Microsoft.OperationalInsights (preview:2024-10-01)

2025/01/09 • 184 new methods

AlertRules_List (new)
Description Gets all alert rules.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of alert rules. ,
Required: False ,
}
string ,
value:
{
Description: Array of alert rules. ,
Required: True ,
}
[
{
kind:
{
Description: The kind of the alert rule ,
Enum:
{
Scheduled: No description available. ,
MicrosoftSecurityIncidentCreation: No description available. ,
Fusion: No description available. ,
MLBehaviorAnalytics: No description available. ,
ThreatIntelligence: No description available. ,
NRT: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
AlertRules_Get (new)
Description Gets the alert rule.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
ruleId:
{
Description: Alert rule ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
kind:
{
Description: The kind of the alert rule ,
Enum:
{
Scheduled: No description available. ,
MicrosoftSecurityIncidentCreation: No description available. ,
Fusion: No description available. ,
MLBehaviorAnalytics: No description available. ,
ThreatIntelligence: No description available. ,
NRT: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
AlertRules_CreateOrUpdate (new)
Description Creates or updates the alert rule.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
ruleId:
{
Description: Alert rule ID ,
Required: True ,
}
string ,
alertRule:
{
Description: The alert rule ,
Required: True ,
}
{
kind:
{
Description: The kind of the alert rule ,
Enum:
{
Scheduled: No description available. ,
MicrosoftSecurityIncidentCreation: No description available. ,
Fusion: No description available. ,
MLBehaviorAnalytics: No description available. ,
ThreatIntelligence: No description available. ,
NRT: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
}

⚐ Response (200)

{
kind:
{
Description: The kind of the alert rule ,
Enum:
{
Scheduled: No description available. ,
MicrosoftSecurityIncidentCreation: No description available. ,
Fusion: No description available. ,
MLBehaviorAnalytics: No description available. ,
ThreatIntelligence: No description available. ,
NRT: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (201)

{
kind:
{
Description: The kind of the alert rule ,
Enum:
{
Scheduled: No description available. ,
MicrosoftSecurityIncidentCreation: No description available. ,
Fusion: No description available. ,
MLBehaviorAnalytics: No description available. ,
ThreatIntelligence: No description available. ,
NRT: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
AlertRules_Delete (new)
Description Delete the alert rule.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
ruleId:
{
Description: Alert rule ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Actions_ListByAlertRule (new)
Description Gets all actions of alert rule.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
ruleId:
{
Description: Alert rule ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of actions. ,
Required: False ,
}
string ,
value:
{
Description: Array of actions. ,
Required: True ,
}
[
{
properties:
{
Description: Action properties for get request ,
Required: False ,
}
{
workflowId:
{
Description: The name of the logic app's workflow. ,
Required: False ,
}
string ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Actions_Get (new)
Description Gets the action of alert rule.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
ruleId:
{
Description: Alert rule ID ,
Required: True ,
}
string ,
actionId:
{
Description: Action ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: Action properties for get request ,
Required: False ,
}
{
workflowId:
{
Description: The name of the logic app's workflow. ,
Required: False ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Actions_CreateOrUpdate (new)
Description Creates or updates the action of alert rule.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
ruleId:
{
Description: Alert rule ID ,
Required: True ,
}
string ,
actionId:
{
Description: Action ID ,
Required: True ,
}
string ,
action:
{
Description: The action ,
Required: True ,
}
{
properties:
{
Description: Action properties for put request ,
Required: False ,
}
{
triggerUri:
{
Description: Logic App Callback URL for this specific workflow. ,
Required: True ,
}
string ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: Action properties for get request ,
Required: False ,
}
{
workflowId:
{
Description: The name of the logic app's workflow. ,
Required: False ,
}
string ,
}
,
}

⚐ Response (201)

{
properties:
{
Description: Action properties for get request ,
Required: False ,
}
{
workflowId:
{
Description: The name of the logic app's workflow. ,
Required: False ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Actions_Delete (new)
Description Delete the action of alert rule.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
ruleId:
{
Description: Alert rule ID ,
Required: True ,
}
string ,
actionId:
{
Description: Action ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
AlertRuleTemplates_List (new)
Description Gets all alert rule templates.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of alert rule templates. ,
Required: False ,
}
string ,
value:
{
Description: Array of alert rule templates. ,
Required: True ,
}
[
{
kind:
{
Description: The kind of the alert rule ,
Enum:
{
Scheduled: No description available. ,
MicrosoftSecurityIncidentCreation: No description available. ,
Fusion: No description available. ,
MLBehaviorAnalytics: No description available. ,
ThreatIntelligence: No description available. ,
NRT: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
AlertRuleTemplates_Get (new)
Description Gets the alert rule template.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
alertRuleTemplateId:
{
Description: Alert rule template ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
kind:
{
Description: The kind of the alert rule ,
Enum:
{
Scheduled: No description available. ,
MicrosoftSecurityIncidentCreation: No description available. ,
Fusion: No description available. ,
MLBehaviorAnalytics: No description available. ,
ThreatIntelligence: No description available. ,
NRT: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
AutomationRules_Get (new)
Description Gets the automation rule.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
automationRuleId:
{
Description: Automation rule ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: Automation rule properties ,
Required: True ,
}
{
displayName:
{
Description: The display name of the automation rule. ,
Required: True ,
}
string ,
order:
{
Description: The order of execution of the automation rule. ,
Format: int32 ,
Required: True ,
}
integer ,
triggeringLogic:
{
Description: Describes automation rule triggering logic. ,
Required: True ,
}
{
isEnabled:
{
Description: Determines whether the automation rule is enabled or disabled. ,
Required: True ,
}
boolean ,
expirationTimeUtc:
{
Description: Determines when the automation rule should automatically expire and be disabled. ,
Format: date-time ,
Required: False ,
}
string ,
triggersOn:
{
Enum:
{
Incidents: Trigger on Incidents ,
Alerts: Trigger on Alerts ,
}
,
Required: True ,
}
enum ,
triggersWhen:
{
Enum:
{
Created: Trigger on created objects ,
Updated: Trigger on updated objects ,
}
,
Required: True ,
}
enum ,
conditions:
{
Description: The conditions to evaluate to determine if the automation rule should be triggered on a given object. ,
Required: False ,
}
[
{
conditionType:
{
Enum:
{
Property: Evaluate an object property value ,
PropertyArray: Evaluate an object array property value ,
PropertyChanged: Evaluate an object property changed value ,
PropertyArrayChanged: Evaluate an object array property changed value ,
Boolean: Apply a boolean operator (e.g AND, OR) to conditions ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}
,
actions:
{
Description: The actions to execute when the automation rule is triggered. ,
Required: True ,
}
[
{
order:
{
Format: int32 ,
Required: True ,
}
integer ,
actionType:
{
Description: The type of the automation rule action. ,
Enum:
{
ModifyProperties: Modify an object's properties ,
RunPlaybook: Run a playbook on an object ,
AddIncidentTask: Add a task to an incident object ,
}
,
Required: True ,
}
enum ,
}
,
]
,
lastModifiedTimeUtc:
{
Description: The last time the automation rule was updated. ,
Format: date-time ,
Required: False ,
}
string ,
createdTimeUtc:
{
Description: The time the automation rule was created. ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
createdBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
AutomationRules_CreateOrUpdate (new)
Description Creates or updates the automation rule.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
automationRuleId:
{
Description: Automation rule ID ,
Required: True ,
}
string ,
automationRuleToUpsert:
{
Description: The automation rule ,
Required: False ,
}
{
properties:
{
Description: Automation rule properties ,
Required: True ,
}
{
displayName:
{
Description: The display name of the automation rule. ,
Required: True ,
}
string ,
order:
{
Description: The order of execution of the automation rule. ,
Format: int32 ,
Required: True ,
}
integer ,
triggeringLogic:
{
Description: Describes automation rule triggering logic. ,
Required: True ,
}
{
isEnabled:
{
Description: Determines whether the automation rule is enabled or disabled. ,
Required: True ,
}
boolean ,
expirationTimeUtc:
{
Description: Determines when the automation rule should automatically expire and be disabled. ,
Format: date-time ,
Required: False ,
}
string ,
triggersOn:
{
Enum:
{
Incidents: Trigger on Incidents ,
Alerts: Trigger on Alerts ,
}
,
Required: True ,
}
enum ,
triggersWhen:
{
Enum:
{
Created: Trigger on created objects ,
Updated: Trigger on updated objects ,
}
,
Required: True ,
}
enum ,
conditions:
{
Description: The conditions to evaluate to determine if the automation rule should be triggered on a given object. ,
Required: False ,
}
[
{
conditionType:
{
Enum:
{
Property: Evaluate an object property value ,
PropertyArray: Evaluate an object array property value ,
PropertyChanged: Evaluate an object property changed value ,
PropertyArrayChanged: Evaluate an object array property changed value ,
Boolean: Apply a boolean operator (e.g AND, OR) to conditions ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}
,
actions:
{
Description: The actions to execute when the automation rule is triggered. ,
Required: True ,
}
[
{
order:
{
Format: int32 ,
Required: True ,
}
integer ,
actionType:
{
Description: The type of the automation rule action. ,
Enum:
{
ModifyProperties: Modify an object's properties ,
RunPlaybook: Run a playbook on an object ,
AddIncidentTask: Add a task to an incident object ,
}
,
Required: True ,
}
enum ,
}
,
]
,
lastModifiedTimeUtc:
{
Description: The last time the automation rule was updated. ,
Format: date-time ,
Required: False ,
}
string ,
createdTimeUtc:
{
Description: The time the automation rule was created. ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
createdBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: Automation rule properties ,
Required: True ,
}
{
displayName:
{
Description: The display name of the automation rule. ,
Required: True ,
}
string ,
order:
{
Description: The order of execution of the automation rule. ,
Format: int32 ,
Required: True ,
}
integer ,
triggeringLogic:
{
Description: Describes automation rule triggering logic. ,
Required: True ,
}
{
isEnabled:
{
Description: Determines whether the automation rule is enabled or disabled. ,
Required: True ,
}
boolean ,
expirationTimeUtc:
{
Description: Determines when the automation rule should automatically expire and be disabled. ,
Format: date-time ,
Required: False ,
}
string ,
triggersOn:
{
Enum:
{
Incidents: Trigger on Incidents ,
Alerts: Trigger on Alerts ,
}
,
Required: True ,
}
enum ,
triggersWhen:
{
Enum:
{
Created: Trigger on created objects ,
Updated: Trigger on updated objects ,
}
,
Required: True ,
}
enum ,
conditions:
{
Description: The conditions to evaluate to determine if the automation rule should be triggered on a given object. ,
Required: False ,
}
[
{
conditionType:
{
Enum:
{
Property: Evaluate an object property value ,
PropertyArray: Evaluate an object array property value ,
PropertyChanged: Evaluate an object property changed value ,
PropertyArrayChanged: Evaluate an object array property changed value ,
Boolean: Apply a boolean operator (e.g AND, OR) to conditions ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}
,
actions:
{
Description: The actions to execute when the automation rule is triggered. ,
Required: True ,
}
[
{
order:
{
Format: int32 ,
Required: True ,
}
integer ,
actionType:
{
Description: The type of the automation rule action. ,
Enum:
{
ModifyProperties: Modify an object's properties ,
RunPlaybook: Run a playbook on an object ,
AddIncidentTask: Add a task to an incident object ,
}
,
Required: True ,
}
enum ,
}
,
]
,
lastModifiedTimeUtc:
{
Description: The last time the automation rule was updated. ,
Format: date-time ,
Required: False ,
}
string ,
createdTimeUtc:
{
Description: The time the automation rule was created. ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
createdBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
}
,
}

⚐ Response (201)

{
properties:
{
Description: Automation rule properties ,
Required: True ,
}
{
displayName:
{
Description: The display name of the automation rule. ,
Required: True ,
}
string ,
order:
{
Description: The order of execution of the automation rule. ,
Format: int32 ,
Required: True ,
}
integer ,
triggeringLogic:
{
Description: Describes automation rule triggering logic. ,
Required: True ,
}
{
isEnabled:
{
Description: Determines whether the automation rule is enabled or disabled. ,
Required: True ,
}
boolean ,
expirationTimeUtc:
{
Description: Determines when the automation rule should automatically expire and be disabled. ,
Format: date-time ,
Required: False ,
}
string ,
triggersOn:
{
Enum:
{
Incidents: Trigger on Incidents ,
Alerts: Trigger on Alerts ,
}
,
Required: True ,
}
enum ,
triggersWhen:
{
Enum:
{
Created: Trigger on created objects ,
Updated: Trigger on updated objects ,
}
,
Required: True ,
}
enum ,
conditions:
{
Description: The conditions to evaluate to determine if the automation rule should be triggered on a given object. ,
Required: False ,
}
[
{
conditionType:
{
Enum:
{
Property: Evaluate an object property value ,
PropertyArray: Evaluate an object array property value ,
PropertyChanged: Evaluate an object property changed value ,
PropertyArrayChanged: Evaluate an object array property changed value ,
Boolean: Apply a boolean operator (e.g AND, OR) to conditions ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}
,
actions:
{
Description: The actions to execute when the automation rule is triggered. ,
Required: True ,
}
[
{
order:
{
Format: int32 ,
Required: True ,
}
integer ,
actionType:
{
Description: The type of the automation rule action. ,
Enum:
{
ModifyProperties: Modify an object's properties ,
RunPlaybook: Run a playbook on an object ,
AddIncidentTask: Add a task to an incident object ,
}
,
Required: True ,
}
enum ,
}
,
]
,
lastModifiedTimeUtc:
{
Description: The last time the automation rule was updated. ,
Format: date-time ,
Required: False ,
}
string ,
createdTimeUtc:
{
Description: The time the automation rule was created. ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
createdBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
AutomationRules_Delete (new)
Description Delete the automation rule.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
automationRuleId:
{
Description: Automation rule ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
$schema: object ,
}

⚐ Response (204)

{
$schema: object ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
AutomationRules_List (new)
Description Gets all automation rules.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
value:
{
Required: False ,
}
[
{
properties:
{
Description: Automation rule properties ,
Required: True ,
}
{
displayName:
{
Description: The display name of the automation rule. ,
Required: True ,
}
string ,
order:
{
Description: The order of execution of the automation rule. ,
Format: int32 ,
Required: True ,
}
integer ,
triggeringLogic:
{
Description: Describes automation rule triggering logic. ,
Required: True ,
}
{
isEnabled:
{
Description: Determines whether the automation rule is enabled or disabled. ,
Required: True ,
}
boolean ,
expirationTimeUtc:
{
Description: Determines when the automation rule should automatically expire and be disabled. ,
Format: date-time ,
Required: False ,
}
string ,
triggersOn:
{
Enum:
{
Incidents: Trigger on Incidents ,
Alerts: Trigger on Alerts ,
}
,
Required: True ,
}
enum ,
triggersWhen:
{
Enum:
{
Created: Trigger on created objects ,
Updated: Trigger on updated objects ,
}
,
Required: True ,
}
enum ,
conditions:
{
Description: The conditions to evaluate to determine if the automation rule should be triggered on a given object. ,
Required: False ,
}
[
{
conditionType:
{
Enum:
{
Property: Evaluate an object property value ,
PropertyArray: Evaluate an object array property value ,
PropertyChanged: Evaluate an object property changed value ,
PropertyArrayChanged: Evaluate an object array property changed value ,
Boolean: Apply a boolean operator (e.g AND, OR) to conditions ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}
,
actions:
{
Description: The actions to execute when the automation rule is triggered. ,
Required: True ,
}
[
{
order:
{
Format: int32 ,
Required: True ,
}
integer ,
actionType:
{
Description: The type of the automation rule action. ,
Enum:
{
ModifyProperties: Modify an object's properties ,
RunPlaybook: Run a playbook on an object ,
AddIncidentTask: Add a task to an incident object ,
}
,
Required: True ,
}
enum ,
}
,
]
,
lastModifiedTimeUtc:
{
Description: The last time the automation rule was updated. ,
Format: date-time ,
Required: False ,
}
string ,
createdTimeUtc:
{
Description: The time the automation rule was created. ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
createdBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
}
,
}
,
]
,
nextLink:
{
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Entities_RunPlaybook (new)
Description Triggers playbook on a specific entity.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityIdentifier}/runPlaybook
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
entityIdentifier:
{
Description: Entity identifier. ,
Required: True ,
}
string ,
requestBody:
{
Description: Describes the request body for triggering a playbook on an entity. ,
Required: False ,
}
{
incidentArmId:
{
Description: Incident ARM id. ,
Format: arm-id ,
Required: False ,
}
string ,
tenantId:
{
Description: The tenant id of the playbook resource. ,
Format: uuid ,
Required: False ,
}
string ,
logicAppsResourceId:
{
Description: The resource id of the playbook resource. ,
Format: arm-id ,
Required: True ,
}
string ,
}
,
}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Incidents_RunPlaybook (new)
Description Triggers playbook on a specific incident
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentIdentifier:
{
Required: True ,
}
string ,
requestBody:
{
Required: False ,
}
{
tenantId:
{
Format: uuid ,
Required: False ,
}
string ,
logicAppsResourceId:
{
Format: arm-id ,
Required: True ,
}
string ,
}
,
}

⚐ Response (204)

