-
Notifications
You must be signed in to change notification settings - Fork 5.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding new api-version to Microsoft.Security Alerts resource (#4902)
* Copy preview/2015-06-01-preview to stable/2019-01-01 (as we want to edit "alerts" endpoint, which exists only in the 2015-06-01 version) * Fix alerts examples of version 2015-06-01-preview * Remove anything that is not "alerts" related from version 2019-01-01 * Set all changes for "alerts" type of the new version "2019-01-01" * Add the stable version to the readme file * Rollback readme change
- Loading branch information
1 parent
84d025e
commit 93f46f5
Showing
16 changed files
with
1,482 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
73 changes: 73 additions & 0 deletions
73
...oft.Security/stable/2019-01-01/examples/Alerts/GetAlertResourceGroupLocation_example.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
{ | ||
"parameters": { | ||
"api-version": "2019-01-01", | ||
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", | ||
"resourceGroupName": "myRg1", | ||
"ascLocation": "westeurope", | ||
"alertName": "2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA" | ||
}, | ||
"responses": { | ||
"200": { | ||
"body": { | ||
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA", | ||
"name": "2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA", | ||
"type": "Microsoft.Security/Locations/alerts", | ||
"properties": { | ||
"vendorName": "Microsoft", | ||
"alertDisplayName": "Threat Intelligence Alert", | ||
"alertName": "ThreatIntelligence", | ||
"detectedTimeUtc": "2018-05-01T19:50:47.083633Z", | ||
"description": "Process was detected running on the host and is considered to be suspicious, verify that the user run it", | ||
"remediationSteps": "verify that the user invoked this process\r\nrun antimalware scan of the VM", | ||
"actionTaken": "Detected", | ||
"reportedSeverity": "High", | ||
"compromisedEntity": "vm1", | ||
"associatedResource": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", | ||
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", | ||
"instanceId": "f144ee95-a3e5-42da-a279-967d115809aa", | ||
"extendedProperties": { | ||
"user Name": "administrator", | ||
"domain Name": "Contoso", | ||
"attacker IP": "192.0.2.1", | ||
"resourceType": "Virtual Machine" | ||
}, | ||
"state": "Dismissed", | ||
"reportedTimeUtc": "2018-05-02T05:36:12.2089889Z", | ||
"confidenceScore": 0.8, | ||
"confidenceReasons": [{ | ||
"type": "User", | ||
"reason": "Some user reason" | ||
}, { | ||
"type": "Process", | ||
"reason": "Some proccess reason" | ||
}, { | ||
"type": "Computer", | ||
"reason": "Some computer reason" | ||
}], | ||
"canBeInvestigated": true, | ||
"isIncident": false, | ||
"entities": [{ | ||
"address": "192.0.2.1", | ||
"location": { | ||
"countryCode": "gb", | ||
"state": "wokingham", | ||
"city": "sonning", | ||
"longitude": -0.909, | ||
"latitude": 51.468, | ||
"asn": 6584 | ||
}, | ||
"threatIntelligence": [{ | ||
"providerName": "Team Cymru", | ||
"threatType": "C2", | ||
"threatName": "rarog", | ||
"confidence": 0.8, | ||
"reportLink": "http://www.microsoft.com", | ||
"threatDescription": "In bot armies, the controller is the server machine(s) that gives instructions to the controlled (zombied) hosts that connect to the command and control (C2) network. The controller host is usually running a botnet management application that is sending the commands to the zombied members of the bot army. These commands include, but are not limited to, the following: updating bitcoin wallet information, distributed denial-of-service (DDoS) target listings, updated C2 communication contact lists, and targeting data. C2 servers may be either directly controlled by the malware operators or run on hardware compromised by malware. There are multiple techniques for dynamically changing the control servers so that they are not isolated and brought down. Control servers utilize two general architectures: client-server and peer-to-peer. In a client-server model, all the hosts are controlled by a single server or a few control servers. In a peer-to-peer model, the infected hosts are both clients and servers, and they control other hosts so that instead of isolating the few control servers, all the hosts need to be removed." | ||
}], | ||
"type": "ip" | ||
}] | ||
} | ||
} | ||
} | ||
} | ||
} |
72 changes: 72 additions & 0 deletions
72
...soft.Security/stable/2019-01-01/examples/Alerts/GetAlertSubscriptionLocation_example.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
{ | ||
"parameters": { | ||
"api-version": "2019-01-01", | ||
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", | ||
"ascLocation": "westeurope", | ||
"alertName": "2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA" | ||
}, | ||
"responses": { | ||
"200": { | ||
"body": { | ||
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA", | ||
"name": "2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA", | ||
"type": "Microsoft.Security/Locations/alerts", | ||
"properties": { | ||
"vendorName": "Microsoft", | ||
"alertDisplayName": "Threat Intelligence Alert", | ||
"alertName": "ThreatIntelligence", | ||
"detectedTimeUtc": "2018-05-01T19:50:47.083633Z", | ||
"description": "Process was detected running on the host and is considered to be suspicious, verify that the user run it", | ||
"remediationSteps": "verify that the user invoked this process\r\nrun antimalware scan of the VM", | ||
"actionTaken": "Detected", | ||
"reportedSeverity": "High", | ||
"compromisedEntity": "vm1", | ||
"associatedResource": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", | ||
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", | ||
"instanceId": "f144ee95-a3e5-42da-a279-967d115809aa", | ||
"extendedProperties": { | ||
