Initial public commit for enrichment APIs (Azure#13479)

TimLPaterson · web-flow · commit f1b7ba2a910b · 2021-05-10T22:04:02.000+08:00
* Initial public commit for enrichment APIs

* Prettier

* Add two new fields

* Prettier

* Remove two fields, fix several descriptions

* Remove unneeded format line

* Remove incorrect references to operational insights and workspacename

Co-authored-by: Tim Paterson &lt;=&gt;
diff --git a/custom-words.txt b/custom-words.txt
@@ -718,6 +718,8 @@ generatevpnprofile
 geobias
 geocode
 geocodes
+geodata
+Geodata
 Geofence
 geofences
 Geofencing
diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json
@@ -1849,6 +1849,90 @@
         }
       }
     },
+    "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/ip/geodata/": {
+      "get": {
+        "x-ms-examples": {
+          "Get geodata for a single IP address": {
+            "$ref": "./examples/enrichment/GetGeodataByIp.json"
+          }
+        },
+        "tags": [
+          "Enrichment"
+        ],
+        "description": "Get geodata for a single IP address",
+        "operationId": "IPGeodata_Get",
+        "parameters": [
+          {
+            "$ref": "#/parameters/ApiVersion"
+          },
+          {
+            "$ref": "#/parameters/SubscriptionId"
+          },
+          {
+            "$ref": "#/parameters/ResourceGroupName"
+          },
+          {
+            "$ref": "#/parameters/EnrichmentIpAddress"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "OK",
+            "schema": {
+              "$ref": "#/definitions/EnrichmentIpGeodata"
+            }
+          },
+          "default": {
+            "description": "Error response describing why the operation failed to enrich this ip.",
+            "schema": {
+              "$ref": "#/definitions/CloudError"
+            }
+          }
+        }
+      }
+    },
+    "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/domain/whois/": {
+      "get": {
+        "x-ms-examples": {
+          "Get whois information for a single domain name": {
+            "$ref": "./examples/enrichment/GetWhoisByDomainName.json"
+          }
+        },
+        "tags": [
+          "Enrichment"
+        ],
+        "description": "Get whois information for a single domain name",
+        "operationId": "DomainWhois_Get",
+        "parameters": [
+          {
+            "$ref": "#/parameters/ApiVersion"
+          },
+          {
+            "$ref": "#/parameters/SubscriptionId"
+          },
+          {
+            "$ref": "#/parameters/ResourceGroupName"
+          },
+          {
+            "$ref": "#/parameters/EnrichmentDomain"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "OK",
+            "schema": {
+              "$ref": "#/definitions/EnrichmentDomainWhois"
+            }
+          },
+          "default": {
+            "description": "Error response describing why the operation failed to enrich this domain.",
+            "schema": {
+              "$ref": "#/definitions/CloudError"
+            }
+          }
+        }
+      }
+    },
     "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{operationalInsightsResourceProvider}/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors": {
       "get": {
         "x-ms-examples": {
@@ -7708,6 +7792,239 @@
       "description": "Dynamics365 requirements check properties.",
       "type": "object"
     },
+    "EnrichmentDomainWhois": {
+      "description": "Whois information for a given domain and associated metadata",
+      "properties": {
+        "domain": {
+          "description": "The domain for this whois record",
+          "type": "string"
+        },
+        "server": {
+          "description": "The hostname of this registrar's whois server",
+          "type": "string"
+        },
+        "created": {
+          "description": "The timestamp at which this record was created",
+          "format": "date-time",
+          "type": "string"
+        },
+        "updated": {
+          "description": "The timestamp at which this record was last updated",
+          "format": "date-time",
+          "type": "string"
+        },
+        "expires": {
+          "description": "The timestamp at which this record will expire",
+          "format": "date-time",
+          "type": "string"
+        },
+        "parsedWhois": {
+          "description": "The whois record for a given domain",
+          "$ref": "#/definitions/EnrichmentDomainWhoisDetails"
+        }
+      }
+    },
+    "EnrichmentDomainWhoisDetails": {
+      "description": "The whois record for a given domain",
+      "properties": {
+        "registrar": {
+          "description": "The registrar associated with this domain",
+          "$ref": "#/definitions/EnrichmentDomainWhoisRegistrarDetails"
+        },
+        "contacts": {
+          "description": "The set of contacts associated with this domain",
+          "$ref": "#/definitions/EnrichmentDomainWhoisContacts"
+        },
+        "nameServers": {
+          "description": "A list of name servers associated with this domain",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "statuses": {
+          "description": "The set of status flags for this whois record",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      }
+    },
+    "EnrichmentDomainWhoisRegistrarDetails": {
+      "description": "The registrar associated with this domain",
+      "properties": {
+        "name": {
+          "description": "The name of this registrar",
+          "type": "string"
+        },
+        "abuseContactEmail": {
+          "description": "This registrar's abuse contact email",
+          "type": "string"
+        },
+        "abuseContactPhone": {
+          "description": "This registrar's abuse contact phone number",
+          "type": "string"
+        },
+        "ianaId": {
+          "description": "This registrar's Internet Assigned Numbers Authority id",
+          "type": "string"
+        },
+        "url": {
+          "description": "This registrar's URL",
+          "type": "string"
+        },
+        "whoisServer": {
+          "description": "The hostname of this registrar's whois server",
+          "type": "string"
+        }
+      }
+    },
+    "EnrichmentDomainWhoisContacts": {
+      "description": "The set of contacts associated with this domain",
+      "properties": {
+        "admin": {
