openapi-directory/api/azure.com/securityinsights-SecurityInsights.json

Building & bundling https://github.com/APIs-guru/openapi-directory for easy use from JS

{"openapi":"3.0.0","info":{"description":"API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider","title":"Security Insights","version":"2020-01-01","x-apisguru-categories":["cloud"],"x-logo":{"url":"https://assets.onestore.ms/cdnfiles/onestorerolling-1606-01000/shell/v3/images/logo/microsoft.png"},"x-origin":[{"format":"swagger","url":"https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2020-01-01/SecurityInsights.json","version":"2.0"}],"x-preferred":true,"x-providerName":"azure.com","x-serviceName":"securityinsights-SecurityInsights","x-tags":["Azure","Microsoft"]},"security":[{"azure_auth":["user_impersonation"]}],"paths":{"/providers/Microsoft.SecurityInsights/operations":{"get":{"description":"Lists all operations available Azure Security Insights Resource Provider.","operationId":"Operations_List","parameters":[{"$ref":"#/components/parameters/ApiVersion"}],"responses":{"200":{"description":"OK. Successfully retrieved operations list.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OperationsList"}}}},"default":{"description":"Error response describing why the operation failed.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CloudError"}}}}},"x-ms-pageable":{"nextLinkName":"nextLink"}}},"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules":{"get":{"description":"Gets all alert rules.","operationId":"AlertRules_List","parameters":[{"$ref":"#/components/parameters/ApiVersion"},{"$ref":"#/components/parameters/SubscriptionId"},{"$ref":"#/components/parameters/ResourceGroupName"},{"$ref":"#/components/parameters/WorkspaceName"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AlertRulesList"},"examples":{"Get all alert rules.":{"$ref":"#/components/examples/Get_all_alert_rules."}}}}},"default":{"description":"Error response describing why the operation failed.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CloudError"}}}}},"tags":["Alert Rules"],"x-ms-pageable":{"nextLinkName":"nextLink"}}},"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}":{"delete":{"description":"Delete the alert rule.","operationId":"AlertRules_Delete","parameters":[{"$ref":"#/components/parameters/ApiVersion"},{"$ref":"#/components/parameters/SubscriptionId"},{"$ref":"#/components/parameters/ResourceGroupName"},{"$ref":"#/components/parameters/WorkspaceName"},{"$ref":"#/components/parameters/RuleId"}],"responses":{"200":{"description":"OK"},"204":{"description":"No Content"},"default":{"description":"Error response describing why the operation failed.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CloudError"}}}}},"tags":["Alert Rules"]},"get":{"description":"Gets the alert rule.","operationId":"AlertRules_Get","parameters":[{"$ref":"#/components/parameters/ApiVersion"},{"$ref":"#/components/parameters/SubscriptionId"},{"$ref":"#/components/parameters/ResourceGroupName"},{"$ref":"#/components/parameters/WorkspaceName"},{"$ref":"#/components/parameters/RuleId"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AlertRule"},"examples":{"Get a Fusion alert rule.":{"$ref":"#/components/examples/Get_a_Fusion_alert_rule."},"Get a MicrosoftSecurityIncidentCreation rule.":{"$ref":"#/components/examples/Get_a_MicrosoftSecurityIncidentCreation_rule."},"Get a Scheduled alert rule.":{"$ref":"#/components/examples/Get_a_Scheduled_alert_rule."}}}}},"default":{"description":"Error response describing why the operation failed.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CloudError"}}}}},"tags":["Alert Rules"]},"put":{"description":"Creates or updates the alert rule.","operationId":"AlertRules_CreateOrUpdate","parameters":[{"$ref":"#/components/parameters/ApiVersion"},{"$ref":"#/components/parameters/SubscriptionId"},{"$ref":"#/components/parameters/ResourceGroupName"},{"$ref":"#/components/parameters/WorkspaceName"},{"$ref":"#/components/parameters/RuleId"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AlertRule"}}},"description":"The alert rule","required":true,"x-ms-parameter-location":"method"},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AlertRule"},"examples":{"Creates or updates a Fusion alert rule.":{"$ref":"#/components/examples/Creates_or_updates_a_Fusion_alert_rule."},"Creates or updates a MicrosoftSecurityIncidentCreation rule.":{"$ref":"#/components/examples/Creates_or_updates_a_MicrosoftSecurityIncidentCreation_rule."},"Creates or updates a Scheduled alert rule.":{"$ref":"#/components/examples/Creates_or_updates_a_Scheduled_alert_rule."}}}}},"201":{"description":"Created","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AlertRule"},"examples":{"Creates or updates a Fusion alert rule.":{"$ref":"#/components/examples/Creates_or_updates_a_Fusion_alert_rule."