{
$schema: object ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
BillingStatistics_List (new)
Description Gets all Microsoft Sentinel billing statistics.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of billing statistics. ,
Required: False ,
}
string ,
value:
{
Description: Array of billing statistics. ,
Required: True ,
}
[
{
kind:
{
Description: The kind of the billing statistic ,
Enum:
{
SapSolutionUsage: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
BillingStatistics_Get (new)
Description Gets a billing statistic
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics/{billingStatisticName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
billingStatisticName:
{
Description: The name of the billing statistic ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
kind:
{
Description: The kind of the billing statistic ,
Enum:
{
SapSolutionUsage: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
Bookmarks_List (new)
Description Gets all bookmarks.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of bookmarks. ,
Required: False ,
}
string ,
value:
{
Description: Array of bookmarks. ,
Required: True ,
}
[
{
properties:
{
Description: Bookmark properties ,
Required: False ,
}
{
created:
{
Description: The time the bookmark was created ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Describes a user that created the bookmark ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
displayName:
{
Description: The display name of the bookmark ,
Required: True ,
}
string ,
labels:
{
Description: List of labels relevant to this bookmark ,
Required: False ,
}
[
string ,
]
,
notes:
{
Description: The notes of the bookmark ,
Required: False ,
}
string ,
query:
{
Description: The query of the bookmark. ,
Required: True ,
}
string ,
queryResult:
{
Description: The query result of the bookmark. ,
Required: False ,
}
string ,
updated:
{
Description: The last time the bookmark was updated ,
Format: date-time ,
Required: False ,
}
string ,
updatedBy:
{
Description: Describes a user that updated the bookmark ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
eventTime:
{
Description: The bookmark event time ,
Format: date-time ,
Required: False ,
}
string ,
queryStartTime:
{
Description: The start time for the query ,
Format: date-time ,
Required: False ,
}
string ,
queryEndTime:
{
Description: The end time for the query ,
Format: date-time ,
Required: False ,
}
string ,
incidentInfo:
{
Description: Describes an incident that relates to bookmark ,
Required: False ,
}
{
incidentId:
{
Description: Incident Id ,
Required: False ,
}
string ,
severity:
{
Description: The severity of the incident ,
Enum:
{
High: High severity ,
Medium: Medium severity ,
Low: Low severity ,
Informational: Informational severity ,
}
,
Required: False ,
}
enum ,
title:
{
Description: The title of the incident ,
Required: False ,
}
string ,
relationName:
{
Description: Relation Name ,
Required: False ,
}
string ,
}
,
entityMappings:
{
Description: Describes the entity mappings of the bookmark ,
Required: False ,
}
object ,
tactics:
{
Description: A list of relevant mitre attacks ,
Required: False ,
}
[
string ,
]
,
techniques:
{
Description: A list of relevant mitre techniques ,
Required: False ,
}
[
string ,
]
,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Bookmarks_Get (new)
Description Gets a bookmark.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
bookmarkId:
{
Description: Bookmark ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: Bookmark properties ,
Required: False ,
}
{
created:
{
Description: The time the bookmark was created ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Describes a user that created the bookmark ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
displayName:
{
Description: The display name of the bookmark ,
Required: True ,
}
string ,
labels:
{
Description: List of labels relevant to this bookmark ,
Required: False ,
}
[
string ,
]
,
notes:
{
Description: The notes of the bookmark ,
Required: False ,
}
string ,
query:
{
Description: The query of the bookmark. ,
Required: True ,
}
string ,
queryResult:
{
Description: The query result of the bookmark. ,
Required: False ,
}
string ,
updated:
{
Description: The last time the bookmark was updated ,
Format: date-time ,
Required: False ,
}
string ,
updatedBy:
{
Description: Describes a user that updated the bookmark ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
eventTime:
{
Description: The bookmark event time ,
Format: date-time ,
Required: False ,
}
string ,
queryStartTime:
{
Description: The start time for the query ,
Format: date-time ,
Required: False ,
}
string ,
queryEndTime:
{
Description: The end time for the query ,
Format: date-time ,
Required: False ,
}
string ,
incidentInfo:
{
Description: Describes an incident that relates to bookmark ,
Required: False ,
}
{
incidentId:
{
Description: Incident Id ,
Required: False ,
}
string ,
severity:
{
Description: The severity of the incident ,
Enum:
{
High: High severity ,
Medium: Medium severity ,
Low: Low severity ,
Informational: Informational severity ,
}
,
Required: False ,
}
enum ,
title:
{
Description: The title of the incident ,
Required: False ,
}
string ,
relationName:
{
Description: Relation Name ,
Required: False ,
}
string ,
}
,
entityMappings:
{
Description: Describes the entity mappings of the bookmark ,
Required: False ,
}
object ,
tactics:
{
Description: A list of relevant mitre attacks ,
Required: False ,
}
[
string ,
]
,
techniques:
{
Description: A list of relevant mitre techniques ,
Required: False ,
}
[
string ,
]
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Bookmarks_CreateOrUpdate (new)
Description Creates or updates the bookmark.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
bookmarkId:
{
Description: Bookmark ID ,
Required: True ,
}
string ,
bookmark:
{
Description: The bookmark ,
Required: True ,
}
{
properties:
{
Description: Bookmark properties ,
Required: False ,
}
{
created:
{
Description: The time the bookmark was created ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Describes a user that created the bookmark ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
displayName:
{
Description: The display name of the bookmark ,
Required: True ,
}
string ,
labels:
{
Description: List of labels relevant to this bookmark ,
Required: False ,
}
[
string ,
]
,
notes:
{
Description: The notes of the bookmark ,
Required: False ,
}
string ,
query:
{
Description: The query of the bookmark. ,
Required: True ,
}
string ,
queryResult:
{
Description: The query result of the bookmark. ,
Required: False ,
}
string ,
updated:
{
Description: The last time the bookmark was updated ,
Format: date-time ,
Required: False ,
}
string ,
updatedBy:
{
Description: Describes a user that updated the bookmark ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
eventTime:
{
Description: The bookmark event time ,
Format: date-time ,
Required: False ,
}
string ,
queryStartTime:
{
Description: The start time for the query ,
Format: date-time ,
Required: False ,
}
string ,
queryEndTime:
{
Description: The end time for the query ,
Format: date-time ,
Required: False ,
}
string ,
incidentInfo:
{
Description: Describes an incident that relates to bookmark ,
Required: False ,
}
{
incidentId:
{
Description: Incident Id ,
Required: False ,
}
string ,
severity:
{
Description: The severity of the incident ,
Enum:
{
High: High severity ,
Medium: Medium severity ,
Low: Low severity ,
Informational: Informational severity ,
}
,
Required: False ,
}
enum ,
title:
{
Description: The title of the incident ,
Required: False ,
}
string ,
relationName:
{
Description: Relation Name ,
Required: False ,
}
string ,
}
,
entityMappings:
{
Description: Describes the entity mappings of the bookmark ,
Required: False ,
}
object ,
tactics:
{
Description: A list of relevant mitre attacks ,
Required: False ,
}
[
string ,
]
,
techniques:
{
Description: A list of relevant mitre techniques ,
Required: False ,
}
[
string ,
]
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: Bookmark properties ,
Required: False ,
}
{
created:
{
Description: The time the bookmark was created ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Describes a user that created the bookmark ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
displayName:
{
Description: The display name of the bookmark ,
Required: True ,
}
string ,
labels:
{
Description: List of labels relevant to this bookmark ,
Required: False ,
}
[
string ,
]
,
notes:
{
Description: The notes of the bookmark ,
Required: False ,
}
string ,
query:
{
Description: The query of the bookmark. ,
Required: True ,
}
string ,
queryResult:
{
Description: The query result of the bookmark. ,
Required: False ,
}
string ,
updated:
{
Description: The last time the bookmark was updated ,
Format: date-time ,
Required: False ,
}
string ,
updatedBy:
{
Description: Describes a user that updated the bookmark ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
eventTime:
{
Description: The bookmark event time ,
Format: date-time ,
Required: False ,
}
string ,
queryStartTime:
{
Description: The start time for the query ,
Format: date-time ,
Required: False ,
}
string ,
queryEndTime:
{
Description: The end time for the query ,
Format: date-time ,
Required: False ,
}
string ,
incidentInfo:
{
Description: Describes an incident that relates to bookmark ,
Required: False ,
}
{
incidentId:
{
Description: Incident Id ,
Required: False ,
}
string ,
severity:
{
Description: The severity of the incident ,
Enum:
{
High: High severity ,
Medium: Medium severity ,
Low: Low severity ,
Informational: Informational severity ,
}
,
Required: False ,
}
enum ,
title:
{
Description: The title of the incident ,
Required: False ,
}
string ,
relationName:
{
Description: Relation Name ,
Required: False ,
}
string ,
}
,
entityMappings:
{
Description: Describes the entity mappings of the bookmark ,
Required: False ,
}
object ,
tactics:
{
Description: A list of relevant mitre attacks ,
Required: False ,
}
[
string ,
]
,
techniques:
{
Description: A list of relevant mitre techniques ,
Required: False ,
}
[
string ,
]
,
}
,
}

⚐ Response (201)

{
properties:
{
Description: Bookmark properties ,
Required: False ,
}
{
created:
{
Description: The time the bookmark was created ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Describes a user that created the bookmark ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
displayName:
{
Description: The display name of the bookmark ,
Required: True ,
}
string ,
labels:
{
Description: List of labels relevant to this bookmark ,
Required: False ,
}
[
string ,
]
,
notes:
{
Description: The notes of the bookmark ,
Required: False ,
}
string ,
query:
{
Description: The query of the bookmark. ,
Required: True ,
}
string ,
queryResult:
{
Description: The query result of the bookmark. ,
Required: False ,
}
string ,
updated:
{
Description: The last time the bookmark was updated ,
Format: date-time ,
Required: False ,
}
string ,
updatedBy:
{
Description: Describes a user that updated the bookmark ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
eventTime:
{
Description: The bookmark event time ,
Format: date-time ,
Required: False ,
}
string ,
queryStartTime:
{
Description: The start time for the query ,
Format: date-time ,
Required: False ,
}
string ,
queryEndTime:
{
Description: The end time for the query ,
Format: date-time ,
Required: False ,
}
string ,
incidentInfo:
{
Description: Describes an incident that relates to bookmark ,
Required: False ,
}
{
incidentId:
{
Description: Incident Id ,
Required: False ,
}
string ,
severity:
{
Description: The severity of the incident ,
Enum:
{
High: High severity ,
Medium: Medium severity ,
Low: Low severity ,
Informational: Informational severity ,
}
,
Required: False ,
}
enum ,
title:
{
Description: The title of the incident ,
Required: False ,
}
string ,
relationName:
{
Description: Relation Name ,
Required: False ,
}
string ,
}
,
entityMappings:
{
Description: Describes the entity mappings of the bookmark ,
Required: False ,
}
object ,
tactics:
{
Description: A list of relevant mitre attacks ,
Required: False ,
}
[
string ,
]
,
techniques:
{
Description: A list of relevant mitre techniques ,
Required: False ,
}
[
string ,
]
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Bookmarks_Delete (new)
Description Delete the bookmark.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
bookmarkId:
{
Description: Bookmark ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
BookmarkRelations_List (new)
Description Gets all bookmark relations.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
bookmarkId:
{
Description: Bookmark ID ,
Required: True ,
}
string ,
$filter:
{
Description: Filters the results, based on a Boolean condition. Optional. ,
Required: False ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of relations. ,
Required: False ,
}
string ,
value:
{
Description: Array of relations. ,
Required: True ,
}
[
{
properties:
{
Description: Relation properties ,
Required: False ,
}
{
relatedResourceId:
{
Description: The resource ID of the related resource ,
Required: True ,
}
string ,
relatedResourceName:
{
Description: The name of the related resource ,
Required: False ,
}
string ,
relatedResourceType:
{
Description: The resource type of the related resource ,
Required: False ,
}
string ,
relatedResourceKind:
{
Description: The resource kind of the related resource ,
Required: False ,
}
string ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Bookmark_Expand (new)
Description Expand an bookmark
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/expand
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
bookmarkId:
{
Description: Bookmark ID ,
Required: True ,
}
string ,
parameters:
{
Description: The parameters required to execute an expand operation on the given bookmark. ,
Required: True ,
}
{
endTime:
{
Description: The end date filter, so the only expansion results returned are before this date. ,
Format: date-time ,
Required: False ,
}
string ,
expansionId:
{
Description: The Id of the expansion to perform. ,
Format: uuid ,
Required: False ,
}
string ,
startTime:
{
Description: The start date filter, so the only expansion results returned are after this date. ,
Format: date-time ,
Required: False ,
}
string ,
}
,
}

⚐ Response (200)

{
metaData:
{
Description: The metadata from the expansion operation results. ,
Required: False ,
}
{
aggregations:
{
Description: Information of the aggregated nodes in the expansion result. ,
Required: False ,
}
[
{
aggregationType:
{
Description: The common type of the aggregation. (for e.g. entity field name) ,
Required: False ,
}
string ,
count:
{
Description: Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. ,
Format: int32 ,
Required: True ,
}
integer ,
displayName:
{
Description: The display name of the aggregation by type. ,
Required: False ,
}
string ,
entityKind:
{
Description: The kind of the aggregated entity. ,
Enum:
{
Account: Entity represents account in the system. ,
Host: Entity represents host in the system. ,
File: Entity represents file in the system. ,
AzureResource: Entity represents azure resource in the system. ,
CloudApplication: Entity represents cloud application in the system. ,
DnsResolution: Entity represents dns resolution in the system. ,
FileHash: Entity represents file hash in the system. ,
Ip: Entity represents ip in the system. ,
Malware: Entity represents malware in the system. ,
Process: Entity represents process in the system. ,
RegistryKey: Entity represents registry key in the system. ,
RegistryValue: Entity represents registry value in the system. ,
SecurityGroup: Entity represents security group in the system. ,
Url: Entity represents url in the system. ,
IoTDevice: Entity represents IoT device in the system. ,
SecurityAlert: Entity represents security alert in the system. ,
Bookmark: Entity represents bookmark in the system. ,
Mailbox: Entity represents mailbox in the system. ,
MailCluster: Entity represents mail cluster in the system. ,
MailMessage: Entity represents mail message in the system. ,
SubmissionMail: Entity represents submission mail in the system. ,
Nic: Entity represents network interface in the system. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}
,
value:
{
Description: The expansion result values. ,
Required: False ,
}
{
entities:
{
Description: Array of the expansion result entities. ,
Required: False ,
}
[
{
kind:
{
Description: The kind of the entity. ,
Enum:
{
Account: Entity represents account in the system. ,
Host: Entity represents host in the system. ,
File: Entity represents file in the system. ,
AzureResource: Entity represents azure resource in the system. ,
CloudApplication: Entity represents cloud application in the system. ,
DnsResolution: Entity represents dns resolution in the system. ,
FileHash: Entity represents file hash in the system. ,
Ip: Entity represents ip in the system. ,
Malware: Entity represents malware in the system. ,
Process: Entity represents process in the system. ,
RegistryKey: Entity represents registry key in the system. ,
RegistryValue: Entity represents registry value in the system. ,
SecurityGroup: Entity represents security group in the system. ,
Url: Entity represents url in the system. ,
IoTDevice: Entity represents IoT device in the system. ,
SecurityAlert: Entity represents security alert in the system. ,
Bookmark: Entity represents bookmark in the system. ,
Mailbox: Entity represents mailbox in the system. ,
MailCluster: Entity represents mail cluster in the system. ,
MailMessage: Entity represents mail message in the system. ,
SubmissionMail: Entity represents submission mail in the system. ,
Nic: Entity represents network interface in the system. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
edges:
{
Description: Array of expansion result connected entities ,
Required: False ,
}
[
{
targetEntityId:
{
Description: Entity Id of the connected entity ,
Required: False ,
}
string ,
additionalData:
{
Description: key-value pairs for a connected entity mapping ,
Required: False ,
}
object ,
}
,
]
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
BookmarkRelations_Get (new)
Description Gets a bookmark relation.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
bookmarkId:
{
Description: Bookmark ID ,
Required: True ,
}
string ,
relationName:
{
Description: Relation Name ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: Relation properties ,
Required: False ,
}
{
relatedResourceId:
{
Description: The resource ID of the related resource ,
Required: True ,
}
string ,
relatedResourceName:
{
Description: The name of the related resource ,
Required: False ,
}
string ,
relatedResourceType:
{
Description: The resource type of the related resource ,
Required: False ,
}
string ,
relatedResourceKind:
{
Description: The resource kind of the related resource ,
Required: False ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
BookmarkRelations_CreateOrUpdate (new)
Description Creates the bookmark relation.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
bookmarkId:
{
Description: Bookmark ID ,
Required: True ,
}
string ,
relationName:
{
Description: Relation Name ,
Required: True ,
}
string ,
relation:
{
Description: The relation model ,
Required: True ,
}
{
properties:
{
Description: Relation properties ,
Required: False ,
}
{
relatedResourceId:
{
Description: The resource ID of the related resource ,
Required: True ,
}
string ,
relatedResourceName:
{
Description: The name of the related resource ,
Required: False ,
}
string ,
relatedResourceType:
{
Description: The resource type of the related resource ,
Required: False ,
}
string ,
relatedResourceKind:
{
Description: The resource kind of the related resource ,
Required: False ,
}
string ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: Relation properties ,
Required: False ,
}
{
relatedResourceId:
{
Description: The resource ID of the related resource ,
Required: True ,
}
string ,
relatedResourceName:
{
Description: The name of the related resource ,
Required: False ,
}
string ,
relatedResourceType:
{
Description: The resource type of the related resource ,
Required: False ,
}
string ,
relatedResourceKind:
{
Description: The resource kind of the related resource ,
Required: False ,
}
string ,
}
,
}

