T21%3A12%3A51Z&ske=2022-03-25T22%3A12%3A51Z&sks=b&skv=2020-10-02&sv=2020-08-04&st=2022-03-25T21%3A12%3A51Z&se=2022-03-25T22%3A12%3A51Z&sr=b&sp=c&sig=5n0D%2FERS6ZOQdfdO2adleeSVOM4b6mQeds%2FWYCGm9pU%3D", + "deleteStatus": "NotDeleted" + }, + "state": "WaitingForUpload", + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords", + "totalRecordCount": null, + "validRecordCount": null, + "ingestedRecordCount": null, + "createdTimeUTC": "2022-04-04T20:05:59.847136Z", + "filesValidUntilTimeUTC": "2022-04-05T20:05:59.8471361Z", + "importValidUntilTimeUTC": "2022-05-04T20:05:59.8471366Z", + "source": "mySource" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/fileImports/DeleteFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/fileImports/DeleteFileImport.json new file mode 100644 index 000000000000..c731e8ce6e34 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/fileImports/DeleteFileImport.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "api-version": "2022-05-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "202": { + "headers": { + "location": "https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "properties": { + "importFile": { + "fileName": "myFile.json", + "fileSize": 5146, + "fileFormat": "JSON", + "fileContentUri": null, + "deleteStatus": "NotDeleted" + }, + "state": "Ingested", + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords", + "totalRecordCount": 5, + "validRecordCount": 5, + "ingestedRecordCount": 5, + "createdTimeUTC": "2022-03-25T21:02:38.8350631Z", + "filesValidUntilTimeUTC": "2022-03-26T21:02:38.8350632Z", + "importValidUntilTimeUTC": "2022-04-24T21:02:38.8350636Z", + "source": "mySource" + } + } + }, + "204": {}, + "200": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/fileImports/GetFileImportById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/fileImports/GetFileImportById.json new file mode 100644 index 000000000000..08b3050b6c95 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/fileImports/GetFileImportById.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2022-05-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "properties": { + "importFile": { + "fileName": "myFile.json", + "fileSize": 5146, + "fileFormat": "JSON", + "fileContentUri": "https://sentinelimportswus2.blob.core.windows.net/78c2e51a-3cd3-4ca0-a2d4-e7effb9a05fe/43967a5e-47a7-474e-afb8-2081e9b99ca1/myFile.json?skoid=40ca3ff4-ed1d-4c65-a409-8c6caff8a6d5&sktid=72f988bf-86f1-41af-91ab-2d7cd011db47&skt=2022-03-25T21%3A12%3A51Z&ske=2022-03-25T22%3A12%3A51Z&sks=b&skv=2020-10-02&sv=2020-08-04&st=2022-03-25T21%3A12%3A51Z&se=2022-03-25T22%3A12%3A51Z&sr=b&sp=c&sig=5n0D%2FERS6ZOQdfdO2adleeSVOM4b6mQeds%2FWYCGm9pU%3D", + "deleteStatus": "NotDeleted" + }, + "state": "Ingested", + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords", + "totalRecordCount": 5, + "validRecordCount": 5, + "ingestedRecordCount": 5, + "createdTimeUTC": "2022-03-25T21:02:38.8350631Z", + "filesValidUntilTimeUTC": "2022-03-26T21:02:38.8350632Z", + "importValidUntilTimeUTC": "2022-04-24T21:02:38.8350636Z", + "source": "mySource" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/fileImports/GetFileImports.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/fileImports/GetFileImports.json new file mode 100644 index 000000000000..536d58a3b7bf --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-05-01-preview/examples/fileImports/GetFileImports.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "api-version": "2022-05-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "properties": { + "importFile": { + "fileName": "fileName.json", + "fileSize": 5146, + "fileFormat": "JSON", + "fileContentUri": null, + "deleteStatus": "NotDeleted" + }, + "state": "Ingested", + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords", + "totalRecordCount": 5, + "validRecordCount": 5, + "ingestedRecordCount": 5, + "createdTimeUTC": "2022-03-25T21:02:38.8350631Z", + "filesValidUntilTimeUTC": "2022-03-26T21:02:38.8350632Z", + "importValidUntilTimeUTC": "2022-04-24T21:02:38.8350636Z", + "source": "mySource" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/readme.md b/specification/securityinsights/resource-manager/readme.md index efb4ce8fbf24..82891f26beb8 100644 --- a/specification/securityinsights/resource-manager/readme.md +++ b/specification/securityinsights/resource-manager/readme.md @@ -45,6 +45,7 @@ input-file: - Microsoft.SecurityInsights/preview/2022-05-01-preview/Entities.json - Microsoft.SecurityInsights/preview/2022-05-01-preview/EntityQueries.json - Microsoft.SecurityInsights/preview/2022-05-01-preview/EntityQueryTemplates.json + - Microsoft.SecurityInsights/preview/2022-05-01-preview/FileImports.json - Microsoft.SecurityInsights/preview/2022-05-01-preview/Incidents.json - Microsoft.SecurityInsights/preview/2022-05-01-preview/Metadata.json - Microsoft.SecurityInsights/preview/2022-05-01-preview/OfficeConsents.json