},"Creates or updates a MicrosoftSecurityIncidentCreation rule.":{"$ref":"#/components/examples/Creates_or_updates_a_MicrosoftSecurityIncidentCreation_rule."},"Creates or updates a Scheduled alert rule.":{"$ref":"#/components/examples/Creates_or_updates_a_Scheduled_alert_rule."}}}}},"default":{"description":"Error response describing why the operation failed.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CloudError"}}}}},"tags":["Alert Rules"]}},"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions":{"get":{"description":"Gets all actions of alert rule.","operationId":"Actions_ListByAlertRule","parameters":[{"$ref":"#/components/parameters/ApiVersion"},{"$ref":"#/components/parameters/SubscriptionId"},{"$ref":"#/components/parameters/ResourceGroupName"},{"$ref":"#/components/parameters/WorkspaceName"},{"$ref":"#/components/parameters/RuleId"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ActionsList"},"examples":{"Get all actions of alert rule.":{"$ref":"#/components/examples/Get_all_actions_of_alert_rule."}}}}},"default":{"description":"Error response describing why the operation failed.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CloudError"}}}}},"tags":["Actions"],"x-ms-pageable":{"nextLinkName":"nextLink"}}},"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}":{"delete":{"description":"Delete the action of alert rule.","operationId":"AlertRules_DeleteAction","parameters":[{"$ref":"#/components/parameters/ApiVersion"},{"$ref":"#/components/parameters/SubscriptionId"},{"$ref":"#/components/parameters/ResourceGroupName"},{"$ref":"#/components/parameters/WorkspaceName"},{"$ref":"#/components/parameters/RuleId"},{"$ref":"#/components/parameters/ActionId"}],"responses":{"200":{"description":"OK"},"204":{"description":"No Content"},"default":{"description":"Error response describing why the operation failed.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CloudError"}}}}},"tags":["Actions"]},"get":{"description":"Gets the action of alert rule.","operationId":"AlertRules_GetAction","parameters":[{"$ref":"#/components/parameters/ApiVersion"},{"$ref":"#/components/parameters/SubscriptionId"},{"$ref":"#/components/parameters/ResourceGroupName"},{"$ref":"#/components/parameters/WorkspaceName"},{"$ref":"#/components/parameters/RuleId"},{"$ref":"#/components/parameters/ActionId"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ActionResponse"},"examples":{"Get an action of alert rule.":{"$ref":"#/components/examples/Get_an_action_of_alert_rule."}}}}},"default":{"description":"Error response describing why the operation failed.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CloudError"}}}}},"tags":["Actions"]},"put":{"description":"Creates or updates the action of alert rule.","operationId":"AlertRules_CreateOrUpdateAction","parameters":[{"$ref":"#/components/parameters/ApiVersion"},{"$ref":"#/components/parameters/SubscriptionId"},{"$ref":"#/components/parameters/ResourceGroupName"},{"$ref":"#/components/parameters/WorkspaceName"},{"$ref":"#/components/parameters/RuleId"},{"$ref":"#/components/parameters/ActionId"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ActionRequest"}}},"description":"The action","required":true,"x-ms-parameter-location":"method"},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ActionResponse"},"examples":{"Creates or updates an action of alert rule.":{"$ref":"#/components/examples/Creates_or_updates_an_action_of_alert_rule."}}}}},"201":{"description":"Created","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ActionResponse"},"examples":{"Creates or updates an action of alert rule.":{"$ref":"#/components/examples/Creates_or_updates_an_action_of_alert_rule."}}}}},"default":{"description":"Error response describing why the operation failed.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CloudError"}}}}},"tags":["Actions"]}},"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors":{"get":{"description":"Gets all data connectors.","operationId":"DataConnectors_List","parameters":[{"$ref":"#/components/parameters/ApiVersion"},{"$ref":"#/components/parameters/SubscriptionId"},{"$ref":"#/components/parameters/ResourceGroupName"},{"$ref":"#/components/parameters/WorkspaceName"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/DataConnectorList"},"examples":{"Get all data connectors.":{"$ref":"#/components/examples/Get_all_data_connectors."}}}}},"default":{"description":"Error response describing why the operation failed.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CloudError"}}}}},"tags":["Data Connectors"],"x-ms-pageable":{"nextLinkName":"nextLink"}}},"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}":{"delete":{"description":"Delete the data connector.","operationId":"DataConnectors_Delete","parameters":[{"$ref":"#/components/parameters/ApiVersion"},{"$ref":"#/components/parameters/SubscriptionId"},{"$ref":"#/components/parameters/ResourceGroupName"},{"$ref":"#/components/parameters/WorkspaceName"},{"$ref":"#/components/parameters/DataConnectorId"}],"responses":{"200":{"description":"OK"},"204":{"description":"No Content"},"default":{"description":"Error response describing why the operation failed.