⚐ Response (201)

{
properties:
{
Description: Relation properties ,
Required: False ,
}
{
relatedResourceId:
{
Description: The resource ID of the related resource ,
Required: True ,
}
string ,
relatedResourceName:
{
Description: The name of the related resource ,
Required: False ,
}
string ,
relatedResourceType:
{
Description: The resource type of the related resource ,
Required: False ,
}
string ,
relatedResourceKind:
{
Description: The resource kind of the related resource ,
Required: False ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
BookmarkRelations_Delete (new)
Description Delete the bookmark relation.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
bookmarkId:
{
Description: Bookmark ID ,
Required: True ,
}
string ,
relationName:
{
Description: Relation Name ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
BusinessApplicationAgents_CreateOrUpdate (new)
Description Creates or updates the Business Application Agent.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}
{
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
agentResourceName:
{
Description: Business Application Agent Name ,
Required: True ,
}
string ,
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
agentToUpsert:
{
Description: The Business Application Agent ,
Required: False ,
}
{
properties:
{
Required: True ,
}
{
configuration:
{
Description: Describes the configuration of a Business Application Agent. ,
Required: True ,
}
{
type:
{
Description: Type of the agent ,
Enum:
{
SAP: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
agentSystems:
{
Required: False ,
}
[
{
systemResourceName:
{
Required: False ,
}
string ,
systemDisplayName:
{
Required: False ,
}
string ,
}
,
]
,
displayName:
{
Required: True ,
}
string ,
lastModifiedTimeUtc:
{
Format: date-time ,
Required: False ,
}
string ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Required: True ,
}
{
configuration:
{
Description: Describes the configuration of a Business Application Agent. ,
Required: True ,
}
{
type:
{
Description: Type of the agent ,
Enum:
{
SAP: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
agentSystems:
{
Required: False ,
}
[
{
systemResourceName:
{
Required: False ,
}
string ,
systemDisplayName:
{
Required: False ,
}
string ,
}
,
]
,
displayName:
{
Required: True ,
}
string ,
lastModifiedTimeUtc:
{
Format: date-time ,
Required: False ,
}
string ,
}
,
}

⚐ Response (201)

{
properties:
{
Required: True ,
}
{
configuration:
{
Description: Describes the configuration of a Business Application Agent. ,
Required: True ,
}
{
type:
{
Description: Type of the agent ,
Enum:
{
SAP: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
agentSystems:
{
Required: False ,
}
[
{
systemResourceName:
{
Required: False ,
}
string ,
systemDisplayName:
{
Required: False ,
}
string ,
}
,
]
,
displayName:
{
Required: True ,
}
string ,
lastModifiedTimeUtc:
{
Format: date-time ,
Required: False ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
BusinessApplicationAgent_Get (new)
Description Gets Business Application Agent.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}
{
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
agentResourceName:
{
Description: Business Application Agent Name ,
Required: True ,
}
string ,
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Required: True ,
}
{
configuration:
{
Description: Describes the configuration of a Business Application Agent. ,
Required: True ,
}
{
type:
{
Description: Type of the agent ,
Enum:
{
SAP: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
agentSystems:
{
Required: False ,
}
[
{
systemResourceName:
{
Required: False ,
}
string ,
systemDisplayName:
{
Required: False ,
}
string ,
}
,
]
,
displayName:
{
Required: True ,
}
string ,
lastModifiedTimeUtc:
{
Format: date-time ,
Required: False ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
BusinessApplicationAgents_Delete (new)
Description Delete the Business Application Agent.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}
{
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
agentResourceName:
{
Description: Business Application Agent Name ,
Required: True ,
}
string ,
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
BusinessApplicationAgents_List (new)
Description Gets all Business Application Agents under the workspace.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents
{
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
$filter:
{
Description: Filters the results, based on a Boolean condition. Optional. ,
Required: False ,
}
string ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
value:
{
Required: False ,
}
[
{
properties:
{
Required: True ,
}
{
configuration:
{
Description: Describes the configuration of a Business Application Agent. ,
Required: True ,
}
{
type:
{
Description: Type of the agent ,
Enum:
{
SAP: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
agentSystems:
{
Required: False ,
}
[
{
systemResourceName:
{
Required: False ,
}
string ,
systemDisplayName:
{
Required: False ,
}
string ,
}
,
]
,
displayName:
{
Required: True ,
}
string ,
lastModifiedTimeUtc:
{
Format: date-time ,
Required: False ,
}
string ,
}
,
}
,
]
,
nextLink:
{
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Systems_CreateOrUpdate (new)
Description Creates or updates the system.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}/systems/{systemResourceName}
{
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
agentResourceName:
{
Description: Business Application Agent Name ,
Required: True ,
}
string ,
systemResourceName:
{
Description: The name of the system. ,
Required: True ,
}
string ,
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
systemToUpsert:
{
Description: The system to upsert. ,
Required: False ,
}
{
properties:
{
Description: The properties of the system. ,
Required: True ,
}
{
status:
{
Description: The status of the system. ,
Enum:
{
Running: No description available. ,
Stopped: No description available. ,
}
,
Required: False ,
}
enum ,
configuration:
{
Description: The configuration of the system. ,
Required: True ,
}
{
type:
{
Description: Represents the types of configuration for a system. ,
Enum:
{
SAP: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
displayName:
{
Required: True ,
}
string ,
lastModifiedTimeUtc:
{
Format: date-time ,
Required: False ,
}
string ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: The properties of the system. ,
Required: True ,
}
{
status:
{
Description: The status of the system. ,
Enum:
{
Running: No description available. ,
Stopped: No description available. ,
}
,
Required: False ,
}
enum ,
configuration:
{
Description: The configuration of the system. ,
Required: True ,
}
{
type:
{
Description: Represents the types of configuration for a system. ,
Enum:
{
SAP: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
displayName:
{
Required: True ,
}
string ,
lastModifiedTimeUtc:
{
Format: date-time ,
Required: False ,
}
string ,
}
,
}

⚐ Response (201)

{
properties:
{
Description: The properties of the system. ,
Required: True ,
}
{
status:
{
Description: The status of the system. ,
Enum:
{
Running: No description available. ,
Stopped: No description available. ,
}
,
Required: False ,
}
enum ,
configuration:
{
Description: The configuration of the system. ,
Required: True ,
}
{
type:
{
Description: Represents the types of configuration for a system. ,
Enum:
{
SAP: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
displayName:
{
Required: True ,
}
string ,
lastModifiedTimeUtc:
{
Format: date-time ,
Required: False ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Systems_Get (new)
Description Gets the system.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}/systems/{systemResourceName}
{
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
agentResourceName:
{
Description: Business Application Agent Name ,
Required: True ,
}
string ,
systemResourceName:
{
Description: The name of the system. ,
Required: True ,
}
string ,
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: The properties of the system. ,
Required: True ,
}
{
status:
{
Description: The status of the system. ,
Enum:
{
Running: No description available. ,
Stopped: No description available. ,
}
,
Required: False ,
}
enum ,
configuration:
{
Description: The configuration of the system. ,
Required: True ,
}
{
type:
{
Description: Represents the types of configuration for a system. ,
Enum:
{
SAP: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
displayName:
{
Required: True ,
}
string ,
lastModifiedTimeUtc:
{
Format: date-time ,
Required: False ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Systems_Delete (new)
Description Deletes the system.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}/systems/{systemResourceName}
{
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
agentResourceName:
{
Description: Business Application Agent Name ,
Required: True ,
}
string ,
systemResourceName:
{
Description: The name of the system. ,
Required: True ,
}
string ,
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Systems_List (new)
Description ListAll the systems.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}/systems
{
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
agentResourceName:
{
Description: Business Application Agent Name ,
Required: True ,
}
string ,
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
$filter:
{
Description: Filters the results, based on a Boolean condition. Optional. ,
Required: False ,
}
string ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
value:
{
Required: False ,
}
[
{
properties:
{
Description: The properties of the system. ,
Required: True ,
}
{
status:
{
Description: The status of the system. ,
Enum:
{
Running: No description available. ,
Stopped: No description available. ,
}
,
Required: False ,
}
enum ,
configuration:
{
Description: The configuration of the system. ,
Required: True ,
}
{
type:
{
Description: Represents the types of configuration for a system. ,
Enum:
{
SAP: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
displayName:
{
Required: True ,
}
string ,
lastModifiedTimeUtc:
{
Format: date-time ,
Required: False ,
}
string ,
}
,
}
,
]
,
nextLink:
{
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Systems_ListActions (new)
Description List of actions for a business application system.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}/systems/{systemResourceName}/listActions
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
agentResourceName:
{
Description: Business Application Agent Name ,
Required: True ,
}
string ,
systemResourceName:
{
Description: The name of the system. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
value:
{
Description: Array of actions. ,
Required: True ,
}
[
{
kind:
{
Description: The actions kind ,
Enum:
{
LockUser: No description available. ,
UnlockUser: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
nextLink:
{
Description: The link to fetch the next page of actions. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Systems_UndoAction (new)
Description Undo action, based on the actionId.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}/systems/{systemResourceName}/undoAction
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
agentResourceName:
{
Description: Business Application Agent Name ,
Required: True ,
}
string ,
systemResourceName:
{
Description: The name of the system. ,
Required: True ,
}
string ,
payload:
{
Description: Undo action, based on the actionId. ,
Required: False ,
}
{
actionId:
{
Description: The action ID of the original action that was performed and now need to undo ,
Required: False ,
}
string ,
}
,
}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Systems_ReportActionStatus (new)
Description Report the status of the action.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}/systems/{systemResourceName}/reportActionStatus
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
agentResourceName:
{
Description: Business Application Agent Name ,
Required: True ,
}
string ,
systemResourceName:
{
Description: The name of the system. ,
Required: True ,
}
string ,
payload:
{
Description: Report a status of the action that was performed by the agent ,
Required: False ,
}
{
actionId:
{
Description: The action ID to perform ,
Required: False ,
}
string ,
actionStatus:
{
Description: The status of the action that was performed by the agent ,
Required: False ,
}
string ,
failureReason:
{
Description: The reason of the failure of the action. Empty if the action is successful. ,
Required: False ,
}
string ,
}
,
}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ContentPackages_List (new)
Description Gets all installed packages.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
$filter:
{
Description: Filters the results, based on a Boolean condition. Optional. ,
Required: False ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
$search:
{
Description: Searches for a substring in the response. Optional. ,
Required: False ,
}
string ,
$count:
{
Description: Instructs the server to return only object count without actual body. Optional. ,
Required: False ,
}
boolean ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skip:
{
Description: Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. ,
Format: int32 ,
Required: False ,
}
integer ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of packages. ,
Required: False ,
}
string ,
value:
{
Description: Array of packages. ,
Required: True ,
}
[
{
properties:
{
Description: package properties ,
Required: False ,
}
object ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ContentPackages_Get (new)
Description Gets an installed packages by its id.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
packageId:
{
Description: package Id ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: package properties ,
Required: False ,
}
object ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ContentPackage_Install (new)
Description Install a package to the workspace.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
packageId:
{
Description: package Id ,
Required: True ,
}
string ,
packageInstallationProperties:
{
Description: Package installation properties ,
Required: True ,
}
{
properties:
{
Description: package properties ,
Required: False ,
}
object ,
}
,
}

⚐ Response (200)

{
properties:
{
Description: package properties ,
Required: False ,
}
object ,
}

⚐ Response (201)

{
properties:
{
Description: package properties ,
Required: False ,
}
object ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ContentPackage_Uninstall (new)
Description Uninstall a package from the workspace.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
packageId:
{
Description: package Id ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ProductPackages_List (new)
Description Gets all packages from the catalog. Expandable properties: - properties/installed - properties/packagedContent
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
$filter:
{
Description: Filters the results, based on a Boolean condition. Optional. ,
Required: False ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
$search:
{
Description: Searches for a substring in the response. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of packages. ,
Required: False ,
}
string ,
value:
{
Description: Array of packages. ,
Required: True ,
}
[
{
properties:
{
Description: package properties ,
Required: False ,
}
object ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ProductPackage_Get (new)
Description Gets a package by its identifier from the catalog.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages/{packageId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
packageId:
{
Description: package Id ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: package properties ,
Required: False ,
}
object ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ProductTemplates_List (new)
Description Gets all templates in the catalog.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductTemplates
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
$filter:
{
Description: Filters the results, based on a Boolean condition. Optional. ,
Required: False ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
$search:
{
Description: Searches for a substring in the response. Optional. ,
Required: False ,
}
string ,
$count:
{
Description: Instructs the server to return only object count without actual body. Optional. ,
Required: False ,
}
boolean ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skip:
{
Description: Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. ,
Format: int32 ,
Required: False ,
}
integer ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
value:
{
Description: Array of templates. ,
Required: True ,
}
[
{
properties:
{
Description: template properties ,
Required: False ,
}
string ,
}
,
]
,
nextLink:
{
Description: URL to fetch the next page of template. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ProductTemplate_Get (new)
Description Gets a template by its identifier.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentproducttemplates/{templateId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
templateId:
{
Description: template Id ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: template properties ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ContentTemplates_List (new)
Description Gets all installed templates. Expandable properties: - properties/mainTemplate - properties/dependantTemplates
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
$filter:
{
Description: Filters the results, based on a Boolean condition. Optional. ,
Required: False ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
$expand:
{
Description: Expands the object with optional fiends that are not included by default. Optional. ,
Required: False ,
}
string ,
$search:
{
Description: Searches for a substring in the response. Optional. ,
Required: False ,
}
string ,
$count:
{
Description: Instructs the server to return only object count without actual body. Optional. ,
Required: False ,
}
boolean ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skip:
{
Description: Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. ,
Format: int32 ,
Required: False ,
}
integer ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
value:
{
Description: Array of templates. ,
Required: True ,
}
[
{
properties:
{
Description: template properties ,
Required: False ,
}
object ,
}
,
]
,
nextLink:
{
Description: URL to fetch the next page of template. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ContentTemplate_Install (new)
Description Install a template.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
templateId:
{
Description: template Id ,
Required: True ,
}
string ,
templateInstallationProperties:
{
Description: Template installation properties ,
Required: True ,
}
{
properties:
{
Description: template properties ,
Required: False ,
}
object ,
}
,
}

⚐ Response (200)

{
properties:
{
Description: template properties ,
Required: False ,
}
object ,
}

⚐ Response (201)

{
properties:
{
Description: template properties ,
Required: False ,
}
object ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ContentTemplate_Get (new)
Description Gets a template byt its identifier. Expandable properties: - properties/mainTemplate - properties/dependantTemplates
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
templateId:
{
Description: template Id ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: template properties ,
Required: False ,
}
object ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ContentTemplate_Delete (new)
Description Delete an installed template.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
templateId:
{
Description: template Id ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ListGeodataByIp (new)
Description Get geodata for a single IP address
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/enrichment/{enrichmentType}/listGeodataByIp
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
enrichmentType:
{
Description: Enrichment type ,
Required: True ,
}
string ,
ipAddressBody:
{
Description: IP address (v4 or v6) to be enriched ,
Required: True ,
}
{
ipAddress:
{
Description: The dotted-decimal or colon-separated string representation of the IP address ,
Required: False ,
}
string ,
}
,
}

⚐ Response (200)

{
asn:
{
Description: The autonomous system number associated with this IP address ,
Required: False ,
}
string ,
carrier:
{
Description: The name of the carrier for this IP address ,
Required: False ,
}
string ,
city:
{
Description: The city this IP address is located in ,
Required: False ,
}
string ,
cityConfidenceFactor:
{
Description: A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100 ,
Format: int32 ,
Required: False ,
}
integer ,
continent:
{
Description: The continent this IP address is located on ,
Required: False ,
}
string ,
country:
{
Description: The county this IP address is located in ,
Required: False ,
}
string ,
countryConfidenceFactor:
{
Description: A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100 ,
Format: int32 ,
Required: False ,
}
integer ,
ipAddr:
{
Description: The dotted-decimal or colon-separated string representation of the IP address ,
Required: False ,
}
string ,
ipRoutingType:
{
Description: A description of the connection type of this IP address ,
Required: False ,
}
string ,
latitude:
{
Description: The latitude of this IP address ,
Required: False ,
}
string ,
longitude:
{
Description: The longitude of this IP address ,
Required: False ,
}
string ,
organization:
{
Description: The name of the organization for this IP address ,
Required: False ,
}
string ,
organizationType:
{
Description: The type of the organization for this IP address ,
Required: False ,
}
string ,
region:
{
Description: The geographic region this IP address is located in ,
Required: False ,
}
string ,
state:
{
Description: The state this IP address is located in ,
Required: False ,
}
string ,
stateConfidenceFactor:
{
Description: A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100 ,
Format: int32 ,
Required: False ,
}
integer ,
stateCode:
{
Description: The abbreviated name for the state this IP address is located in ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ListWhoisByDomain (new)
Description Get whois information for a single domain name
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/enrichment/{enrichmentType}/listWhoisByDomain
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
enrichmentType:
{
Description: Enrichment type ,
Required: True ,
}
string ,
domainBody:
{
Description: Domain name to be enriched. Only domain name is accepted ,
Required: True ,
}
{
domain:
{
Description: The domain name ,
Required: False ,
}
string ,
}
,
}

⚐ Response (200)