+          "description": "The admin contact for this whois record",
+          "$ref": "#/definitions/EnrichmentDomainWhoisContact"
+        },
+        "billing": {
+          "description": "The billing contact for this whois record",
+          "$ref": "#/definitions/EnrichmentDomainWhoisContact"
+        },
+        "registrant": {
+          "description": "The registrant contact for this whois record",
+          "$ref": "#/definitions/EnrichmentDomainWhoisContact"
+        },
+        "tech": {
+          "description": "The technical contact for this whois record",
+          "$ref": "#/definitions/EnrichmentDomainWhoisContact"
+        }
+      }
+    },
+    "EnrichmentDomainWhoisContact": {
+      "description": "An individual contact associated with this domain",
+      "properties": {
+        "name": {
+          "description": "The name of this contact",
+          "type": "string"
+        },
+        "org": {
+          "description": "The organization for this contact",
+          "type": "string"
+        },
+        "street": {
+          "description": "A list describing the street address for this contact",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "city": {
+          "description": "The city for this contact",
+          "type": "string"
+        },
+        "state": {
+          "description": "The state for this contact",
+          "type": "string"
+        },
+        "postal": {
+          "description": "The postal code for this contact",
+          "type": "string"
+        },
+        "country": {
+          "description": "The country for this contact",
+          "type": "string"
+        },
+        "phone": {
+          "description": "The phone number for this contact",
+          "type": "string"
+        },
+        "fax": {
+          "description": "The fax number for this contact",
+          "type": "string"
+        },
+        "email": {
+          "description": "The email address for this contact",
+          "type": "string"
+        }
+      }
+    },
+    "EnrichmentIpGeodata": {
+      "description": "Geodata information for a given IP address",
+      "properties": {
+        "asn": {
+          "description": "The autonomous system number associated with this IP address",
+          "type": "string"
+        },
+        "carrier": {
+          "description": "The name of the carrier for this IP address",
+          "type": "string"
+        },
+        "city": {
+          "description": "The city this IP address is located in",
+          "type": "string"
+        },
+        "cityCf": {
+          "description": "A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100",
+          "type": "integer",
+          "format": "int32"
+        },
+        "continent": {
+          "description": "The continent this IP address is located on",
+          "type": "string"
+        },
+        "country": {
+          "description": "The county this IP address is located in",
+          "type": "string"
+        },
+        "countryCf": {
+          "description": "A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100",
+          "type": "integer",
+          "format": "int32"
+        },
+        "ipAddr": {
+          "description": "The dotted-decimal or colon-separated string representation of the IP address",
+          "type": "string"
+        },
+        "ipRoutingType": {
+          "description": "A description of the connection type of this IP address",
+          "type": "string"
+        },
+        "latitude": {
+          "description": "The latitude of this IP address",
+          "type": "string"
+        },
+        "longitude": {
+          "description": "The longitude of this IP address",
+          "type": "string"
+        },
+        "organization": {
+          "description": "The name of the organization for this IP address",
+          "type": "string"
+        },
+        "organizationType": {
+          "description": "The type of the organization for this IP address",
+          "type": "string"
+        },
+        "region": {
+          "description": "The geographic region this IP address is located in",
+          "type": "string"
+        },
+        "state": {
+          "description": "The state this IP address is located in",
+          "type": "string"
+        },
+        "stateCf": {
+          "description": "A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100",
+          "type": "integer",
+          "format": "int32"
+        },
+        "stateCode": {
+          "description": "The abbreviated name for the state this IP address is located in",
+          "type": "string"
+        }
+      }
+    },
     "Entity": {
       "allOf": [
         {
@@ -13910,6 +14227,22 @@
       },
       "x-ms-parameter-location": "method"
     },
+    "EnrichmentDomain": {
+      "description": "Domain name to be enriched",
+      "in": "query",
+      "name": "domain",
+      "required": true,
+      "type": "string",
+      "x-ms-parameter-location": "method"
+    },
+    "EnrichmentIpAddress": {
+      "description": "IP address (v4 or v6) to be enriched",
+      "in": "query",
+      "name": "ipAddress",
+      "required": true,
+      "type": "string",
+      "x-ms-parameter-location": "method"
+    },
     "EntityExpandRequestBody": {
       "description": "The parameters required to execute an expand operation on the given entity.",
       "in": "body",
diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetGeodataByIp.json
@@ -0,0 +1,31 @@
+{
+  "parameters": {
+    "api-version": "2019-01-01-preview",
+    "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a",
+    "resourceGroupName": "myRg",
+    "ipAddress": "1.2.3.4"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "asn": "12345",
+        "carrier": "Microsoft",
+        "city": "Redmond",
+        "cityCf": 90,
+        "continent": "north america",
+        "country": "united states",
+        "countryCf": 99,
+        "ipAddr": "1.2.3.4",
+        "ipRoutingType": "fixed",
+        "latitude": "40.2436",
+        "longitude": "-100.8891",
+        "organization": "Microsoft",
+        "organizationType": "tech",
+        "region": "western usa",
+        "state": "washington",
+        "stateCf": null,
+        "stateCode": "wa"
+      }
+    }
+  }
+}
diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/enrichment/GetWhoisByDomainName.json