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CloudError"}}}}},"tags":["Data Connectors"]},"get":{"description":"Gets a data connector.","operationId":"DataConnectors_Get","parameters":[{"$ref":"#/components/parameters/ApiVersion"},{"$ref":"#/components/parameters/SubscriptionId"},{"$ref":"#/components/parameters/ResourceGroupName"},{"$ref":"#/components/parameters/WorkspaceName"},{"$ref":"#/components/parameters/DataConnectorId"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/DataConnector"},"examples":{"Get a ASC data connector.":{"$ref":"#/components/examples/Get_a_ASC_data_connector."},"Get a MCAS data connector.":{"$ref":"#/components/examples/Get_a_MCAS_data_connector."},"Get a MDATP data connector":{"$ref":"#/components/examples/Get_a_MDATP_data_connector"},"Get a TI data connector.":{"$ref":"#/components/examples/Get_a_TI_data_connector."},"Get an AAD data connector.":{"$ref":"#/components/examples/Get_an_AAD_data_connector."},"Get an AATP data connector.":{"$ref":"#/components/examples/Get_an_AATP_data_connector."},"Get an AwsCloudTrail data connector.":{"$ref":"#/components/examples/Get_an_AwsCloudTrail_data_connector."},"Get an Office365 data connector.":{"$ref":"#/components/examples/Get_an_Office365_data_connector."}}}}},"default":{"description":"Error response describing why the operation failed.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CloudError"}}}}},"tags":["Data Connectors"]},"put":{"description":"Creates or updates the data connector.","operationId":"DataConnectors_CreateOrUpdate","parameters":[{"$ref":"#/components/parameters/ApiVersion"},{"$ref":"#/components/parameters/SubscriptionId"},{"$ref":"#/components/parameters/ResourceGroupName"},{"$ref":"#/components/parameters/WorkspaceName"},{"$ref":"#/components/parameters/DataConnectorId"}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/DataConnector"}}},"description":"The data connector","required":true,"x-ms-parameter-location":"method"},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/DataConnector"},"examples":{"Creates or updates an Office365 data connector.":{"$ref":"#/components/examples/Creates_or_updates_an_Office365_data_connector."}}}}},"201":{"description":"Created","content":{"application/json":{"schema":{"$ref":"#/components/schemas/DataConnector"},"examples":{"Creates or updates an Office365 data connector.":{"$ref":"#/components/examples/Creates_or_updates_an_Office365_data_connector."}}}}},"default":{"description":"Error response describing why the operation failed.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CloudError"}}}}},"tags":["Data Connectors"]}}},"servers":[{"url":"https://management.azure.com"}],"components":{"examples":{"Get_all_alert_rules.":{"value":{"value":[{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5","kind":"Scheduled","name":"73e01a99-5cd7-4139-a149-9f2736ff2ab5","properties":{"description":"","displayName":"Rule2","enabled":true,"lastModifiedUtc":"2019-01-01T13:15:30Z","query":"ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden","queryFrequency":"PT1H","queryPeriod":"P2DT1H30M","severity":"High","suppressionDuration":"PT1H","suppressionEnabled":false,"tactics":["Persistence","LateralMovement"],"triggerOperator":"GreaterThan","triggerThreshold":0},"type":"Microsoft.SecurityInsights/alertRules"},{"etag":"\"260097e0-0000-0d00-0000-5d6fa88f0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample","kind":"MicrosoftSecurityIncidentCreation","name":"microsoftSecurityIncidentCreationRuleExample","properties":{"displayName":"testing displayname","enabled":true,"lastModifiedUtc":"2019-09-04T12:05:35.7296311Z","productFilter":"Microsoft Cloud App Security"},"type":"Microsoft.SecurityInsights/alertRules"},{"etag":"\"25005c11-0000-0d00-0000-5d6cc0e20000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule","kind":"Fusion","name":"myFirstFusionRule","properties":{"alertRuleTemplateName":"f71aba3d-28fb-450b-b192-4e76a83015c8","description":"In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion","displayName":"Advanced Multi-Stage Attack Detection","enabled":false,"lastModifiedUtc":"2019-09-02T07:12:34.9065092Z","severity":"High","tactics":["Persistence","LateralMovement","Exfiltration","CommandAndControl"]},"type":"Microsoft.SecurityInsights/alertRules"}]}},"Get_a_Fusion_alert_rule.":{"value":{"etag":"\"260090e2-0000-0d00-0000-5d6fb8670000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule","kind":"Fusion","name":"myFirstFusionRule","properties":{"alertRuleTemplateName":"f71aba3d-28fb-450b-b192-4e76a83015c8","description":"In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion","displayName":"Advanced