{
domain:
{
Description: The domain for this whois record ,
Required: False ,
}
string ,
server:
{
Description: The hostname of this registrar's whois server ,
Required: False ,
}
string ,
created:
{
Description: The timestamp at which this record was created ,
Format: date-time ,
Required: False ,
}
string ,
updated:
{
Description: The timestamp at which this record was last updated ,
Format: date-time ,
Required: False ,
}
string ,
expires:
{
Description: The timestamp at which this record will expire ,
Format: date-time ,
Required: False ,
}
string ,
parsedWhois:
{
Description: The whois record for a given domain ,
Required: False ,
}
{
registrar:
{
Description: The registrar associated with this domain ,
Required: False ,
}
{
name:
{
Description: The name of this registrar ,
Required: False ,
}
string ,
abuseContactEmail:
{
Description: This registrar's abuse contact email ,
Required: False ,
}
string ,
abuseContactPhone:
{
Description: This registrar's abuse contact phone number ,
Required: False ,
}
string ,
ianaId:
{
Description: This registrar's Internet Assigned Numbers Authority id ,
Required: False ,
}
string ,
url:
{
Description: This registrar's URL ,
Required: False ,
}
string ,
whoisServer:
{
Description: The hostname of this registrar's whois server ,
Required: False ,
}
string ,
}
,
contacts:
{
Description: The set of contacts associated with this domain ,
Required: False ,
}
{
admin:
{
Description: The admin contact for this whois record ,
Required: False ,
}
{
name:
{
Description: The name of this contact ,
Required: False ,
}
string ,
org:
{
Description: The organization for this contact ,
Required: False ,
}
string ,
street:
{
Description: A list describing the street address for this contact ,
Required: False ,
}
[
string ,
]
,
city:
{
Description: The city for this contact ,
Required: False ,
}
string ,
state:
{
Description: The state for this contact ,
Required: False ,
}
string ,
postal:
{
Description: The postal code for this contact ,
Required: False ,
}
string ,
country:
{
Description: The country for this contact ,
Required: False ,
}
string ,
phone:
{
Description: The phone number for this contact ,
Required: False ,
}
string ,
fax:
{
Description: The fax number for this contact ,
Required: False ,
}
string ,
email:
{
Description: The email address for this contact ,
Required: False ,
}
string ,
}
,
billing:
{
Description: The billing contact for this whois record ,
Required: False ,
}
{
name:
{
Description: The name of this contact ,
Required: False ,
}
string ,
org:
{
Description: The organization for this contact ,
Required: False ,
}
string ,
street:
{
Description: A list describing the street address for this contact ,
Required: False ,
}
[
string ,
]
,
city:
{
Description: The city for this contact ,
Required: False ,
}
string ,
state:
{
Description: The state for this contact ,
Required: False ,
}
string ,
postal:
{
Description: The postal code for this contact ,
Required: False ,
}
string ,
country:
{
Description: The country for this contact ,
Required: False ,
}
string ,
phone:
{
Description: The phone number for this contact ,
Required: False ,
}
string ,
fax:
{
Description: The fax number for this contact ,
Required: False ,
}
string ,
email:
{
Description: The email address for this contact ,
Required: False ,
}
string ,
}
,
registrant:
{
Description: The registrant contact for this whois record ,
Required: False ,
}
{
name:
{
Description: The name of this contact ,
Required: False ,
}
string ,
org:
{
Description: The organization for this contact ,
Required: False ,
}
string ,
street:
{
Description: A list describing the street address for this contact ,
Required: False ,
}
[
string ,
]
,
city:
{
Description: The city for this contact ,
Required: False ,
}
string ,
state:
{
Description: The state for this contact ,
Required: False ,
}
string ,
postal:
{
Description: The postal code for this contact ,
Required: False ,
}
string ,
country:
{
Description: The country for this contact ,
Required: False ,
}
string ,
phone:
{
Description: The phone number for this contact ,
Required: False ,
}
string ,
fax:
{
Description: The fax number for this contact ,
Required: False ,
}
string ,
email:
{
Description: The email address for this contact ,
Required: False ,
}
string ,
}
,
tech:
{
Description: The technical contact for this whois record ,
Required: False ,
}
{
name:
{
Description: The name of this contact ,
Required: False ,
}
string ,
org:
{
Description: The organization for this contact ,
Required: False ,
}
string ,
street:
{
Description: A list describing the street address for this contact ,
Required: False ,
}
[
string ,
]
,
city:
{
Description: The city for this contact ,
Required: False ,
}
string ,
state:
{
Description: The state for this contact ,
Required: False ,
}
string ,
postal:
{
Description: The postal code for this contact ,
Required: False ,
}
string ,
country:
{
Description: The country for this contact ,
Required: False ,
}
string ,
phone:
{
Description: The phone number for this contact ,
Required: False ,
}
string ,
fax:
{
Description: The fax number for this contact ,
Required: False ,
}
string ,
email:
{
Description: The email address for this contact ,
Required: False ,
}
string ,
}
,
}
,
nameServers:
{
Description: A list of name servers associated with this domain ,
Required: False ,
}
[
string ,
]
,
statuses:
{
Description: The set of status flags for this whois record ,
Required: False ,
}
[
string ,
]
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Entities_List (new)
Description Gets all entities.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of entities. ,
Required: False ,
}
string ,
value:
{
Description: Array of entities. ,
Required: True ,
}
[
{
kind:
{
Description: The kind of the entity. ,
Enum:
{
Account: Entity represents account in the system. ,
Host: Entity represents host in the system. ,
File: Entity represents file in the system. ,
AzureResource: Entity represents azure resource in the system. ,
CloudApplication: Entity represents cloud application in the system. ,
DnsResolution: Entity represents dns resolution in the system. ,
FileHash: Entity represents file hash in the system. ,
Ip: Entity represents ip in the system. ,
Malware: Entity represents malware in the system. ,
Process: Entity represents process in the system. ,
RegistryKey: Entity represents registry key in the system. ,
RegistryValue: Entity represents registry value in the system. ,
SecurityGroup: Entity represents security group in the system. ,
Url: Entity represents url in the system. ,
IoTDevice: Entity represents IoT device in the system. ,
SecurityAlert: Entity represents security alert in the system. ,
Bookmark: Entity represents bookmark in the system. ,
Mailbox: Entity represents mailbox in the system. ,
MailCluster: Entity represents mail cluster in the system. ,
MailMessage: Entity represents mail message in the system. ,
SubmissionMail: Entity represents submission mail in the system. ,
Nic: Entity represents network interface in the system. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Entities_Get (new)
Description Gets an entity.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
entityId:
{
Description: entity ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
kind:
{
Description: The kind of the entity. ,
Enum:
{
Account: Entity represents account in the system. ,
Host: Entity represents host in the system. ,
File: Entity represents file in the system. ,
AzureResource: Entity represents azure resource in the system. ,
CloudApplication: Entity represents cloud application in the system. ,
DnsResolution: Entity represents dns resolution in the system. ,
FileHash: Entity represents file hash in the system. ,
Ip: Entity represents ip in the system. ,
Malware: Entity represents malware in the system. ,
Process: Entity represents process in the system. ,
RegistryKey: Entity represents registry key in the system. ,
RegistryValue: Entity represents registry value in the system. ,
SecurityGroup: Entity represents security group in the system. ,
Url: Entity represents url in the system. ,
IoTDevice: Entity represents IoT device in the system. ,
SecurityAlert: Entity represents security alert in the system. ,
Bookmark: Entity represents bookmark in the system. ,
Mailbox: Entity represents mailbox in the system. ,
MailCluster: Entity represents mail cluster in the system. ,
MailMessage: Entity represents mail message in the system. ,
SubmissionMail: Entity represents submission mail in the system. ,
Nic: Entity represents network interface in the system. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Entities_Expand (new)
Description Expands an entity.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
entityId:
{
Description: entity ID ,
Required: True ,
}
string ,
parameters:
{
Description: The parameters required to execute an expand operation on the given entity. ,
Required: True ,
}
{
endTime:
{
Description: The end date filter, so the only expansion results returned are before this date. ,
Format: date-time ,
Required: False ,
}
string ,
expansionId:
{
Description: The Id of the expansion to perform. ,
Format: uuid ,
Required: False ,
}
string ,
startTime:
{
Description: The start date filter, so the only expansion results returned are after this date. ,
Format: date-time ,
Required: False ,
}
string ,
}
,
}

⚐ Response (200)

{
metaData:
{
Description: The metadata from the expansion operation results. ,
Required: False ,
}
{
aggregations:
{
Description: Information of the aggregated nodes in the expansion result. ,
Required: False ,
}
[
{
aggregationType:
{
Description: The common type of the aggregation. (for e.g. entity field name) ,
Required: False ,
}
string ,
count:
{
Description: Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. ,
Format: int32 ,
Required: True ,
}
integer ,
displayName:
{
Description: The display name of the aggregation by type. ,
Required: False ,
}
string ,
entityKind:
{
Description: The kind of the aggregated entity. ,
Enum:
{
Account: Entity represents account in the system. ,
Host: Entity represents host in the system. ,
File: Entity represents file in the system. ,
AzureResource: Entity represents azure resource in the system. ,
CloudApplication: Entity represents cloud application in the system. ,
DnsResolution: Entity represents dns resolution in the system. ,
FileHash: Entity represents file hash in the system. ,
Ip: Entity represents ip in the system. ,
Malware: Entity represents malware in the system. ,
Process: Entity represents process in the system. ,
RegistryKey: Entity represents registry key in the system. ,
RegistryValue: Entity represents registry value in the system. ,
SecurityGroup: Entity represents security group in the system. ,
Url: Entity represents url in the system. ,
IoTDevice: Entity represents IoT device in the system. ,
SecurityAlert: Entity represents security alert in the system. ,
Bookmark: Entity represents bookmark in the system. ,
Mailbox: Entity represents mailbox in the system. ,
MailCluster: Entity represents mail cluster in the system. ,
MailMessage: Entity represents mail message in the system. ,
SubmissionMail: Entity represents submission mail in the system. ,
Nic: Entity represents network interface in the system. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}
,
value:
{
Description: The expansion result values. ,
Required: False ,
}
{
entities:
{
Description: Array of the expansion result entities. ,
Required: False ,
}
[
{
kind:
{
Description: The kind of the entity. ,
Enum:
{
Account: Entity represents account in the system. ,
Host: Entity represents host in the system. ,
File: Entity represents file in the system. ,
AzureResource: Entity represents azure resource in the system. ,
CloudApplication: Entity represents cloud application in the system. ,
DnsResolution: Entity represents dns resolution in the system. ,
FileHash: Entity represents file hash in the system. ,
Ip: Entity represents ip in the system. ,
Malware: Entity represents malware in the system. ,
Process: Entity represents process in the system. ,
RegistryKey: Entity represents registry key in the system. ,
RegistryValue: Entity represents registry value in the system. ,
SecurityGroup: Entity represents security group in the system. ,
Url: Entity represents url in the system. ,
IoTDevice: Entity represents IoT device in the system. ,
SecurityAlert: Entity represents security alert in the system. ,
Bookmark: Entity represents bookmark in the system. ,
Mailbox: Entity represents mailbox in the system. ,
MailCluster: Entity represents mail cluster in the system. ,
MailMessage: Entity represents mail message in the system. ,
SubmissionMail: Entity represents submission mail in the system. ,
Nic: Entity represents network interface in the system. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
edges:
{
Description: Array of edges that connects the entity to the list of entities. ,
Required: False ,
}
[
{
targetEntityId:
{
Description: The target entity Id. ,
Required: False ,
}
string ,
additionalData:
{
Description: A bag of custom fields that should be part of the entity and will be presented to the user. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
EntitiesGetTimeline_list (new)
Description Timeline for an entity.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getTimeline
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
entityId:
{
Description: entity ID ,
Required: True ,
}
string ,
parameters:
{
Description: The parameters required to execute an timeline operation on the given entity. ,
Required: True ,
}
{
kinds:
{
Description: Array of timeline Item kinds. ,
Required: False ,
}
[
string ,
]
,
startTime:
{
Description: The start timeline date, so the results returned are after this date. ,
Format: date-time ,
Required: True ,
}
string ,
endTime:
{
Description: The end timeline date, so the results returned are before this date. ,
Format: date-time ,
Required: True ,
}
string ,
numberOfBucket:
{
Description: The number of bucket for timeline queries aggregation. ,
Format: int32 ,
Required: False ,
}
integer ,
}
,
}

⚐ Response (200)

{
metaData:
{
Description: The metadata from the timeline operation results. ,
Required: False ,
}
{
totalCount:
{
Description: the total items found for the timeline request ,
Format: int32 ,
Required: True ,
}
integer ,
aggregations:
{
Description: timeline aggregation per kind ,
Required: True ,
}
[
{
count:
{
Description: the total items found for a kind ,
Format: int32 ,
Required: True ,
}
integer ,
kind:
{
Description: the query kind ,
Enum:
{
Activity: activity ,
Bookmark: bookmarks ,
SecurityAlert: security alerts ,
Anomaly: anomaly ,
}
,
Required: True ,
}
enum ,
}
,
]
,
errors:
{
Description: information about the failure queries ,
Required: False ,
}
[
{
kind:
{
Description: the query kind ,
Enum:
{
Activity: activity ,
Bookmark: bookmarks ,
SecurityAlert: security alerts ,
Anomaly: anomaly ,
}
,
Required: True ,
}
enum ,
queryId:
{
Description: the query id ,
Required: False ,
}
string ,
errorMessage:
{
Description: the error message ,
Required: True ,
}
string ,
}
,
]
,
}
,
value:
{
Description: The timeline result values. ,
Required: False ,
}
[
{
kind:
{
Description: The entity query kind type. ,
Enum:
{
Activity: activity ,
Bookmark: bookmarks ,
SecurityAlert: security alerts ,
Anomaly: anomaly ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Entities_Queries (new)
Description Get Insights and Activities for an entity.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/queries
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
entityId:
{
Description: entity ID ,
Required: True ,
}
string ,
kind:
{
Description: The Kind parameter for queries ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
value:
{
Description: The query result values. ,
Required: False ,
}
[
{
id:
{
Description: Query Template ARM ID ,
Required: False ,
}
string ,
name:
{
Description: Query Template ARM Name ,
Required: False ,
}
string ,
type:
{
Description: ARM Type ,
Required: False ,
}
string ,
kind:
{
Description: The kind of the entity query ,
Enum:
{
Expansion: No description available. ,
Insight: No description available. ,
Activity: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Entities_GetInsights (new)
Description Execute Insights for an entity.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getInsights
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
entityId:
{
Description: entity ID ,
Required: True ,
}
string ,
parameters:
{
Description: The parameters required to execute insights on the given entity. ,
Required: True ,
}
{
startTime:
{
Description: The start timeline date, so the results returned are after this date. ,
Format: date-time ,
Required: True ,
}
string ,
endTime:
{
Description: The end timeline date, so the results returned are before this date. ,
Format: date-time ,
Required: True ,
}
string ,
addDefaultExtendedTimeRange:
{
Description: Indicates if query time range should be extended with default time range of the query. Default value is false ,
Required: False ,
}
boolean ,
insightQueryIds:
{
Description: List of Insights Query Id. If empty, default value is all insights of this entity ,
Required: False ,
}
[
string ,
]
,
}
,
}

⚐ Response (200)

{
metaData:
{
Description: The metadata from the get insights operation results. ,
Required: False ,
}
{
totalCount:
{
Description: the total items found for the insights request ,
Format: int32 ,
Required: True ,
}
integer ,
errors:
{
Description: information about the failed queries ,
Required: False ,
}
[
{
kind:
{
Description: the query kind ,
Enum:
{
Insight: No description available. ,
}
,
Required: True ,
}
enum ,
queryId:
{
Description: the query id ,
Required: False ,
}
string ,
errorMessage:
{
Description: the error message ,
Required: True ,
}
string ,
}
,
]
,
}
,
value:
{
Description: The insights result values. ,
Required: False ,
}
[
{
queryId:
{
Description: The query id of the insight ,
Required: False ,
}
string ,
queryTimeInterval:
{
Description: The Time interval that the query actually executed on. ,
Required: False ,
}
{
startTime:
{
Description: Insight query start time ,
Format: date-time ,
Required: False ,
}
string ,
endTime:
{
Description: Insight query end time ,
Format: date-time ,
Required: False ,
}
string ,
}
,
tableQueryResults:
{
Description: Query results for table insights query. ,
Required: False ,
}
{
columns:
{
Description: Columns Metadata of the table ,
Required: False ,
}
[
{
type:
{
Description: the type of the colum ,
Required: False ,
}
string ,
name:
{
Description: the name of the colum ,
Required: False ,
}
string ,
}
,
]
,
rows:
{
Description: Rows data of the table ,
Required: False ,
}
[
string ,
]
,
}
,
chartQueryResults:
{
Description: Query results for table insights query. ,
Required: False ,
}
[
{
columns:
{
Description: Columns Metadata of the table ,
Required: False ,
}
[
{
type:
{
Description: the type of the colum ,
Required: False ,
}
string ,
name:
{
Description: the name of the colum ,
Required: False ,
}
string ,
}
,
]
,
rows:
{
Description: Rows data of the table ,
Required: False ,
}
[
string ,
]
,
}
,
]
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
EntitiesRelations_List (new)
Description Gets all relations of an entity.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
entityId:
{
Description: entity ID ,
Required: True ,
}
string ,
$filter:
{
Description: Filters the results, based on a Boolean condition. Optional. ,
Required: False ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of relations. ,
Required: False ,
}
string ,
value:
{
Description: Array of relations. ,
Required: True ,
}
[
{
properties:
{
Description: Relation properties ,
Required: False ,
}
{
relatedResourceId:
{
Description: The resource ID of the related resource ,
Required: True ,
}
string ,
relatedResourceName:
{
Description: The name of the related resource ,
Required: False ,
}
string ,
relatedResourceType:
{
Description: The resource type of the related resource ,
Required: False ,
}
string ,
relatedResourceKind:
{
Description: The resource kind of the related resource ,
Required: False ,
}
string ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
EntityRelations_GetRelation (new)
Description Gets an entity relation.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations/{relationName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
entityId:
{
Description: entity ID ,
Required: True ,
}
string ,
relationName:
{
Description: Relation Name ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: Relation properties ,
Required: False ,
}
{
relatedResourceId:
{
Description: The resource ID of the related resource ,
Required: True ,
}
string ,
relatedResourceName:
{
Description: The name of the related resource ,
Required: False ,
}
string ,
relatedResourceType:
{
Description: The resource type of the related resource ,
Required: False ,
}
string ,
relatedResourceKind:
{
Description: The resource kind of the related resource ,
Required: False ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
EntityQueries_List (new)
Description Gets all entity queries.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries
{
kind:
{
Description: The entity query kind we want to fetch ,
Required: False ,
}
string ,
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of entity queries. ,
Required: False ,
}
string ,
value:
{
Description: Array of entity queries. ,
Required: True ,
}
[
{
kind:
{
Description: the entity query kind ,
Enum:
{
Expansion: No description available. ,
Insight: No description available. ,
Activity: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
EntityQueries_Get (new)
Description Gets an entity query.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
entityQueryId:
{
Description: entity query ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
kind:
{
Description: the entity query kind ,
Enum:
{
Expansion: No description available. ,
Insight: No description available. ,
Activity: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
EntityQueries_CreateOrUpdate (new)
Description Creates or updates the entity query.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
entityQueryId:
{
Description: entity query ID ,
Required: True ,
}
string ,
entityQuery:
{
Description: The entity query we want to create or update ,
Required: True ,
}
{
kind:
{
Description: the entity query kind ,
Enum:
{
Activity: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
}

