|
80 | 80 | ], |
81 | 81 | "description": "Microsoft.SecurityInsights/dataConnectors" |
82 | 82 | }, |
| 83 | + "entityQueries": { |
| 84 | + "type": "object", |
| 85 | + "oneOf": [ |
| 86 | + { |
| 87 | + "$ref": "#/definitions/ActivityCustomEntityQuery" |
| 88 | + } |
| 89 | + ], |
| 90 | + "properties": { |
| 91 | + "apiVersion": { |
| 92 | + "type": "string", |
| 93 | + "enum": [ |
| 94 | + "2021-03-01-preview" |
| 95 | + ] |
| 96 | + }, |
| 97 | + "etag": { |
| 98 | + "type": "string", |
| 99 | + "description": "Etag of the azure resource" |
| 100 | + }, |
| 101 | + "name": { |
| 102 | + "type": "string", |
| 103 | + "description": "entity query ID" |
| 104 | + }, |
| 105 | + "type": { |
| 106 | + "type": "string", |
| 107 | + "enum": [ |
| 108 | + "Microsoft.SecurityInsights/entityQueries" |
| 109 | + ] |
| 110 | + } |
| 111 | + }, |
| 112 | + "required": [ |
| 113 | + "apiVersion", |
| 114 | + "name", |
| 115 | + "type" |
| 116 | + ], |
| 117 | + "description": "Microsoft.SecurityInsights/entityQueries" |
| 118 | + }, |
83 | 119 | "onboardingStates": { |
84 | 120 | "type": "object", |
85 | 121 | "properties": { |
|
363 | 399 | ], |
364 | 400 | "description": "AATP (Azure Advanced Threat Protection) data connector properties." |
365 | 401 | }, |
| 402 | + "ActivityCustomEntityQuery": { |
| 403 | + "type": "object", |
| 404 | + "properties": { |
| 405 | + "kind": { |
| 406 | + "type": "string", |
| 407 | + "enum": [ |
| 408 | + "Activity" |
| 409 | + ] |
| 410 | + }, |
| 411 | + "properties": { |
| 412 | + "oneOf": [ |
| 413 | + { |
| 414 | + "$ref": "#/definitions/ActivityEntityQueriesProperties" |
| 415 | + }, |
| 416 | + { |
| 417 | + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" |
| 418 | + } |
| 419 | + ], |
| 420 | + "description": "Describes activity entity query properties" |
| 421 | + } |
| 422 | + }, |
| 423 | + "required": [ |
| 424 | + "kind" |
| 425 | + ], |
| 426 | + "description": "Represents Activity entity query." |
| 427 | + }, |
| 428 | + "ActivityEntityQueriesProperties": { |
| 429 | + "type": "object", |
| 430 | + "properties": { |
| 431 | + "content": { |
| 432 | + "type": "string", |
| 433 | + "description": "The entity query content to display in timeline" |
| 434 | + }, |
| 435 | + "description": { |
| 436 | + "type": "string", |
| 437 | + "description": "The entity query description" |
| 438 | + }, |
| 439 | + "enabled": { |
| 440 | + "oneOf": [ |
| 441 | + { |
| 442 | + "type": "boolean" |
| 443 | + }, |
| 444 | + { |
| 445 | + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" |
| 446 | + } |
| 447 | + ], |
| 448 | + "description": "Determines whether this activity is enabled or disabled." |
| 449 | + }, |
| 450 | + "entitiesFilter": { |
| 451 | + "oneOf": [ |
| 452 | + { |
| 453 | + "type": "object", |
| 454 | + "additionalProperties": { |
| 455 | + "type": "array", |
| 456 | + "items": { |
| 457 | + "type": "string" |
| 458 | + } |
| 459 | + }, |
| 460 | + "properties": {} |
| 461 | + }, |
| 462 | + { |
| 463 | + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" |
| 464 | + } |
| 465 | + ], |
| 466 | + "description": "The query applied only to entities matching to all filters" |
| 467 | + }, |
| 468 | + "inputEntityType": { |
| 469 | + "oneOf": [ |
| 470 | + { |
| 471 | + "type": "string", |
| 472 | + "enum": [ |
| 473 | + "Account", |
| 474 | + "Host", |
| 475 | + "File", |
| 476 | + "AzureResource", |
| 477 | + "CloudApplication", |
| 478 | + "DNS", |
| 479 | + "FileHash", |
| 480 | + "IP", |
| 481 | + "Malware", |
| 482 | + "Process", |
| 483 | + "RegistryKey", |
| 484 | + "RegistryValue", |
| 485 | + "SecurityGroup", |
| 486 | + "URL", |
| 487 | + "IoTDevice", |
| 488 | + "SecurityAlert", |
| 489 | + "HuntingBookmark", |
| 490 | + "MailCluster", |
| 491 | + "MailMessage", |
| 492 | + "Mailbox", |
| 493 | + "SubmissionMail" |
| 494 | + ] |
| 495 | + }, |
| 496 | + { |
| 497 | + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" |
| 498 | + } |
| 499 | + ], |
| 500 | + "description": "The type of the query's source entity." |
| 501 | + }, |
| 502 | + "queryDefinitions": { |
| 503 | + "oneOf": [ |
| 504 | + { |
| 505 | + "$ref": "#/definitions/ActivityEntityQueriesPropertiesQueryDefinitions" |
| 506 | + }, |
| 507 | + { |
| 508 | + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" |
| 509 | + } |
| 510 | + ], |
| 511 | + "description": "The Activity query definitions" |
| 512 | + }, |
| 513 | + "requiredInputFieldsSets": { |
| 514 | + "oneOf": [ |
| 515 | + { |
| 516 | + "type": "array", |
| 517 | + "items": { |
| 518 | + "type": "array", |
| 519 | + "items": { |
| 520 | + "type": "string" |
| 521 | + } |
| 522 | + } |
| 523 | + }, |
| 524 | + { |
| 525 | + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" |
| 526 | + } |
| 527 | + ], |
| 528 | + "description": "List of the fields of the source entity that are required to run the query" |
| 529 | + }, |
| 530 | + "templateName": { |
| 531 | + "type": "string", |
| 532 | + "description": "The template id this activity was created from" |
| 533 | + }, |
| 534 | + "title": { |
| 535 | + "type": "string", |
| 536 | + "description": "The entity query title" |
| 537 | + } |
| 538 | + }, |
| 539 | + "description": "Describes activity entity query properties" |
| 540 | + }, |
| 541 | + "ActivityEntityQueriesPropertiesQueryDefinitions": { |
| 542 | + "type": "object", |
| 543 | + "properties": { |
| 544 | + "query": { |
| 545 | + "type": "string", |
| 546 | + "description": "The Activity query to run on a given entity" |
| 547 | + } |
| 548 | + }, |
| 549 | + "description": "The Activity query definitions" |
| 550 | + }, |
366 | 551 | "AlertsDataTypeOfDataConnector": { |
367 | 552 | "type": "object", |
368 | 553 | "properties": { |
|
0 commit comments