Multi-Stage Attack Detection","enabled":true,"lastModifiedUtc":"2019-09-04T13:13:11.5340061Z","severity":"High","tactics":["Persistence","LateralMovement","Exfiltration","CommandAndControl"]},"type":"Microsoft.SecurityInsights/alertRules"}},"Get_a_MicrosoftSecurityIncidentCreation_rule.":{"value":{"etag":"\"260097e0-0000-0d00-0000-5d6fa88f0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample","kind":"MicrosoftSecurityIncidentCreation","name":"microsoftSecurityIncidentCreationRuleExample","properties":{"displayName":"testing displayname","enabled":true,"lastModifiedUtc":"2019-09-04T12:05:35.7296311Z","productFilter":"Microsoft Cloud App Security"},"type":"Microsoft.SecurityInsights/alertRules"}},"Get_a_Scheduled_alert_rule.":{"value":{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5","kind":"Scheduled","name":"73e01a99-5cd7-4139-a149-9f2736ff2ab5","properties":{"description":"","displayName":"Rule2","enabled":true,"lastModifiedUtc":"2019-01-01T13:15:30Z","query":"ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden","queryFrequency":"PT1H","queryPeriod":"P2DT1H30M","severity":"High","suppressionDuration":"PT1H","suppressionEnabled":false,"tactics":["Persistence","LateralMovement"],"triggerOperator":"GreaterThan","triggerThreshold":0},"type":"Microsoft.SecurityInsights/alertRules"}},"Creates_or_updates_a_Fusion_alert_rule.":{"value":{"etag":"\"260090e2-0000-0d00-0000-5d6fb8670000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule","kind":"Fusion","name":"myFirstFusionRule","properties":{"alertRuleTemplateName":"f71aba3d-28fb-450b-b192-4e76a83015c8","description":"In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion","displayName":"Advanced Multi-Stage Attack Detection","enabled":true,"lastModifiedUtc":"2019-09-04T13:13:11.5340061Z","severity":"High","tactics":["Persistence","LateralMovement","Exfiltration","CommandAndControl"]},"type":"Microsoft.SecurityInsights/alertRules"}},"Creates_or_updates_a_MicrosoftSecurityIncidentCreation_rule.":{"value":{"etag":"\"260097e0-0000-0d00-0000-5d6fa88f0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample","kind":"MicrosoftSecurityIncidentCreation","name":"microsoftSecurityIncidentCreationRuleExample","properties":{"displayName":"testing displayname","enabled":true,"lastModifiedUtc":"2019-09-04T12:05:35.7296311Z","productFilter":"Microsoft Cloud App Security"},"type":"Microsoft.SecurityInsights/alertRules"}},"Creates_or_updates_a_Scheduled_alert_rule.":{"value":{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5","kind":"Scheduled","name":"73e01a99-5cd7-4139-a149-9f2736ff2ab5","properties":{"description":"","displayName":"Rule2","enabled":true,"lastModifiedUtc":"2019-01-01T13:15:30Z","query":"ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden","queryFrequency":"PT1H","queryPeriod":"P2DT1H30M","severity":"High","suppressionDuration":"PT1H","suppressionEnabled":false,"tactics":["Persistence","LateralMovement"],"triggerOperator":"GreaterThan","triggerThreshold":0},"type":"Microsoft.SecurityInsights/alertRules"}},"Get_all_actions_of_alert_rule.":{"value":{"value":[{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e","name":"912bec42-cb66-4c03-ac63-1761b6898c3e","properties":{"logicAppResourceId":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts","workflowId":"cd3765391efd48549fd7681ded1d48d7"},"type":"Microsoft.SecurityInsights/alertRules/actions"}]}},"Get_an_action_of_alert_rule.":{"value":{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e","name":"912bec42-cb66-4c03-ac63-1761b6898c3e","properties":{"logicAppResourceId":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts","workflowId":"cd3765391efd48549fd7681ded1d48d7"},"type":"Microsoft.SecurityInsights/alertRules/actions"}},"Creates_or_updates_an_action_of_alert_rule.":{"value":{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e","name":"912bec42-cb66-4c03-ac63-1761b6898c3e","properties":{"logicAppResourceId":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts","workflowId":"cd3765391efd48549fd7681ded1d48d7"},"type":"Microsoft.SecurityInsights/alertRules/actions"}},"Get_all_data_connectors.":{"value":{"value":[{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12","kind":"AzureSecurityCenter","name":"763f9fa1-c2d3-4fa2-93e9-bccd4899aa12","properties":{"dataTypes":{"alerts":{"state":"Enabled"}},"subscriptionId":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"type":"Microsoft.SecurityInsights/dataConnectors"},{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04","kind":"ThreatIntelligence","name":"c345bf40-8509-4ed2-b947-50cb773aaf04","properties":{"dataTypes":{"indicators":{"state":"Enabled"}},"tenantId":"2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"},"type":"Microsoft.SecurityInsights/dataConnectors"},{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d","kind":"AzureActiveDirectory","name":"f