⚐ Response (200)

{
kind:
{
Description: the entity query kind ,
Enum:
{
Expansion: No description available. ,
Insight: No description available. ,
Activity: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (201)

{
kind:
{
Description: the entity query kind ,
Enum:
{
Expansion: No description available. ,
Insight: No description available. ,
Activity: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
EntityQueries_Delete (new)
Description Delete the entity query.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
entityQueryId:
{
Description: entity query ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
EntityQueryTemplates_List (new)
Description Gets all entity query templates.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates
{
kind:
{
Description: The entity template query kind we want to fetch ,
Required: False ,
}
string ,
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of entity query templates. ,
Required: False ,
}
string ,
value:
{
Description: Array of entity query templates. ,
Required: True ,
}
[
{
kind:
{
Description: the entity query template kind ,
Enum:
{
Activity: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
EntityQueryTemplates_Get (new)
Description Gets an entity query.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates/{entityQueryTemplateId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
entityQueryTemplateId:
{
Description: entity query template ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
kind:
{
Description: the entity query template kind ,
Enum:
{
Activity: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
FileImports_List (new)
Description Gets all file imports.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
$filter:
{
Description: Filters the results, based on a Boolean condition. Optional. ,
Required: False ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of file imports. ,
Required: False ,
}
string ,
value:
{
Description: Array of file imports. ,
Required: True ,
}
[
{
properties:
{
Description: File import properties ,
Required: False ,
}
{
ingestionMode:
{
Description: Describes how to ingest the records in the file. ,
Enum:
{
IngestOnlyIfAllAreValid: No records should be ingested when invalid records are detected. ,
IngestAnyValidRecords: Valid records should still be ingested when invalid records are detected. ,
Unspecified: Unspecified ,
}
,
Required: True ,
}
enum ,
contentType:
{
Description: The content type of this file. ,
Enum:
{
BasicIndicator: File containing records with the core fields of an indicator, plus the observables to construct the STIX pattern. ,
StixIndicator: File containing STIX indicators. ,
Unspecified: File containing other records. ,
}
,
Required: True ,
}
enum ,
createdTimeUTC:
{
Description: The time the file was imported. ,
Format: date-time ,
Required: False ,
}
string ,
errorFile:
{
Description: Represents the error file (if the import was ingested with errors or failed the validation). ,
Required: False ,
}
{
fileFormat:
{
Description: The format of the file ,
Enum:
{
CSV: A CSV file. ,
JSON: A JSON file. ,
Unspecified: A file of other format. ,
}
,
Required: False ,
}
enum ,
fileName:
{
Description: The name of the file. ,
Required: False ,
}
string ,
fileSize:
{
Description: The size of the file. ,
Format: int32 ,
Required: False ,
}
integer ,
fileContentUri:
{
Description: A URI with a valid SAS token to allow uploading / downloading the file. ,
Required: False ,
}
string ,
deleteStatus:
{
Description: Indicates whether the file was deleted from the storage account. ,
Enum:
{
Deleted: The file was deleted. ,
NotDeleted: The file was not deleted. ,
Unspecified: Unspecified ,
}
,
Required: False ,
}
enum ,
}
,
errorsPreview:
{
Description: An ordered list of some of the errors that were encountered during validation. ,
Required: False ,
}
[
{
recordIndex:
{
Description: The number of the record that has the error. ,
Format: int32 ,
Required: False ,
}
integer ,
errorMessages:
{
Description: A list of descriptions of the error. ,
Required: False ,
}
[
string ,
]
,
}
,
]
,
importFile:
{
Description: Represents the imported file. ,
Required: True ,
}
{
fileFormat:
{
Description: The format of the file ,
Enum:
{
CSV: A CSV file. ,
JSON: A JSON file. ,
Unspecified: A file of other format. ,
}
,
Required: False ,
}
enum ,
fileName:
{
Description: The name of the file. ,
Required: False ,
}
string ,
fileSize:
{
Description: The size of the file. ,
Format: int32 ,
Required: False ,
}
integer ,
fileContentUri:
{
Description: A URI with a valid SAS token to allow uploading / downloading the file. ,
Required: False ,
}
string ,
deleteStatus:
{
Description: Indicates whether the file was deleted from the storage account. ,
Enum:
{
Deleted: The file was deleted. ,
NotDeleted: The file was not deleted. ,
Unspecified: Unspecified ,
}
,
Required: False ,
}
enum ,
}
,
ingestedRecordCount:
{
Description: The number of records that have been successfully ingested. ,
Format: int32 ,
Required: False ,
}
integer ,
source:
{
Description: The source for the data in the file. ,
Required: True ,
}
string ,
state:
{
Description: The state of the file import. ,
Enum:
{
FatalError: A fatal error has occurred while ingesting the file. ,
Ingested: The file has been ingested. ,
IngestedWithErrors: The file has been ingested with errors. ,
InProgress: The file ingestion is in progress. ,
Invalid: The file is invalid. ,
WaitingForUpload: Waiting for the file to be uploaded. ,
Unspecified: Unspecified state. ,
}
,
Required: False ,
}
enum ,
totalRecordCount:
{
Description: The number of records in the file. ,
Format: int32 ,
Required: False ,
}
integer ,
validRecordCount:
{
Description: The number of records that have passed validation. ,
Format: int32 ,
Required: False ,
}
integer ,
filesValidUntilTimeUTC:
{
Description: The time the files associated with this import are deleted from the storage account. ,
Format: date-time ,
Required: False ,
}
string ,
importValidUntilTimeUTC:
{
Description: The time the file import record is soft deleted from the database and history. ,
Format: date-time ,
Required: False ,
}
string ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
FileImports_Get (new)
Description Gets a file import.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
fileImportId:
{
Description: File import ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: File import properties ,
Required: False ,
}
{
ingestionMode:
{
Description: Describes how to ingest the records in the file. ,
Enum:
{
IngestOnlyIfAllAreValid: No records should be ingested when invalid records are detected. ,
IngestAnyValidRecords: Valid records should still be ingested when invalid records are detected. ,
Unspecified: Unspecified ,
}
,
Required: True ,
}
enum ,
contentType:
{
Description: The content type of this file. ,
Enum:
{
BasicIndicator: File containing records with the core fields of an indicator, plus the observables to construct the STIX pattern. ,
StixIndicator: File containing STIX indicators. ,
Unspecified: File containing other records. ,
}
,
Required: True ,
}
enum ,
createdTimeUTC:
{
Description: The time the file was imported. ,
Format: date-time ,
Required: False ,
}
string ,
errorFile:
{
Description: Represents the error file (if the import was ingested with errors or failed the validation). ,
Required: False ,
}
{
fileFormat:
{
Description: The format of the file ,
Enum:
{
CSV: A CSV file. ,
JSON: A JSON file. ,
Unspecified: A file of other format. ,
}
,
Required: False ,
}
enum ,
fileName:
{
Description: The name of the file. ,
Required: False ,
}
string ,
fileSize:
{
Description: The size of the file. ,
Format: int32 ,
Required: False ,
}
integer ,
fileContentUri:
{
Description: A URI with a valid SAS token to allow uploading / downloading the file. ,
Required: False ,
}
string ,
deleteStatus:
{
Description: Indicates whether the file was deleted from the storage account. ,
Enum:
{
Deleted: The file was deleted. ,
NotDeleted: The file was not deleted. ,
Unspecified: Unspecified ,
}
,
Required: False ,
}
enum ,
}
,
errorsPreview:
{
Description: An ordered list of some of the errors that were encountered during validation. ,
Required: False ,
}
[
{
recordIndex:
{
Description: The number of the record that has the error. ,
Format: int32 ,
Required: False ,
}
integer ,
errorMessages:
{
Description: A list of descriptions of the error. ,
Required: False ,
}
[
string ,
]
,
}
,
]
,
importFile:
{
Description: Represents the imported file. ,
Required: True ,
}
{
fileFormat:
{
Description: The format of the file ,
Enum:
{
CSV: A CSV file. ,
JSON: A JSON file. ,
Unspecified: A file of other format. ,
}
,
Required: False ,
}
enum ,
fileName:
{
Description: The name of the file. ,
Required: False ,
}
string ,
fileSize:
{
Description: The size of the file. ,
Format: int32 ,
Required: False ,
}
integer ,
fileContentUri:
{
Description: A URI with a valid SAS token to allow uploading / downloading the file. ,
Required: False ,
}
string ,
deleteStatus:
{
Description: Indicates whether the file was deleted from the storage account. ,
Enum:
{
Deleted: The file was deleted. ,
NotDeleted: The file was not deleted. ,
Unspecified: Unspecified ,
}
,
Required: False ,
}
enum ,
}
,
ingestedRecordCount:
{
Description: The number of records that have been successfully ingested. ,
Format: int32 ,
Required: False ,
}
integer ,
source:
{
Description: The source for the data in the file. ,
Required: True ,
}
string ,
state:
{
Description: The state of the file import. ,
Enum:
{
FatalError: A fatal error has occurred while ingesting the file. ,
Ingested: The file has been ingested. ,
IngestedWithErrors: The file has been ingested with errors. ,
InProgress: The file ingestion is in progress. ,
Invalid: The file is invalid. ,
WaitingForUpload: Waiting for the file to be uploaded. ,
Unspecified: Unspecified state. ,
}
,
Required: False ,
}
enum ,
totalRecordCount:
{
Description: The number of records in the file. ,
Format: int32 ,
Required: False ,
}
integer ,
validRecordCount:
{
Description: The number of records that have passed validation. ,
Format: int32 ,
Required: False ,
}
integer ,
filesValidUntilTimeUTC:
{
Description: The time the files associated with this import are deleted from the storage account. ,
Format: date-time ,
Required: False ,
}
string ,
importValidUntilTimeUTC:
{
Description: The time the file import record is soft deleted from the database and history. ,
Format: date-time ,
Required: False ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
FileImports_Create (new)
Description Creates the file import.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
fileImportId:
{
Description: File import ID ,
Required: True ,
}
string ,
fileImport:
{
Description: The file import ,
Required: True ,
}
{
properties:
{
Description: File import properties ,
Required: False ,
}
{
ingestionMode:
{
Description: Describes how to ingest the records in the file. ,
Enum:
{
IngestOnlyIfAllAreValid: No records should be ingested when invalid records are detected. ,
IngestAnyValidRecords: Valid records should still be ingested when invalid records are detected. ,
Unspecified: Unspecified ,
}
,
Required: True ,
}
enum ,
contentType:
{
Description: The content type of this file. ,
Enum:
{
BasicIndicator: File containing records with the core fields of an indicator, plus the observables to construct the STIX pattern. ,
StixIndicator: File containing STIX indicators. ,
Unspecified: File containing other records. ,
}
,
Required: True ,
}
enum ,
createdTimeUTC:
{
Description: The time the file was imported. ,
Format: date-time ,
Required: False ,
}
string ,
errorFile:
{
Description: Represents the error file (if the import was ingested with errors or failed the validation). ,
Required: False ,
}
{
fileFormat:
{
Description: The format of the file ,
Enum:
{
CSV: A CSV file. ,
JSON: A JSON file. ,
Unspecified: A file of other format. ,
}
,
Required: False ,
}
enum ,
fileName:
{
Description: The name of the file. ,
Required: False ,
}
string ,
fileSize:
{
Description: The size of the file. ,
Format: int32 ,
Required: False ,
}
integer ,
fileContentUri:
{
Description: A URI with a valid SAS token to allow uploading / downloading the file. ,
Required: False ,
}
string ,
deleteStatus:
{
Description: Indicates whether the file was deleted from the storage account. ,
Enum:
{
Deleted: The file was deleted. ,
NotDeleted: The file was not deleted. ,
Unspecified: Unspecified ,
}
,
Required: False ,
}
enum ,
}
,
errorsPreview:
{
Description: An ordered list of some of the errors that were encountered during validation. ,
Required: False ,
}
[
{
recordIndex:
{
Description: The number of the record that has the error. ,
Format: int32 ,
Required: False ,
}
integer ,
errorMessages:
{
Description: A list of descriptions of the error. ,
Required: False ,
}
[
string ,
]
,
}
,
]
,
importFile:
{
Description: Represents the imported file. ,
Required: True ,
}
{
fileFormat:
{
Description: The format of the file ,
Enum:
{
CSV: A CSV file. ,
JSON: A JSON file. ,
Unspecified: A file of other format. ,
}
,
Required: False ,
}
enum ,
fileName:
{
Description: The name of the file. ,
Required: False ,
}
string ,
fileSize:
{
Description: The size of the file. ,
Format: int32 ,
Required: False ,
}
integer ,
fileContentUri:
{
Description: A URI with a valid SAS token to allow uploading / downloading the file. ,
Required: False ,
}
string ,
deleteStatus:
{
Description: Indicates whether the file was deleted from the storage account. ,
Enum:
{
Deleted: The file was deleted. ,
NotDeleted: The file was not deleted. ,
Unspecified: Unspecified ,
}
,
Required: False ,
}
enum ,
}
,
ingestedRecordCount:
{
Description: The number of records that have been successfully ingested. ,
Format: int32 ,
Required: False ,
}
integer ,
source:
{
Description: The source for the data in the file. ,
Required: True ,
}
string ,
state:
{
Description: The state of the file import. ,
Enum:
{
FatalError: A fatal error has occurred while ingesting the file. ,
Ingested: The file has been ingested. ,
IngestedWithErrors: The file has been ingested with errors. ,
InProgress: The file ingestion is in progress. ,
Invalid: The file is invalid. ,
WaitingForUpload: Waiting for the file to be uploaded. ,
Unspecified: Unspecified state. ,
}
,
Required: False ,
}
enum ,
totalRecordCount:
{
Description: The number of records in the file. ,
Format: int32 ,
Required: False ,
}
integer ,
validRecordCount:
{
Description: The number of records that have passed validation. ,
Format: int32 ,
Required: False ,
}
integer ,
filesValidUntilTimeUTC:
{
Description: The time the files associated with this import are deleted from the storage account. ,
Format: date-time ,
Required: False ,
}
string ,
importValidUntilTimeUTC:
{
Description: The time the file import record is soft deleted from the database and history. ,
Format: date-time ,
Required: False ,
}
string ,
}
,
}
,
}

⚐ Response (201)