"user Name": "administrator", | ||
"domain Name": "Contoso", | ||
"attacker IP": "192.0.2.1", | ||
"resourceType": "Virtual Machine" | ||
}, | ||
"state": "Dismissed", | ||
"reportedTimeUtc": "2018-05-02T05:36:12.2089889Z", | ||
"confidenceScore": 0.8, | ||
"confidenceReasons": [{ | ||
"type": "User", | ||
"reason": "Some user reason" | ||
}, { | ||
"type": "Process", | ||
"reason": "Some proccess reason" | ||
}, { | ||
"type": "Computer", | ||
"reason": "Some computer reason" | ||
}], | ||
"canBeInvestigated": true, | ||
"isIncident": false, | ||
"entities": [{ | ||
"address": "192.0.2.1", | ||
"location": { | ||
"countryCode": "gb", | ||
"state": "wokingham", | ||
"city": "sonning", | ||
"longitude": -0.909, | ||
"latitude": 51.468, | ||
"asn": 6584 | ||
}, | ||
"threatIntelligence": [{ | ||
"providerName": "Team Cymru", | ||
"threatType": "C2", | ||
"threatName": "rarog", | ||
"confidence": 0.8, | ||
"reportLink": "http://www.microsoft.com", | ||
"threatDescription": "In bot armies, the controller is the server machine(s) that gives instructions to the controlled (zombied) hosts that connect to the command and control (C2) network. The controller host is usually running a botnet management application that is sending the commands to the zombied members of the bot army. These commands include, but are not limited to, the following: updating bitcoin wallet information, distributed denial-of-service (DDoS) target listings, updated C2 communication contact lists, and targeting data. C2 servers may be either directly controlled by the malware operators or run on hardware compromised by malware. There are multiple techniques for dynamically changing the control servers so that they are not isolated and brought down. Control servers utilize two general architectures: client-server and peer-to-peer. In a client-server model, all the hosts are controlled by a single server or a few control servers. In a peer-to-peer model, the infected hosts are both clients and servers, and they control other hosts so that instead of isolating the few control servers, all the hosts need to be removed." | ||
}], | ||
"type": "ip" | ||
}] | ||
} | ||
} | ||
} | ||
} | ||
} |
74 changes: 74 additions & 0 deletions
74
...ft.Security/stable/2019-01-01/examples/Alerts/GetAlertsResourceGroupLocation_example.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
{ | ||
"parameters": { | ||
"api-version": "2019-01-01", | ||
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", | ||
"resourceGroupName": "myRg1", | ||
"ascLocation": "westeurope" | ||
}, | ||
"responses": { | ||
"200": { | ||
"body": { | ||
"value": [{ | ||
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA", | ||
"name": "2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA", | ||
"type": "Microsoft.Security/Locations/alerts", | ||
"properties": { | ||
"vendorName": "Microsoft", | ||
"alertDisplayName": "Threat Intelligence Alert", | ||
"alertName": "ThreatIntelligence", | ||
"detectedTimeUtc": "2018-05-01T19:50:47.083633Z", | ||
"description": "Process was detected running on the host and is considered to be suspicious, verify that the user run it", | ||
"remediationSteps": "verify that the user invoked this process\r\nrun antimalware scan of the VM", | ||
"actionTaken": "Detected", | ||
"reportedSeverity": "High", | ||
"compromisedEntity": "vm1", | ||
"associatedResource": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1", | ||
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", | ||
"instanceId": "f144ee95-a3e5-42da-a279-967d115809aa", | ||
"extendedProperties": { | ||
"user Name": "administrator", | ||
"domain Name": "Contoso", | ||
"attacker IP": "192.0.2.1", | ||
"resourceType": "Virtual Machine" | ||
}, | ||
"state": "Dismissed", | ||
"reportedTimeUtc": "2018-05-02T05:36:12.2089889Z", | ||
"confidenceScore": 0.8, | ||
"confidenceReasons": [{ | ||
"type": "User", | ||
"reason": "Some user reason" | ||
}, { | ||
"type": "Process", | ||
"reason": "Some proccess reason" | ||
}, { | ||
"type": "Computer", | ||
"reason": "Some computer reason" | ||
}], | ||
"canBeInvestigated": true, | ||
"isIncident": false, | ||
"entities": [{ | ||
"address": "192.0.2.1", | ||
"location": { | ||
"countryCode": "gb", | ||
"state": "wokingham", | ||
"city": "sonning", | ||
"longitude": -0.909, | ||
"latitude": 51.468, | ||
"asn": 6584 | ||
}, | ||
"threatIntelligence": [{ | ||
"providerName": "Team Cymru", | ||
"threatType": "C2", | ||
"threatName": "rarog", | ||
"confidence": 0.8, | ||
"reportLink": "http://www.microsoft.com", | ||
"threatDescription": "In bot armies, the controller is the server machine(s) that gives instructions to the controlled (zombied) hosts that connect to the command and control (C2) network. The controller host is usually running a botnet management application that is sending the commands to the zombied members of the bot army. These commands include, but are not limited to, the following: updating bitcoin wallet information, distributed denial-of-service (DDoS) target listings, updated C2 communication contact lists, and targeting data. C2 servers may be either directly controlled by the malware operators or run on hardware compromised by malware. There are multiple techniques for dynamically changing the control servers so that they are not isolated and brought down. Control servers utilize two general architectures: client-server and peer-to-peer. In a client-server model, all the hosts are controlled by a single server or a few control servers. In a peer-to-peer model, the infected hosts are both clients and servers, and they control other hosts so that instead of isolating the few control servers, all the hosts need to be removed." | ||
}], | ||
"type": "ip" | ||
}] | ||
} | ||
}] | ||
} | ||
} | ||
} | ||
} |
Oops, something went wrong.