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d","properties":{"dataTypes":{"alerts":{"state":"Enabled"}},"tenantId":"2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"},"type":"Microsoft.SecurityInsights/dataConnectors"},{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5","kind":"Office365","name":"73e01a99-5cd7-4139-a149-9f2736ff2ab5","properties":{"dataTypes":{"exchange":{"state":"Enabled"},"sharePoint":{"state":"Enabled"}},"tenantId":"2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"},"type":"Microsoft.SecurityInsights/dataConnectors"},{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42","kind":"MicrosoftCloudAppSecurity","name":"b96d014d-b5c2-4a01-9aba-a8058f629d42","properties":{"dataTypes":{"alerts":{"state":"Enabled"},"discoveryLogs":{"state":"Enabled"}},"tenantId":"2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"},"type":"Microsoft.SecurityInsights/dataConnectors"},{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44","kind":"AzureAdvancedThreatProtection","name":"07e42cb3-e658-4e90-801c-efa0f29d3d44","properties":{"dataTypes":{"alerts":{"state":"Enabled"}},"tenantId":"2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"},"type":"Microsoft.SecurityInsights/dataConnectors"},{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04","kind":"AmazonWebServicesCloudTrail","name":"c345bf40-8509-4ed2-b947-50cb773aaf04","properties":{"awsRoleArn":"myAwsRoleArn","dataTypes":{"logs":{"state":"Enabled"}}},"type":"Microsoft.SecurityInsights/dataConnectors"},{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b","kind":"MicrosoftDefenderAdvancedThreatProtection","name":"06b3ccb8-1384-4bcc-aec7-852f6d57161b","properties":{"dataTypes":{"alerts":{"state":"Enabled"}},"tenantId":"2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"},"type":"Microsoft.SecurityInsights/dataConnectors"}]}},"Get_a_ASC_data_connector.":{"value":{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12","kind":"AzureSecurityCenter","name":"763f9fa1-c2d3-4fa2-93e9-bccd4899aa12","properties":{"dataTypes":{"alerts":{"state":"Enabled"}},"subscriptionId":"c0688291-89d7-4bed-87a2-a7b1bff43f4c"},"type":"Microsoft.SecurityInsights/dataConnectors"}},"Get_a_MCAS_data_connector.":{"value":{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42","kind":"MicrosoftCloudAppSecurity","name":"b96d014d-b5c2-4a01-9aba-a8058f629d42","properties":{"dataTypes":{"alerts":{"state":"Enabled"},"discoveryLogs":{"state":"Enabled"}},"tenantId":"2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"},"type":"Microsoft.SecurityInsights/dataConnectors"}},"Get_a_MDATP_data_connector":{"value":{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b","kind":"MicrosoftDefenderAdvancedThreatProtection","name":"06b3ccb8-1384-4bcc-aec7-852f6d57161b","properties":{"dataTypes":{"alerts":{"state":"Enabled"}},"tenantId":"2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"},"type":"Microsoft.SecurityInsights/dataConnectors"}},"Get_a_TI_data_connector.":{"value":{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04","kind":"ThreatIntelligence","name":"c345bf40-8509-4ed2-b947-50cb773aaf04","properties":{"dataTypes":{"indicators":{"state":"Enabled"}},"tenantId":"2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"},"type":"Microsoft.SecurityInsights/dataConnectors"}},"Get_an_AAD_data_connector.":{"value":{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d","kind":"AzureActiveDirectory","name":"f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d","properties":{"dataTypes":{"alerts":{"state":"Enabled"}},"tenantId":"2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"},"type":"Microsoft.SecurityInsights/dataConnectors"}},"Get_an_AATP_data_connector.":{"value":{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44","kind":"AzureAdvancedThreatProtection","name":"07e42cb3-e658-4e90-801c-efa0f29d3d44","properties":{"dataTypes":{"alerts":{"state":"Enabled"}},"tenantId":"2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"},"type":"Microsoft.SecurityInsights/dataConnectors"}},"Get_an_AwsCloudTrail_data_connector.":{"value":{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04","kind":"AmazonWebServicesCloudTrail","name":"c345bf40-8509-4ed2-b947-50cb773aaf04","properties":{"awsRoleArn":"myAwsRoleArn","dataTypes":{"logs":{"state":"Enabled"}}},"type":"Microsoft.SecurityInsights/dataConnectors"}},"Get_an_Office365_data_connector.":{"value":{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5","kind":"Office365","name":"73e01a99-5cd7-4139-a149-9f2736ff2ab5","properties":{"dataTypes":{"exchange":{"state":"Enabled"},"sharePoint":{"state":"Enabled"}},"tenantId":"2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"},"type":"Microsoft.SecurityInsights/dataConnectors"}},"Creates_or_updates_an_Office365_data_connector.":{"value":{"etag":"\"0300bf09-0000-0000-0000-5c37296e0000\"","id":"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5","kind":"Office365","name":"73e01a99-5cd7-4139-a149-9f2736ff2ab5","properties":{"dataTypes":{"exchange":{"state":"Enabled"},"sharePoint":{"state":"Enabled"}},"tenantId":"2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"},"type":"Microsoft.SecurityInsights/dataConnectors"}}},"parameters":{"ActionId":{"description":"Action