{
properties:
{
Description: File import properties ,
Required: False ,
}
{
ingestionMode:
{
Description: Describes how to ingest the records in the file. ,
Enum:
{
IngestOnlyIfAllAreValid: No records should be ingested when invalid records are detected. ,
IngestAnyValidRecords: Valid records should still be ingested when invalid records are detected. ,
Unspecified: Unspecified ,
}
,
Required: True ,
}
enum ,
contentType:
{
Description: The content type of this file. ,
Enum:
{
BasicIndicator: File containing records with the core fields of an indicator, plus the observables to construct the STIX pattern. ,
StixIndicator: File containing STIX indicators. ,
Unspecified: File containing other records. ,
}
,
Required: True ,
}
enum ,
createdTimeUTC:
{
Description: The time the file was imported. ,
Format: date-time ,
Required: False ,
}
string ,
errorFile:
{
Description: Represents the error file (if the import was ingested with errors or failed the validation). ,
Required: False ,
}
{
fileFormat:
{
Description: The format of the file ,
Enum:
{
CSV: A CSV file. ,
JSON: A JSON file. ,
Unspecified: A file of other format. ,
}
,
Required: False ,
}
enum ,
fileName:
{
Description: The name of the file. ,
Required: False ,
}
string ,
fileSize:
{
Description: The size of the file. ,
Format: int32 ,
Required: False ,
}
integer ,
fileContentUri:
{
Description: A URI with a valid SAS token to allow uploading / downloading the file. ,
Required: False ,
}
string ,
deleteStatus:
{
Description: Indicates whether the file was deleted from the storage account. ,
Enum:
{
Deleted: The file was deleted. ,
NotDeleted: The file was not deleted. ,
Unspecified: Unspecified ,
}
,
Required: False ,
}
enum ,
}
,
errorsPreview:
{
Description: An ordered list of some of the errors that were encountered during validation. ,
Required: False ,
}
[
{
recordIndex:
{
Description: The number of the record that has the error. ,
Format: int32 ,
Required: False ,
}
integer ,
errorMessages:
{
Description: A list of descriptions of the error. ,
Required: False ,
}
[
string ,
]
,
}
,
]
,
importFile:
{
Description: Represents the imported file. ,
Required: True ,
}
{
fileFormat:
{
Description: The format of the file ,
Enum:
{
CSV: A CSV file. ,
JSON: A JSON file. ,
Unspecified: A file of other format. ,
}
,
Required: False ,
}
enum ,
fileName:
{
Description: The name of the file. ,
Required: False ,
}
string ,
fileSize:
{
Description: The size of the file. ,
Format: int32 ,
Required: False ,
}
integer ,
fileContentUri:
{
Description: A URI with a valid SAS token to allow uploading / downloading the file. ,
Required: False ,
}
string ,
deleteStatus:
{
Description: Indicates whether the file was deleted from the storage account. ,
Enum:
{
Deleted: The file was deleted. ,
NotDeleted: The file was not deleted. ,
Unspecified: Unspecified ,
}
,
Required: False ,
}
enum ,
}
,
ingestedRecordCount:
{
Description: The number of records that have been successfully ingested. ,
Format: int32 ,
Required: False ,
}
integer ,
source:
{
Description: The source for the data in the file. ,
Required: True ,
}
string ,
state:
{
Description: The state of the file import. ,
Enum:
{
FatalError: A fatal error has occurred while ingesting the file. ,
Ingested: The file has been ingested. ,
IngestedWithErrors: The file has been ingested with errors. ,
InProgress: The file ingestion is in progress. ,
Invalid: The file is invalid. ,
WaitingForUpload: Waiting for the file to be uploaded. ,
Unspecified: Unspecified state. ,
}
,
Required: False ,
}
enum ,
totalRecordCount:
{
Description: The number of records in the file. ,
Format: int32 ,
Required: False ,
}
integer ,
validRecordCount:
{
Description: The number of records that have passed validation. ,
Format: int32 ,
Required: False ,
}
integer ,
filesValidUntilTimeUTC:
{
Description: The time the files associated with this import are deleted from the storage account. ,
Format: date-time ,
Required: False ,
}
string ,
importValidUntilTimeUTC:
{
Description: The time the file import record is soft deleted from the database and history. ,
Format: date-time ,
Required: False ,
}
string ,
}
,
}

⚐ Response (200)

{
properties:
{
Description: File import properties ,
Required: False ,
}
{
ingestionMode:
{
Description: Describes how to ingest the records in the file. ,
Enum:
{
IngestOnlyIfAllAreValid: No records should be ingested when invalid records are detected. ,
IngestAnyValidRecords: Valid records should still be ingested when invalid records are detected. ,
Unspecified: Unspecified ,
}
,
Required: True ,
}
enum ,
contentType:
{
Description: The content type of this file. ,
Enum:
{
BasicIndicator: File containing records with the core fields of an indicator, plus the observables to construct the STIX pattern. ,
StixIndicator: File containing STIX indicators. ,
Unspecified: File containing other records. ,
}
,
Required: True ,
}
enum ,
createdTimeUTC:
{
Description: The time the file was imported. ,
Format: date-time ,
Required: False ,
}
string ,
errorFile:
{
Description: Represents the error file (if the import was ingested with errors or failed the validation). ,
Required: False ,
}
{
fileFormat:
{
Description: The format of the file ,
Enum:
{
CSV: A CSV file. ,
JSON: A JSON file. ,
Unspecified: A file of other format. ,
}
,
Required: False ,
}
enum ,
fileName:
{
Description: The name of the file. ,
Required: False ,
}
string ,
fileSize:
{
Description: The size of the file. ,
Format: int32 ,
Required: False ,
}
integer ,
fileContentUri:
{
Description: A URI with a valid SAS token to allow uploading / downloading the file. ,
Required: False ,
}
string ,
deleteStatus:
{
Description: Indicates whether the file was deleted from the storage account. ,
Enum:
{
Deleted: The file was deleted. ,
NotDeleted: The file was not deleted. ,
Unspecified: Unspecified ,
}
,
Required: False ,
}
enum ,
}
,
errorsPreview:
{
Description: An ordered list of some of the errors that were encountered during validation. ,
Required: False ,
}
[
{
recordIndex:
{
Description: The number of the record that has the error. ,
Format: int32 ,
Required: False ,
}
integer ,
errorMessages:
{
Description: A list of descriptions of the error. ,
Required: False ,
}
[
string ,
]
,
}
,
]
,
importFile:
{
Description: Represents the imported file. ,
Required: True ,
}
{
fileFormat:
{
Description: The format of the file ,
Enum:
{
CSV: A CSV file. ,
JSON: A JSON file. ,
Unspecified: A file of other format. ,
}
,
Required: False ,
}
enum ,
fileName:
{
Description: The name of the file. ,
Required: False ,
}
string ,
fileSize:
{
Description: The size of the file. ,
Format: int32 ,
Required: False ,
}
integer ,
fileContentUri:
{
Description: A URI with a valid SAS token to allow uploading / downloading the file. ,
Required: False ,
}
string ,
deleteStatus:
{
Description: Indicates whether the file was deleted from the storage account. ,
Enum:
{
Deleted: The file was deleted. ,
NotDeleted: The file was not deleted. ,
Unspecified: Unspecified ,
}
,
Required: False ,
}
enum ,
}
,
ingestedRecordCount:
{
Description: The number of records that have been successfully ingested. ,
Format: int32 ,
Required: False ,
}
integer ,
source:
{
Description: The source for the data in the file. ,
Required: True ,
}
string ,
state:
{
Description: The state of the file import. ,
Enum:
{
FatalError: A fatal error has occurred while ingesting the file. ,
Ingested: The file has been ingested. ,
IngestedWithErrors: The file has been ingested with errors. ,
InProgress: The file ingestion is in progress. ,
Invalid: The file is invalid. ,
WaitingForUpload: Waiting for the file to be uploaded. ,
Unspecified: Unspecified state. ,
}
,
Required: False ,
}
enum ,
totalRecordCount:
{
Description: The number of records in the file. ,
Format: int32 ,
Required: False ,
}
integer ,
validRecordCount:
{
Description: The number of records that have passed validation. ,
Format: int32 ,
Required: False ,
}
integer ,
filesValidUntilTimeUTC:
{
Description: The time the files associated with this import are deleted from the storage account. ,
Format: date-time ,
Required: False ,
}
string ,
importValidUntilTimeUTC:
{
Description: The time the file import record is soft deleted from the database and history. ,
Format: date-time ,
Required: False ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
FileImports_Delete (new)
Description Delete the file import.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
fileImportId:
{
Description: File import ID ,
Required: True ,
}
string ,
}

⚐ Response (202)

{
$headers:
{
location: string ,
}
,
$schema:
{
Description: Represents a file import in Azure Security Insights. ,
}
{
properties:
{
Description: File import properties ,
Required: False ,
}
{
ingestionMode:
{
Description: Describes how to ingest the records in the file. ,
Enum:
{
IngestOnlyIfAllAreValid: No records should be ingested when invalid records are detected. ,
IngestAnyValidRecords: Valid records should still be ingested when invalid records are detected. ,
Unspecified: Unspecified ,
}
,
Required: True ,
}
enum ,
contentType:
{
Description: The content type of this file. ,
Enum:
{
BasicIndicator: File containing records with the core fields of an indicator, plus the observables to construct the STIX pattern. ,
StixIndicator: File containing STIX indicators. ,
Unspecified: File containing other records. ,
}
,
Required: True ,
}
enum ,
createdTimeUTC:
{
Description: The time the file was imported. ,
Format: date-time ,
Required: False ,
}
string ,
errorFile:
{
Description: Represents the error file (if the import was ingested with errors or failed the validation). ,
Required: False ,
}
{
fileFormat:
{
Description: The format of the file ,
Enum:
{
CSV: A CSV file. ,
JSON: A JSON file. ,
Unspecified: A file of other format. ,
}
,
Required: False ,
}
enum ,
fileName:
{
Description: The name of the file. ,
Required: False ,
}
string ,
fileSize:
{
Description: The size of the file. ,
Format: int32 ,
Required: False ,
}
integer ,
fileContentUri:
{
Description: A URI with a valid SAS token to allow uploading / downloading the file. ,
Required: False ,
}
string ,
deleteStatus:
{
Description: Indicates whether the file was deleted from the storage account. ,
Enum:
{
Deleted: The file was deleted. ,
NotDeleted: The file was not deleted. ,
Unspecified: Unspecified ,
}
,
Required: False ,
}
enum ,
}
,
errorsPreview:
{
Description: An ordered list of some of the errors that were encountered during validation. ,
Required: False ,
}
[
{
recordIndex:
{
Description: The number of the record that has the error. ,
Format: int32 ,
Required: False ,
}
integer ,
errorMessages:
{
Description: A list of descriptions of the error. ,
Required: False ,
}
[
string ,
]
,
}
,
]
,
importFile:
{
Description: Represents the imported file. ,
Required: True ,
}
{
fileFormat:
{
Description: The format of the file ,
Enum:
{
CSV: A CSV file. ,
JSON: A JSON file. ,
Unspecified: A file of other format. ,
}
,
Required: False ,
}
enum ,
fileName:
{
Description: The name of the file. ,
Required: False ,
}
string ,
fileSize:
{
Description: The size of the file. ,
Format: int32 ,
Required: False ,
}
integer ,
fileContentUri:
{
Description: A URI with a valid SAS token to allow uploading / downloading the file. ,
Required: False ,
}
string ,
deleteStatus:
{
Description: Indicates whether the file was deleted from the storage account. ,
Enum:
{
Deleted: The file was deleted. ,
NotDeleted: The file was not deleted. ,
Unspecified: Unspecified ,
}
,
Required: False ,
}
enum ,
}
,
ingestedRecordCount:
{
Description: The number of records that have been successfully ingested. ,
Format: int32 ,
Required: False ,
}
integer ,
source:
{
Description: The source for the data in the file. ,
Required: True ,
}
string ,
state:
{
Description: The state of the file import. ,
Enum:
{
FatalError: A fatal error has occurred while ingesting the file. ,
Ingested: The file has been ingested. ,
IngestedWithErrors: The file has been ingested with errors. ,
InProgress: The file ingestion is in progress. ,
Invalid: The file is invalid. ,
WaitingForUpload: Waiting for the file to be uploaded. ,
Unspecified: Unspecified state. ,
}
,
Required: False ,
}
enum ,
totalRecordCount:
{
Description: The number of records in the file. ,
Format: int32 ,
Required: False ,
}
integer ,
validRecordCount:
{
Description: The number of records that have passed validation. ,
Format: int32 ,
Required: False ,
}
integer ,
filesValidUntilTimeUTC:
{
Description: The time the files associated with this import are deleted from the storage account. ,
Format: date-time ,
Required: False ,
}
string ,
importValidUntilTimeUTC:
{
Description: The time the file import record is soft deleted from the database and history. ,
Format: date-time ,
Required: False ,
}
string ,
}
,
}
,
}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
Hunts_List (new)
Description Gets all hunts, without relations and comments.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
$filter:
{
Description: Filters the results, based on a Boolean condition. Optional. ,
Required: False ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of hunts. ,
Required: False ,
}
string ,
value:
{
Description: Array of hunts. ,
Required: True ,
}
[
{
properties:
{
Description: Hunt properties ,
Required: False ,
}
{
displayName:
{
Description: The display name of the hunt ,
Required: True ,
}
string ,
description:
{
Description: The description of the hunt ,
Required: True ,
}
string ,
status:
{
Description: The status of the hunt. ,
Enum:
{
New: No description available. ,
Active: No description available. ,
Closed: No description available. ,
Backlog: No description available. ,
Approved: No description available. ,
}
,
Required: False ,
}
enum ,
hypothesisStatus:
{
Description: The hypothesis status of the hunt. ,
Enum:
{
Unknown: No description available. ,
Invalidated: No description available. ,
Validated: No description available. ,
}
,
Required: False ,
}
enum ,
attackTactics:
{
Description: A list of mitre attack tactics the hunt is associated with ,
Required: False ,
}
[
string ,
]
,
attackTechniques:
{
Description: A list of a mitre attack techniques the hunt is associated with ,
Required: False ,
}
[
string ,
]
,
labels:
{
Description: List of labels relevant to this hunt ,
Required: False ,
}
[
string ,
]
,
owner:
{
Description: Describes a user that the hunt is assigned to ,
Required: False ,
}
{
email:
{
Description: The email of the user the hunt is assigned to. ,
Required: False ,
}
string ,
assignedTo:
{
Description: The name of the user the hunt is assigned to. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user the hunt is assigned to. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the user the hunt is assigned to. ,
Required: False ,
}
string ,
ownerType:
{
Description: The type of the owner the hunt is assigned to. ,
Enum:
{
Unknown: The hunt owner type is unknown ,
User: The hunt owner type is an AAD user ,
Group: The hunt owner type is an AAD group ,
}
,
Required: False ,
}
enum ,
}
,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Hunts_Get (new)
Description Gets a hunt, without relations and comments.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
huntId:
{
Description: The hunt id (GUID) ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: Hunt properties ,
Required: False ,
}
{
displayName:
{
Description: The display name of the hunt ,
Required: True ,
}
string ,
description:
{
Description: The description of the hunt ,
Required: True ,
}
string ,
status:
{
Description: The status of the hunt. ,
Enum:
{
New: No description available. ,
Active: No description available. ,
Closed: No description available. ,
Backlog: No description available. ,
Approved: No description available. ,
}
,
Required: False ,
}
enum ,
hypothesisStatus:
{
Description: The hypothesis status of the hunt. ,
Enum:
{
Unknown: No description available. ,
Invalidated: No description available. ,
Validated: No description available. ,
}
,
Required: False ,
}
enum ,
attackTactics:
{
Description: A list of mitre attack tactics the hunt is associated with ,
Required: False ,
}
[
string ,
]
,
attackTechniques:
{
Description: A list of a mitre attack techniques the hunt is associated with ,
Required: False ,
}
[
string ,
]
,
labels:
{
Description: List of labels relevant to this hunt ,
Required: False ,
}
[
string ,
]
,
owner:
{
Description: Describes a user that the hunt is assigned to ,
Required: False ,
}
{
email:
{
Description: The email of the user the hunt is assigned to. ,
Required: False ,
}
string ,
assignedTo:
{
Description: The name of the user the hunt is assigned to. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user the hunt is assigned to. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the user the hunt is assigned to. ,
Required: False ,
}
string ,
ownerType:
{
Description: The type of the owner the hunt is assigned to. ,
Enum:
{
Unknown: The hunt owner type is unknown ,
User: The hunt owner type is an AAD user ,
Group: The hunt owner type is an AAD group ,
}
,
Required: False ,
}
enum ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Hunts_Delete (new)
Description Delete a hunt.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
huntId:
{
Description: The hunt id (GUID) ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Hunts_CreateOrUpdate (new)
Description Create or update a hunt
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
huntId:
{
Description: The hunt id (GUID) ,
Required: True ,
}
string ,
hunt:
{
Description: The hunt ,
Required: True ,
}
{
properties:
{
Description: Hunt properties ,
Required: False ,
}
{
displayName:
{
Description: The display name of the hunt ,
Required: True ,
}
string ,
description:
{
Description: The description of the hunt ,
Required: True ,
}
string ,
status:
{
Description: The status of the hunt. ,
Enum:
{
New: No description available. ,
Active: No description available. ,
Closed: No description available. ,
Backlog: No description available. ,
Approved: No description available. ,
}
,
Required: False ,
}
enum ,
hypothesisStatus:
{
Description: The hypothesis status of the hunt. ,
Enum:
{
Unknown: No description available. ,
Invalidated: No description available. ,
Validated: No description available. ,
}
,
Required: False ,
}
enum ,
attackTactics:
{
Description: A list of mitre attack tactics the hunt is associated with ,
Required: False ,
}
[
string ,
]
,
attackTechniques:
{
Description: A list of a mitre attack techniques the hunt is associated with ,
Required: False ,
}
[
string ,
]
,
labels:
{
Description: List of labels relevant to this hunt ,
Required: False ,
}
[
string ,
]
,
owner:
{
Description: Describes a user that the hunt is assigned to ,
Required: False ,
}
{
email:
{
Description: The email of the user the hunt is assigned to. ,
Required: False ,
}
string ,
assignedTo:
{
Description: The name of the user the hunt is assigned to. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user the hunt is assigned to. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the user the hunt is assigned to. ,
Required: False ,
}
string ,
ownerType:
{
Description: The type of the owner the hunt is assigned to. ,
Enum:
{
Unknown: The hunt owner type is unknown ,
User: The hunt owner type is an AAD user ,
Group: The hunt owner type is an AAD group ,
}
,
Required: False ,
}
enum ,
}
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: Hunt properties ,
Required: False ,
}
{
displayName:
{
Description: The display name of the hunt ,
Required: True ,
}
string ,
description:
{
Description: The description of the hunt ,
Required: True ,
}
string ,
status:
{
Description: The status of the hunt. ,
Enum:
{
New: No description available. ,
Active: No description available. ,
Closed: No description available. ,
Backlog: No description available. ,
Approved: No description available. ,
}
,
Required: False ,
}
enum ,
hypothesisStatus:
{
Description: The hypothesis status of the hunt. ,
Enum:
{
Unknown: No description available. ,
Invalidated: No description available. ,
Validated: No description available. ,
}
,
Required: False ,
}
enum ,
attackTactics:
{
Description: A list of mitre attack tactics the hunt is associated with ,
Required: False ,
}
[
string ,
]
,
attackTechniques:
{
Description: A list of a mitre attack techniques the hunt is associated with ,
Required: False ,
}
[
string ,
]
,
labels:
{
Description: List of labels relevant to this hunt ,
Required: False ,
}
[
string ,
]
,
owner:
{
Description: Describes a user that the hunt is assigned to ,
Required: False ,
}
{
email:
{
Description: The email of the user the hunt is assigned to. ,
Required: False ,
}
string ,
assignedTo:
{
Description: The name of the user the hunt is assigned to. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user the hunt is assigned to. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the user the hunt is assigned to. ,
Required: False ,
}
string ,
ownerType:
{
Description: The type of the owner the hunt is assigned to. ,
Enum:
{
Unknown: The hunt owner type is unknown ,
User: The hunt owner type is an AAD user ,
Group: The hunt owner type is an AAD group ,
}
,
Required: False ,
}
enum ,
}
,
}
,
}