ID","in":"path","name":"actionId","required":true,"x-ms-parameter-location":"method","schema":{"type":"string"},"examples":{"Delete an action of alert rule.":{"value":"912bec42-cb66-4c03-ac63-1761b6898c3e"},"Get an action of alert rule.":{"value":"912bec42-cb66-4c03-ac63-1761b6898c3e"},"Creates or updates an action of alert rule.":{"value":"912bec42-cb66-4c03-ac63-1761b6898c3e"}}},"AggregationsName":{"description":"The aggregation name. Supports - Cases","in":"path","name":"aggregationsName","required":true,"x-ms-parameter-location":"method","schema":{"type":"string"}},"AlertRuleTemplateId":{"description":"Alert rule template ID","in":"path","name":"alertRuleTemplateId","required":true,"x-ms-parameter-location":"method","schema":{"type":"string"}},"ApiVersion":{"description":"API version for the operation","in":"query","name":"api-version","required":true,"schema":{"type":"string","enum":["2020-01-01"]},"examples":{"Get all alert rules.":{"value":"2020-01-01"},"Delete an alert rule.":{"value":"2020-01-01"},"Get a Fusion alert rule.":{"value":"2020-01-01"},"Get a MicrosoftSecurityIncidentCreation rule.":{"value":"2020-01-01"},"Get a Scheduled alert rule.":{"value":"2020-01-01"},"Creates or updates a Fusion alert rule.":{"value":"2020-01-01"},"Creates or updates a MicrosoftSecurityIncidentCreation rule.":{"value":"2020-01-01"},"Creates or updates a Scheduled alert rule.":{"value":"2020-01-01"},"Get all actions of alert rule.":{"value":"2020-01-01"},"Delete an action of alert rule.":{"value":"2020-01-01"},"Get an action of alert rule.":{"value":"2020-01-01"},"Creates or updates an action of alert rule.":{"value":"2020-01-01"},"Get all data connectors.":{"value":"2020-01-01"},"Delete an Office365 data connector.":{"value":"2020-01-01"},"Get a ASC data connector.":{"value":"2020-01-01"},"Get a MCAS data connector.":{"value":"2020-01-01"},"Get a MDATP data connector":{"value":"2020-01-01"},"Get a TI data connector.":{"value":"2020-01-01"},"Get an AAD data connector.":{"value":"2020-01-01"},"Get an AATP data connector.":{"value":"2020-01-01"},"Get an AwsCloudTrail data connector.":{"value":"2020-01-01"},"Get an Office365 data connector.":{"value":"2020-01-01"},"Creates or updates an Office365 data connector.":{"value":"2020-01-01"}}},"ConsentId":{"description":"consent ID","in":"path","name":"consentId","required":true,"x-ms-parameter-location":"method","schema":{"type":"string"}},"DataConnectorId":{"description":"Connector ID","in":"path","name":"dataConnectorId","required":true,"x-ms-parameter-location":"method","schema":{"type":"string"},"examples":{"Delete an Office365 data connector.":{"value":"73e01a99-5cd7-4139-a149-9f2736ff2ab5"},"Get a ASC data connector.":{"value":"763f9fa1-c2d3-4fa2-93e9-bccd4899aa12"},"Get a MCAS data connector.":{"value":"b96d014d-b5c2-4a01-9aba-a8058f629d42"},"Get a MDATP data connector":{"value":"06b3ccb8-1384-4bcc-aec7-852f6d57161b"},"Get a TI data connector.":{"value":"c345bf40-8509-4ed2-b947-50cb773aaf04"},"Get an AAD data connector.":{"value":"f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d"},"Get an AATP data connector.":{"value":"07e42cb3-e658-4e90-801c-efa0f29d3d44"},"Get an AwsCloudTrail data connector.":{"value":"c345bf40-8509-4ed2-b947-50cb773aaf04"},"Get an Office365 data connector.":{"value":"73e01a99-5cd7-4139-a149-9f2736ff2ab5"},"Creates or updates an Office365 data connector.":{"value":"73e01a99-5cd7-4139-a149-9f2736ff2ab5"}}},"EntityId":{"description":"entity ID","in":"path","name":"entityId","required":true,"x-ms-parameter-location":"method","schema":{"type":"string"}},"EntityQueryId":{"description":"entity query ID","in":"path","name":"entityQueryId","required":true,"x-ms-parameter-location":"method","schema":{"type":"string"}},"ODataFilter":{"description":"Filters the results, based on a Boolean condition. Optional.","in":"query","name":"$filter","required":false,"x-ms-parameter-location":"method","schema":{"type":"string"}},"ODataOrderBy":{"description":"Sorts the results. Optional.","in":"query","name":"$orderby","required":false,"x-ms-parameter-location":"method","schema":{"type":"string"}},"ODataSkipToken":{"description":"Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.","in":"query","name":"$skipToken","required":false,"x-ms-parameter-location":"method","schema":{"type":"string"}},"ODataTop":{"description":"Returns only the first n results. Optional.","in":"query","name":"$top","required":false,"x-ms-parameter-location":"method","schema":{"type":"integer","format":"int32"}},"ResourceGroupName":{"description":"The