⚐ Response (201)

{
properties:
{
Description: Hunt properties ,
Required: False ,
}
{
displayName:
{
Description: The display name of the hunt ,
Required: True ,
}
string ,
description:
{
Description: The description of the hunt ,
Required: True ,
}
string ,
status:
{
Description: The status of the hunt. ,
Enum:
{
New: No description available. ,
Active: No description available. ,
Closed: No description available. ,
Backlog: No description available. ,
Approved: No description available. ,
}
,
Required: False ,
}
enum ,
hypothesisStatus:
{
Description: The hypothesis status of the hunt. ,
Enum:
{
Unknown: No description available. ,
Invalidated: No description available. ,
Validated: No description available. ,
}
,
Required: False ,
}
enum ,
attackTactics:
{
Description: A list of mitre attack tactics the hunt is associated with ,
Required: False ,
}
[
string ,
]
,
attackTechniques:
{
Description: A list of a mitre attack techniques the hunt is associated with ,
Required: False ,
}
[
string ,
]
,
labels:
{
Description: List of labels relevant to this hunt ,
Required: False ,
}
[
string ,
]
,
owner:
{
Description: Describes a user that the hunt is assigned to ,
Required: False ,
}
{
email:
{
Description: The email of the user the hunt is assigned to. ,
Required: False ,
}
string ,
assignedTo:
{
Description: The name of the user the hunt is assigned to. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user the hunt is assigned to. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the user the hunt is assigned to. ,
Required: False ,
}
string ,
ownerType:
{
Description: The type of the owner the hunt is assigned to. ,
Enum:
{
Unknown: The hunt owner type is unknown ,
User: The hunt owner type is an AAD user ,
Group: The hunt owner type is an AAD group ,
}
,
Required: False ,
}
enum ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
HuntRelations_List (new)
Description Gets all hunt relations
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
huntId:
{
Description: The hunt id (GUID) ,
Required: True ,
}
string ,
$filter:
{
Description: Filters the results, based on a Boolean condition. Optional. ,
Required: False ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of hunt relations. ,
Required: False ,
}
string ,
value:
{
Description: Array of hunt relations ,
Required: True ,
}
[
{
properties:
{
Description: Hunt Relation properties ,
Required: False ,
}
{
relatedResourceId:
{
Description: The id of the related resource ,
Required: True ,
}
string ,
relatedResourceName:
{
Description: The name of the related resource ,
Required: False ,
}
string ,
relationType:
{
Description: The type of the hunt relation ,
Required: False ,
}
string ,
relatedResourceKind:
{
Description: The resource that the relation is related to ,
Required: False ,
}
string ,
labels:
{
Description: List of labels relevant to this hunt ,
Required: False ,
}
[
string ,
]
,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
HuntRelations_Get (new)
Description Gets a hunt relation
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
huntId:
{
Description: The hunt id (GUID) ,
Required: True ,
}
string ,
huntRelationId:
{
Description: The hunt relation id (GUID) ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: Hunt Relation properties ,
Required: False ,
}
{
relatedResourceId:
{
Description: The id of the related resource ,
Required: True ,
}
string ,
relatedResourceName:
{
Description: The name of the related resource ,
Required: False ,
}
string ,
relationType:
{
Description: The type of the hunt relation ,
Required: False ,
}
string ,
relatedResourceKind:
{
Description: The resource that the relation is related to ,
Required: False ,
}
string ,
labels:
{
Description: List of labels relevant to this hunt ,
Required: False ,
}
[
string ,
]
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
HuntRelations_Delete (new)
Description Delete a hunt relation.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
huntId:
{
Description: The hunt id (GUID) ,
Required: True ,
}
string ,
huntRelationId:
{
Description: The hunt relation id (GUID) ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
HuntRelations_CreateOrUpdate (new)
Description Creates or updates a hunt relation.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
huntId:
{
Description: The hunt id (GUID) ,
Required: True ,
}
string ,
huntRelationId:
{
Description: The hunt relation id (GUID) ,
Required: True ,
}
string ,
huntRelation:
{
Description: The hunt relation ,
Required: True ,
}
{
properties:
{
Description: Hunt Relation properties ,
Required: False ,
}
{
relatedResourceId:
{
Description: The id of the related resource ,
Required: True ,
}
string ,
relatedResourceName:
{
Description: The name of the related resource ,
Required: False ,
}
string ,
relationType:
{
Description: The type of the hunt relation ,
Required: False ,
}
string ,
relatedResourceKind:
{
Description: The resource that the relation is related to ,
Required: False ,
}
string ,
labels:
{
Description: List of labels relevant to this hunt ,
Required: False ,
}
[
string ,
]
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: Hunt Relation properties ,
Required: False ,
}
{
relatedResourceId:
{
Description: The id of the related resource ,
Required: True ,
}
string ,
relatedResourceName:
{
Description: The name of the related resource ,
Required: False ,
}
string ,
relationType:
{
Description: The type of the hunt relation ,
Required: False ,
}
string ,
relatedResourceKind:
{
Description: The resource that the relation is related to ,
Required: False ,
}
string ,
labels:
{
Description: List of labels relevant to this hunt ,
Required: False ,
}
[
string ,
]
,
}
,
}

⚐ Response (201)

{
properties:
{
Description: Hunt Relation properties ,
Required: False ,
}
{
relatedResourceId:
{
Description: The id of the related resource ,
Required: True ,
}
string ,
relatedResourceName:
{
Description: The name of the related resource ,
Required: False ,
}
string ,
relationType:
{
Description: The type of the hunt relation ,
Required: False ,
}
string ,
relatedResourceKind:
{
Description: The resource that the relation is related to ,
Required: False ,
}
string ,
labels:
{
Description: List of labels relevant to this hunt ,
Required: False ,
}
[
string ,
]
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
HuntComments_List (new)
Description Gets all hunt comments
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
huntId:
{
Description: The hunt id (GUID) ,
Required: True ,
}
string ,
$filter:
{
Description: Filters the results, based on a Boolean condition. Optional. ,
Required: False ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of hunt comments. ,
Required: False ,
}
string ,
value:
{
Description: Array of hunt comments ,
Required: True ,
}
[
{
properties:
{
Description: Hunt Comment properties ,
Required: False ,
}
{
message:
{
Description: The message for the comment ,
Required: True ,
}
string ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
HuntComments_Get (new)
Description Gets a hunt comment
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
huntId:
{
Description: The hunt id (GUID) ,
Required: True ,
}
string ,
huntCommentId:
{
Description: The hunt comment id (GUID) ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: Hunt Comment properties ,
Required: False ,
}
{
message:
{
Description: The message for the comment ,
Required: True ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
HuntComments_Delete (new)
Description Delete a hunt comment.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
huntId:
{
Description: The hunt id (GUID) ,
Required: True ,
}
string ,
huntCommentId:
{
Description: The hunt comment id (GUID) ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
HuntComments_CreateOrUpdate (new)
Description Creates or updates a hunt relation.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
huntId:
{
Description: The hunt id (GUID) ,
Required: True ,
}
string ,
huntCommentId:
{
Description: The hunt comment id (GUID) ,
Required: True ,
}
string ,
huntComment:
{
Description: The hunt comment ,
Required: True ,
}
{
properties:
{
Description: Hunt Comment properties ,
Required: False ,
}
{
message:
{
Description: The message for the comment ,
Required: True ,
}
string ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: Hunt Comment properties ,
Required: False ,
}
{
message:
{
Description: The message for the comment ,
Required: True ,
}
string ,
}
,
}

⚐ Response (201)