name of the resource group within the user's subscription. The name is case insensitive.","in":"path","name":"resourceGroupName","required":true,"x-ms-parameter-location":"method","schema":{"type":"string","minLength":1,"maxLength":90,"pattern":"^[-\\w\\._\\(\\)]+$"},"examples":{"Get all alert rules.":{"value":"myRg"},"Delete an alert rule.":{"value":"myRg"},"Get a Fusion alert rule.":{"value":"myRg"},"Get a MicrosoftSecurityIncidentCreation rule.":{"value":"myRg"},"Get a Scheduled alert rule.":{"value":"myRg"},"Creates or updates a Fusion alert rule.":{"value":"myRg"},"Creates or updates a MicrosoftSecurityIncidentCreation rule.":{"value":"myRg"},"Creates or updates a Scheduled alert rule.":{"value":"myRg"},"Get all actions of alert rule.":{"value":"myRg"},"Delete an action of alert rule.":{"value":"myRg"},"Get an action of alert rule.":{"value":"myRg"},"Creates or updates an action of alert rule.":{"value":"myRg"},"Get all data connectors.":{"value":"myRg"},"Delete an Office365 data connector.":{"value":"myRg"},"Get a ASC data connector.":{"value":"myRg"},"Get a MCAS data connector.":{"value":"myRg"},"Get a MDATP data connector":{"value":"myRg"},"Get a TI data connector.":{"value":"myRg"},"Get an AAD data connector.":{"value":"myRg"},"Get an AATP data connector.":{"value":"myRg"},"Get an AwsCloudTrail data connector.":{"value":"myRg"},"Get an Office365 data connector.":{"value":"myRg"},"Creates or updates an Office365 data connector.":{"value":"myRg"}}},"RuleId":{"description":"Alert rule ID","in":"path","name":"ruleId","required":true,"x-ms-parameter-location":"method","schema":{"type":"string"},"examples":{"Delete an alert rule.":{"value":"73e01a99-5cd7-4139-a149-9f2736ff2ab5"},"Get a Fusion alert rule.":{"value":"myFirstFusionRule"},"Get a MicrosoftSecurityIncidentCreation rule.":{"value":"microsoftSecurityIncidentCreationRuleExample"},"Get a Scheduled alert rule.":{"value":"73e01a99-5cd7-4139-a149-9f2736ff2ab5"},"Creates or updates a Fusion alert rule.":{"value":"myFirstFusionRule"},"Creates or updates a MicrosoftSecurityIncidentCreation rule.":{"value":"microsoftSecurityIncidentCreationRuleExample"},"Creates or updates a Scheduled alert rule.":{"value":"73e01a99-5cd7-4139-a149-9f2736ff2ab5"},"Get all actions of alert rule.":{"value":"73e01a99-5cd7-4139-a149-9f2736ff2ab5"},"Delete an action of alert rule.":{"value":"73e01a99-5cd7-4139-a149-9f2736ff2ab5"},"Get an action of alert rule.":{"value":"73e01a99-5cd7-4139-a149-9f2736ff2ab5"},"Creates or updates an action of alert rule.":{"value":"73e01a99-5cd7-4139-a149-9f2736ff2ab5"}}},"SettingsName":{"description":"The setting name. Supports- Fusion, UEBA","in":"path","name":"settingsName","required":true,"x-ms-parameter-location":"method","schema":{"type":"string"}},"SubscriptionId":{"description":"Azure subscription ID","in":"path","name":"subscriptionId","required":true,"schema":{"type":"string","pattern":"^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$"},"examples":{"Get all alert rules.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Delete an alert rule.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Get a Fusion alert rule.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Get a MicrosoftSecurityIncidentCreation rule.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Get a Scheduled alert rule.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Creates or updates a Fusion alert rule.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Creates or updates a MicrosoftSecurityIncidentCreation rule.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Creates or updates a Scheduled alert rule.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Get all actions of alert rule.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Delete an action of alert rule.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Get an action of alert rule.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Creates or updates an action of alert rule.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Get all data connectors.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Delete an Office365 data connector.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Get a ASC data connector.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Get a MCAS data connector.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Get a MDATP data connector":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Get a TI data connector.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Get an AAD data connector.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Get an AATP data connector.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Get an AwsCloudTrail data connector.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Get an Office365 data connector.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"},"Creates or updates an Office365 data connector.":{"value":"d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"}}},"WorkspaceName":{"description":"The name of the workspace.","in":"path","name":"workspaceName","required":true,"x-ms-parameter-location":"method","schema":{"type":"string","minLength":1,"maxLength":90},"examples":{"Get all alert rules.":{"value":"myWorkspace"},"Delete an alert rule.":{"value":"myWorkspace"},"Get a Fusion alert rule.":{"value":"myWorkspace"},"Get a MicrosoftSecurityIncidentCreation rule.":{"value":"myWorkspace"},"Get a Scheduled alert rule.":{"value":"myWorkspace"},"Creates or updates a Fusion alert rule.":{"value":"myWorkspace"},"Creates or updates a MicrosoftSecurityIncidentCreation rule.":{"value":"myWorkspace"},"Creates or updates a Scheduled alert rule.":{"value":"myWorkspace"},"Get all actions of alert rule.":{"value":"myWorkspace"},"Delete an action of alert rule.":{"value":"myWorkspace"},"Get an action of alert rule.":{"value":"myWorkspace"},"Creates or updates an action of alert rule.":{"value":"myWorkspace"},"Get all data connectors.":{"value":"myWorkspace"},"Delete an Office365 data connector.":{"value":"myWorkspace"},"Get a ASC data connector.":{"value":"myWorkspace"},"Get a MCAS data connector.":{"value":"myWorkspace"},"Get a MDATP data connector":{"value":"myWorkspace"},"Get a TI data connector.":{"value":"myWorkspace"},"Get an AAD data connector.":{"value":"myWorkspace"},"Get an AATP data connector.":{"value":"myWorkspace"},"Get an AwsCloudTrail data connector.":{"value":"myWorkspace"},"Get an Office365 data connector.":{"value":"myWorkspace"},"Creates or updates an Office365 data connector.":{"value":"myWorkspace"}}}},"securitySchemes":{"azure_auth":{"description":"Azure Active Directory OAuth2 Flow","type":"oauth2","flows":{"implicit":{"authorizationUrl":"https://login.microsoftonline.com/common/oauth2/authorize","scopes":{"user_impersonation":"impersonate your user account"}}}}},"schemas":{"AADDataConnector":{"allOf":[{"$ref":"#/components/schemas/DataConnector"}],"description":"Represents AAD (Azure Active Directory) data connector.","properties":{"properties":{"$ref":"#/components/schemas/AADDataConnectorProperties"}},"type":"object","x-ms-discriminator-value":"AzureActiveDirectory"},"AADDataConnectorProperties":{"allOf":[{"$ref":"#/components/schemas/DataConnectorTenantId"},{"$ref":"#/components/schemas/DataConnectorWithAlertsProperties"}],"description":"AAD (Azure Active Directory) data connector properties.","type":"object"},"AATPDataConnector":{"allOf":[{"$ref":"#/components/schemas/DataConnector"}],"description":"Represents AATP (Azure Advanced Threat Protection) data connector.","properties":{"properties":{"$ref":"#/components/schemas/AATPDataConnectorProperties"}},"type":"object","x-ms-discriminator-value":"AzureAdvancedThreatProtection"},"AATPDataConnectorProperties":{"allOf":[{"$ref":"#/components/schemas/DataConnectorTenantId"},{"$ref":"#/components/schemas/DataConnectorWithAlertsProperties"}],"description":"AATP (Azure Advanced Threat Protection) data connector properties.","type":"object"},"ASCDataConnector":{"allOf":[{"$ref":"#/components/schemas/DataConnector"}],"description":"Represents ASC (Azure Security Center) data connector.","properties":{"properties":{"$ref":"#/components/schemas/ASCDataConnectorProperties"}},"type":"object","x-ms-discriminator-value":"AzureSecurityCenter"},"ASCDataConnectorProperties":{"allOf":[{"$ref":"#/components/schemas/DataConnectorWithAlertsProperties"}],"description":"ASC (Azure Security Center) data connector properties.","properties":{"subscriptionId":{"description":"The subscription id to connect to, and get the data from.","type":"string"}},"type":"object"},"ActionPropertiesBase":{"description":"Action property bag base.","properties":{"logicAppResourceId":{"description":"Logic App Resource Id, providers/Microsoft.Logic/workflows/{WorkflowID}.","type":"string"}},"required":["logicAppResourceId"],"type":"object"},"ActionRequest":{"allOf":[{"$ref":"#/components/schemas/ResourceWithEtag"}],"description":"Action for alert rule.","properties":{"properties":{"$ref":"#/components/schemas/ActionRequestProperties"}},"type":"object"},"ActionRequestProperties":{"allOf":[{"$ref":"#/components/schemas/ActionPropertiesBase"}],"description":"Action property bag.","properties":{"triggerUri":{"description":"Logic App Callback URL for this specific workflow.","type":"string"}},"type":"object"},"ActionResponse":{"allOf":[{"$ref":"#/components/schemas/Resource"}],"description":"Action for alert rule.","properties":{"etag":{"description":"Etag of the action.","type":"string"},"properties":{"$ref":"#/components/schemas/ActionResponseProperties"}},"type":"object"},"ActionResponseProperties":{"allOf":[{"$ref":"#/components/schemas/ActionPropertiesBase"}],"description":"Action property bag.","properties":{"workflowId":{"description":"The name of the logic