{
properties:
{
Description: Hunt Comment properties ,
Required: False ,
}
{
message:
{
Description: The message for the comment ,
Required: True ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Incidents_List (new)
Description Gets all incidents.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
$filter:
{
Description: Filters the results, based on a Boolean condition. Optional. ,
Required: False ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
value:
{
Required: True ,
}
[
{
properties:
{
Required: False ,
}
{
title:
{
Description: The title of the incident ,
Required: True ,
}
string ,
description:
{
Description: The description of the incident ,
Required: False ,
}
string ,
severity:
{
Description: The severity of the incident ,
Enum:
{
High: High severity ,
Medium: Medium severity ,
Low: Low severity ,
Informational: Informational severity ,
}
,
Required: True ,
}
enum ,
status:
{
Description: The status of the incident ,
Enum:
{
New: An active incident which isn't being handled currently ,
Active: An active incident which is being handled ,
Closed: A non-active incident ,
}
,
Required: True ,
}
enum ,
classification:
{
Description: The reason the incident was closed ,
Enum:
{
Undetermined: Incident classification was undetermined ,
TruePositive: Incident was true positive ,
BenignPositive: Incident was benign positive ,
FalsePositive: Incident was false positive ,
}
,
Required: False ,
}
enum ,
classificationReason:
{
Description: The classification reason the incident was closed with ,
Enum:
{
SuspiciousActivity: Classification reason was suspicious activity ,
SuspiciousButExpected: Classification reason was suspicious but expected ,
IncorrectAlertLogic: Classification reason was incorrect alert logic ,
InaccurateData: Classification reason was inaccurate data ,
}
,
Required: False ,
}
enum ,
classificationComment:
{
Description: Describes the reason the incident was closed ,
Required: False ,
}
string ,
owner:
{
Description: Describes a user that the incident is assigned to ,
Required: False ,
}
{
email:
{
Description: The email of the user the incident is assigned to. ,
Required: False ,
}
string ,
assignedTo:
{
Description: The name of the user the incident is assigned to. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user the incident is assigned to. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the user the incident is assigned to. ,
Required: False ,
}
string ,
ownerType:
{
Description: The type of the owner the incident is assigned to. ,
Enum:
{
Unknown: The incident owner type is unknown ,
User: The incident owner type is an AAD user ,
Group: The incident owner type is an AAD group ,
}
,
Required: False ,
}
enum ,
}
,
labels:
{
Description: List of labels relevant to this incident ,
Required: False ,
}
[
{
labelName:
{
Description: The name of the label ,
Required: True ,
}
string ,
labelType:
{
Description: The type of the label ,
Enum:
{
User: Label manually created by a user ,
AutoAssigned: Label automatically created by the system ,
}
,
Required: False ,
}
enum ,
}
,
]
,
firstActivityTimeUtc:
{
Description: The time of the first activity in the incident ,
Format: date-time ,
Required: False ,
}
string ,
lastActivityTimeUtc:
{
Description: The time of the last activity in the incident ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedTimeUtc:
{
Description: The last time the incident was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdTimeUtc:
{
Description: The time the incident was created ,
Format: date-time ,
Required: False ,
}
string ,
incidentNumber:
{
Description: A sequential number ,
Format: int32 ,
Required: False ,
}
integer ,
additionalData:
{
Description: Additional data on the incident ,
Required: False ,
}
{
alertsCount:
{
Description: The number of alerts in the incident ,
Format: int32 ,
Required: False ,
}
integer ,
bookmarksCount:
{
Description: The number of bookmarks in the incident ,
Format: int32 ,
Required: False ,
}
integer ,
commentsCount:
{
Description: The number of comments in the incident ,
Format: int32 ,
Required: False ,
}
integer ,
alertProductNames:
{
Description: List of product names of alerts in the incident ,
Required: False ,
}
[
string ,
]
,
tactics:
{
Description: The tactics associated with incident ,
Required: False ,
}
[
string ,
]
,
techniques:
{
Description: The techniques associated with incident's tactics ,
Required: False ,
}
[
string ,
]
,
providerIncidentUrl:
{
Description: The provider incident url to the incident in Microsoft 365 Defender portal ,
Required: False ,
}
string ,
}
,
relatedAnalyticRuleIds:
{
Description: List of resource ids of Analytic rules related to the incident ,
Required: False ,
}
[
string ,
]
,
incidentUrl:
{
Description: The deep-link url to the incident in Azure portal ,
Required: False ,
}
string ,
providerName:
{
Description: The name of the source provider that generated the incident ,
Required: False ,
}
string ,
providerIncidentId:
{
Description: The incident ID assigned by the incident provider ,
Required: False ,
}
string ,
teamInformation:
{
Description: Describes a team for the incident ,
Required: False ,
}
{
teamId:
{
Description: Team ID ,
Required: False ,
}
string ,
primaryChannelUrl:
{
Description: The primary channel URL of the team ,
Required: False ,
}
string ,
teamCreationTimeUtc:
{
Description: The time the team was created ,
Format: date-time ,
Required: False ,
}
string ,
name:
{
Description: The name of the team ,
Required: False ,
}
string ,
description:
{
Description: The description of the team ,
Required: False ,
}
string ,
}
,
}
,
}
,
]
,
nextLink:
{
Description: URL to fetch the next set of incidents. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Incidents_Get (new)
Description Gets an incident.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentId:
{
Description: Incident ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Required: False ,
}
{
title:
{
Description: The title of the incident ,
Required: True ,
}
string ,
description:
{
Description: The description of the incident ,
Required: False ,
}
string ,
severity:
{
Description: The severity of the incident ,
Enum:
{
High: High severity ,
Medium: Medium severity ,
Low: Low severity ,
Informational: Informational severity ,
}
,
Required: True ,
}
enum ,
status:
{
Description: The status of the incident ,
Enum:
{
New: An active incident which isn't being handled currently ,
Active: An active incident which is being handled ,
Closed: A non-active incident ,
}
,
Required: True ,
}
enum ,
classification:
{
Description: The reason the incident was closed ,
Enum:
{
Undetermined: Incident classification was undetermined ,
TruePositive: Incident was true positive ,
BenignPositive: Incident was benign positive ,
FalsePositive: Incident was false positive ,
}
,
Required: False ,
}
enum ,
classificationReason:
{
Description: The classification reason the incident was closed with ,
Enum:
{
SuspiciousActivity: Classification reason was suspicious activity ,
SuspiciousButExpected: Classification reason was suspicious but expected ,
IncorrectAlertLogic: Classification reason was incorrect alert logic ,
InaccurateData: Classification reason was inaccurate data ,
}
,
Required: False ,
}
enum ,
classificationComment:
{
Description: Describes the reason the incident was closed ,
Required: False ,
}
string ,
owner:
{
Description: Describes a user that the incident is assigned to ,
Required: False ,
}
{
email:
{
Description: The email of the user the incident is assigned to. ,
Required: False ,
}
string ,
assignedTo:
{
Description: The name of the user the incident is assigned to. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user the incident is assigned to. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the user the incident is assigned to. ,
Required: False ,
}
string ,
ownerType:
{
Description: The type of the owner the incident is assigned to. ,
Enum:
{
Unknown: The incident owner type is unknown ,
User: The incident owner type is an AAD user ,
Group: The incident owner type is an AAD group ,
}
,
Required: False ,
}
enum ,
}
,
labels:
{
Description: List of labels relevant to this incident ,
Required: False ,
}
[
{
labelName:
{
Description: The name of the label ,
Required: True ,
}
string ,
labelType:
{
Description: The type of the label ,
Enum:
{
User: Label manually created by a user ,
AutoAssigned: Label automatically created by the system ,
}
,
Required: False ,
}
enum ,
}
,
]
,
firstActivityTimeUtc:
{
Description: The time of the first activity in the incident ,
Format: date-time ,
Required: False ,
}
string ,
lastActivityTimeUtc:
{
Description: The time of the last activity in the incident ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedTimeUtc:
{
Description: The last time the incident was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdTimeUtc:
{
Description: The time the incident was created ,
Format: date-time ,
Required: False ,
}
string ,
incidentNumber:
{
Description: A sequential number ,
Format: int32 ,
Required: False ,
}
integer ,
additionalData:
{
Description: Additional data on the incident ,
Required: False ,
}
{
alertsCount:
{
Description: The number of alerts in the incident ,
Format: int32 ,
Required: False ,
}
integer ,
bookmarksCount:
{
Description: The number of bookmarks in the incident ,
Format: int32 ,
Required: False ,
}
integer ,
commentsCount:
{
Description: The number of comments in the incident ,
Format: int32 ,
Required: False ,
}
integer ,
alertProductNames:
{
Description: List of product names of alerts in the incident ,
Required: False ,
}
[
string ,
]
,
tactics:
{
Description: The tactics associated with incident ,
Required: False ,
}
[
string ,
]
,
techniques:
{
Description: The techniques associated with incident's tactics ,
Required: False ,
}
[
string ,
]
,
providerIncidentUrl:
{
Description: The provider incident url to the incident in Microsoft 365 Defender portal ,
Required: False ,
}
string ,
}
,
relatedAnalyticRuleIds:
{
Description: List of resource ids of Analytic rules related to the incident ,
Required: False ,
}
[
string ,
]
,
incidentUrl:
{
Description: The deep-link url to the incident in Azure portal ,
Required: False ,
}
string ,
providerName:
{
Description: The name of the source provider that generated the incident ,
Required: False ,
}
string ,
providerIncidentId:
{
Description: The incident ID assigned by the incident provider ,
Required: False ,
}
string ,
teamInformation:
{
Description: Describes a team for the incident ,
Required: False ,
}
{
teamId:
{
Description: Team ID ,
Required: False ,
}
string ,
primaryChannelUrl:
{
Description: The primary channel URL of the team ,
Required: False ,
}
string ,
teamCreationTimeUtc:
{
Description: The time the team was created ,
Format: date-time ,
Required: False ,
}
string ,
name:
{
Description: The name of the team ,
Required: False ,
}
string ,
description:
{
Description: The description of the team ,
Required: False ,
}
string ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Incidents_CreateOrUpdate (new)
Description Creates or updates the incident.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentId:
{
Description: Incident ID ,
Required: True ,
}
string ,
incident:
{
Description: The incident ,
Required: True ,
}
{
properties:
{
Required: False ,
}
{
title:
{
Description: The title of the incident ,
Required: True ,
}
string ,
description:
{
Description: The description of the incident ,
Required: False ,
}
string ,
severity:
{
Description: The severity of the incident ,
Enum:
{
High: High severity ,
Medium: Medium severity ,
Low: Low severity ,
Informational: Informational severity ,
}
,
Required: True ,
}
enum ,
status:
{
Description: The status of the incident ,
Enum:
{
New: An active incident which isn't being handled currently ,
Active: An active incident which is being handled ,
Closed: A non-active incident ,
}
,
Required: True ,
}
enum ,
classification:
{
Description: The reason the incident was closed ,
Enum:
{
Undetermined: Incident classification was undetermined ,
TruePositive: Incident was true positive ,
BenignPositive: Incident was benign positive ,
FalsePositive: Incident was false positive ,
}
,
Required: False ,
}
enum ,
classificationReason:
{
Description: The classification reason the incident was closed with ,
Enum:
{
SuspiciousActivity: Classification reason was suspicious activity ,
SuspiciousButExpected: Classification reason was suspicious but expected ,
IncorrectAlertLogic: Classification reason was incorrect alert logic ,
InaccurateData: Classification reason was inaccurate data ,
}
,
Required: False ,
}
enum ,
classificationComment:
{
Description: Describes the reason the incident was closed ,
Required: False ,
}
string ,
owner:
{
Description: Describes a user that the incident is assigned to ,
Required: False ,
}
{
email:
{
Description: The email of the user the incident is assigned to. ,
Required: False ,
}
string ,
assignedTo:
{
Description: The name of the user the incident is assigned to. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user the incident is assigned to. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the user the incident is assigned to. ,
Required: False ,
}
string ,
ownerType:
{
Description: The type of the owner the incident is assigned to. ,
Enum:
{
Unknown: The incident owner type is unknown ,
User: The incident owner type is an AAD user ,
Group: The incident owner type is an AAD group ,
}
,
Required: False ,
}
enum ,
}
,
labels:
{
Description: List of labels relevant to this incident ,
Required: False ,
}
[
{
labelName:
{
Description: The name of the label ,
Required: True ,
}
string ,
labelType:
{
Description: The type of the label ,
Enum:
{
User: Label manually created by a user ,
AutoAssigned: Label automatically created by the system ,
}
,
Required: False ,
}
enum ,
}
,
]
,
firstActivityTimeUtc:
{
Description: The time of the first activity in the incident ,
Format: date-time ,
Required: False ,
}
string ,
lastActivityTimeUtc:
{
Description: The time of the last activity in the incident ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedTimeUtc:
{
Description: The last time the incident was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdTimeUtc:
{
Description: The time the incident was created ,
Format: date-time ,
Required: False ,
}
string ,
incidentNumber:
{
Description: A sequential number ,
Format: int32 ,
Required: False ,
}
integer ,
additionalData:
{
Description: Additional data on the incident ,
Required: False ,
}
{
alertsCount:
{
Description: The number of alerts in the incident ,
Format: int32 ,
Required: False ,
}
integer ,
bookmarksCount:
{
Description: The number of bookmarks in the incident ,
Format: int32 ,
Required: False ,
}
integer ,
commentsCount:
{
Description: The number of comments in the incident ,
Format: int32 ,
Required: False ,
}
integer ,
alertProductNames:
{
Description: List of product names of alerts in the incident ,
Required: False ,
}
[
string ,
]
,
tactics:
{
Description: The tactics associated with incident ,
Required: False ,
}
[
string ,
]
,
techniques:
{
Description: The techniques associated with incident's tactics ,
Required: False ,
}
[
string ,
]
,
providerIncidentUrl:
{
Description: The provider incident url to the incident in Microsoft 365 Defender portal ,
Required: False ,
}
string ,
}
,
relatedAnalyticRuleIds:
{
Description: List of resource ids of Analytic rules related to the incident ,
Required: False ,
}
[
string ,
]
,
incidentUrl:
{
Description: The deep-link url to the incident in Azure portal ,
Required: False ,
}
string ,
providerName:
{
Description: The name of the source provider that generated the incident ,
Required: False ,
}
string ,
providerIncidentId:
{
Description: The incident ID assigned by the incident provider ,
Required: False ,
}
string ,
teamInformation:
{
Description: Describes a team for the incident ,
Required: False ,
}
{
teamId:
{
Description: Team ID ,
Required: False ,
}
string ,
primaryChannelUrl:
{
Description: The primary channel URL of the team ,
Required: False ,
}
string ,
teamCreationTimeUtc:
{
Description: The time the team was created ,
Format: date-time ,
Required: False ,
}
string ,
name:
{
Description: The name of the team ,
Required: False ,
}
string ,
description:
{
Description: The description of the team ,
Required: False ,
}
string ,
}
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Required: False ,
}
{
title:
{
Description: The title of the incident ,
Required: True ,
}
string ,
description:
{
Description: The description of the incident ,
Required: False ,
}
string ,
severity:
{
Description: The severity of the incident ,
Enum:
{
High: High severity ,
Medium: Medium severity ,
Low: Low severity ,
Informational: Informational severity ,
}
,
Required: True ,
}
enum ,
status:
{
Description: The status of the incident ,
Enum:
{
New: An active incident which isn't being handled currently ,
Active: An active incident which is being handled ,
Closed: A non-active incident ,
}
,
Required: True ,
}
enum ,
classification:
{
Description: The reason the incident was closed ,
Enum:
{
Undetermined: Incident classification was undetermined ,
TruePositive: Incident was true positive ,
BenignPositive: Incident was benign positive ,
FalsePositive: Incident was false positive ,
}
,
Required: False ,
}
enum ,
classificationReason:
{
Description: The classification reason the incident was closed with ,
Enum:
{
SuspiciousActivity: Classification reason was suspicious activity ,
SuspiciousButExpected: Classification reason was suspicious but expected ,
IncorrectAlertLogic: Classification reason was incorrect alert logic ,
InaccurateData: Classification reason was inaccurate data ,
}
,
Required: False ,
}
enum ,
classificationComment:
{
Description: Describes the reason the incident was closed ,
Required: False ,
}
string ,
owner:
{
Description: Describes a user that the incident is assigned to ,
Required: False ,
}
{
email:
{
Description: The email of the user the incident is assigned to. ,
Required: False ,
}
string ,
assignedTo:
{
Description: The name of the user the incident is assigned to. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user the incident is assigned to. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the user the incident is assigned to. ,
Required: False ,
}
string ,
ownerType:
{
Description: The type of the owner the incident is assigned to. ,
Enum:
{
Unknown: The incident owner type is unknown ,
User: The incident owner type is an AAD user ,
Group: The incident owner type is an AAD group ,
}
,
Required: False ,
}
enum ,
}
,
labels:
{
Description: List of labels relevant to this incident ,
Required: False ,
}
[
{
labelName:
{
Description: The name of the label ,
Required: True ,
}
string ,
labelType:
{
Description: The type of the label ,
Enum:
{
User: Label manually created by a user ,
AutoAssigned: Label automatically created by the system ,
}
,
Required: False ,
}
enum ,
}
,
]
,
firstActivityTimeUtc:
{
Description: The time of the first activity in the incident ,
Format: date-time ,
Required: False ,
}
string ,
lastActivityTimeUtc:
{
Description: The time of the last activity in the incident ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedTimeUtc:
{
Description: The last time the incident was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdTimeUtc:
{
Description: The time the incident was created ,
Format: date-time ,
Required: False ,
}
string ,
incidentNumber:
{
Description: A sequential number ,
Format: int32 ,
Required: False ,
}
integer ,
additionalData:
{
Description: Additional data on the incident ,
Required: False ,
}
{
alertsCount:
{
Description: The number of alerts in the incident ,
Format: int32 ,
Required: False ,
}
integer ,
bookmarksCount:
{
Description: The number of bookmarks in the incident ,
Format: int32 ,
Required: False ,
}
integer ,
commentsCount:
{
Description: The number of comments in the incident ,
Format: int32 ,
Required: False ,
}
integer ,
alertProductNames:
{
Description: List of product names of alerts in the incident ,
Required: False ,
}
[
string ,
]
,
tactics:
{
Description: The tactics associated with incident ,
Required: False ,
}
[
string ,
]
,
techniques:
{
Description: The techniques associated with incident's tactics ,
Required: False ,
}
[
string ,
]
,
providerIncidentUrl:
{
Description: The provider incident url to the incident in Microsoft 365 Defender portal ,
Required: False ,
}
string ,
}
,
relatedAnalyticRuleIds:
{
Description: List of resource ids of Analytic rules related to the incident ,
Required: False ,
}
[
string ,
]
,
incidentUrl:
{
Description: The deep-link url to the incident in Azure portal ,
Required: False ,
}
string ,
providerName:
{
Description: The name of the source provider that generated the incident ,
Required: False ,
}
string ,
providerIncidentId:
{
Description: The incident ID assigned by the incident provider ,
Required: False ,
}
string ,
teamInformation:
{
Description: Describes a team for the incident ,
Required: False ,
}
{
teamId:
{
Description: Team ID ,
Required: False ,
}
string ,
primaryChannelUrl:
{
Description: The primary channel URL of the team ,
Required: False ,
}
string ,
teamCreationTimeUtc:
{
Description: The time the team was created ,
Format: date-time ,
Required: False ,
}
string ,
name:
{
Description: The name of the team ,
Required: False ,
}
string ,
description:
{
Description: The description of the team ,
Required: False ,
}
string ,
}
,
}
,
}

⚐ Response (201)

{
properties:
{
Required: False ,
}
{
title:
{
Description: The title of the incident ,
Required: True ,
}
string ,
description:
{
Description: The description of the incident ,
Required: False ,
}
string ,
severity:
{
Description: The severity of the incident ,
Enum:
{
High: High severity ,
Medium: Medium severity ,
Low: Low severity ,
Informational: Informational severity ,
}
,
Required: True ,
}
enum ,
status:
{
Description: The status of the incident ,
Enum:
{
New: An active incident which isn't being handled currently ,
Active: An active incident which is being handled ,
Closed: A non-active incident ,
}
,
Required: True ,
}
enum ,
classification:
{
Description: The reason the incident was closed ,
Enum:
{
Undetermined: Incident classification was undetermined ,
TruePositive: Incident was true positive ,
BenignPositive: Incident was benign positive ,
FalsePositive: Incident was false positive ,
}
,
Required: False ,
}
enum ,
classificationReason:
{
Description: The classification reason the incident was closed with ,
Enum:
{
SuspiciousActivity: Classification reason was suspicious activity ,
SuspiciousButExpected: Classification reason was suspicious but expected ,
IncorrectAlertLogic: Classification reason was incorrect alert logic ,
InaccurateData: Classification reason was inaccurate data ,
}
,
Required: False ,
}
enum ,
classificationComment:
{
Description: Describes the reason the incident was closed ,
Required: False ,
}
string ,
owner:
{
Description: Describes a user that the incident is assigned to ,
Required: False ,
}
{
email:
{
Description: The email of the user the incident is assigned to. ,
Required: False ,
}
string ,
assignedTo:
{
Description: The name of the user the incident is assigned to. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user the incident is assigned to. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the user the incident is assigned to. ,
Required: False ,
}
string ,
ownerType:
{
Description: The type of the owner the incident is assigned to. ,
Enum:
{
Unknown: The incident owner type is unknown ,
User: The incident owner type is an AAD user ,
Group: The incident owner type is an AAD group ,
}
,
Required: False ,
}
enum ,
}
,
labels:
{
Description: List of labels relevant to this incident ,
Required: False ,
}
[
{
labelName:
{
Description: The name of the label ,
Required: True ,
}
string ,
labelType:
{
Description: The type of the label ,
Enum:
{
User: Label manually created by a user ,
AutoAssigned: Label automatically created by the system ,
}
,
Required: False ,
}
enum ,
}
,
]
,
firstActivityTimeUtc:
{
Description: The time of the first activity in the incident ,
Format: date-time ,
Required: False ,
}
string ,
lastActivityTimeUtc:
{
Description: The time of the last activity in the incident ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedTimeUtc:
{
Description: The last time the incident was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdTimeUtc:
{
Description: The time the incident was created ,
Format: date-time ,
Required: False ,
}
string ,
incidentNumber:
{
Description: A sequential number ,
Format: int32 ,
Required: False ,
}
integer ,
additionalData:
{
Description: Additional data on the incident ,
Required: False ,
}
{
alertsCount:
{
Description: The number of alerts in the incident ,
Format: int32 ,
Required: False ,
}
integer ,
bookmarksCount:
{
Description: The number of bookmarks in the incident ,
Format: int32 ,
Required: False ,
}
integer ,
commentsCount:
{
Description: The number of comments in the incident ,
Format: int32 ,
Required: False ,
}
integer ,
alertProductNames:
{
Description: List of product names of alerts in the incident ,
Required: False ,
}
[
string ,
]
,
tactics:
{
Description: The tactics associated with incident ,
Required: False ,
}
[
string ,
]
,
techniques:
{
Description: The techniques associated with incident's tactics ,
Required: False ,
}
[
string ,
]
,
providerIncidentUrl:
{
Description: The provider incident url to the incident in Microsoft 365 Defender portal ,
Required: False ,
}
string ,
}
,
relatedAnalyticRuleIds:
{
Description: List of resource ids of Analytic rules related to the incident ,
Required: False ,
}
[
string ,
]
,
incidentUrl:
{
Description: The deep-link url to the incident in Azure portal ,
Required: False ,
}
string ,
providerName:
{
Description: The name of the source provider that generated the incident ,
Required: False ,
}
string ,
providerIncidentId:
{
Description: The incident ID assigned by the incident provider ,
Required: False ,
}
string ,
teamInformation:
{
Description: Describes a team for the incident ,
Required: False ,
}
{
teamId:
{
Description: Team ID ,
Required: False ,
}
string ,
primaryChannelUrl:
{
Description: The primary channel URL of the team ,
Required: False ,
}
string ,
teamCreationTimeUtc:
{
Description: The time the team was created ,
Format: date-time ,
Required: False ,
}
string ,
name:
{
Description: The name of the team ,
Required: False ,
}
string ,
description:
{
Description: The description of the team ,
Required: False ,
}
string ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Incidents_Delete (new)
Description Delete the incident.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentId:
{
Description: Incident ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Incidents_CreateTeam (new)
Description Creates a Microsoft team to investigate the incident by sharing information and insights between participants.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/createTeam
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentId:
{
Description: Incident ID ,
Required: True ,
}
string ,
teamProperties:
{
Description: Team properties ,
Required: True ,
}
{
teamId:
{
Description: Team ID ,
Required: False ,
}
string ,
primaryChannelUrl:
{
Description: The primary channel URL of the team ,
Required: False ,
}
string ,
teamCreationTimeUtc:
{
Description: The time the team was created ,
Format: date-time ,
Required: False ,
}
string ,
name:
{
Description: The name of the team ,
Required: False ,
}
string ,
description:
{
Description: The description of the team ,
Required: False ,
}
string ,
}
,
}

⚐ Response (200)

{
teamId:
{
Description: Team ID ,
Required: False ,
}
string ,
primaryChannelUrl:
{
Description: The primary channel URL of the team ,
Required: False ,
}
string ,
teamCreationTimeUtc:
{
Description: The time the team was created ,
Format: date-time ,
Required: False ,
}
string ,
name:
{
Description: The name of the team ,
Required: False ,
}
string ,
description:
{
Description: The description of the team ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Incidents_ListAlerts (new)
Description Gets all incident alerts.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentId:
{
Description: Incident ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
value:
{
Description: Array of incident alerts. ,
Required: True ,
}
[
{
properties:
{
Description: SecurityAlert entity properties ,
Required: False ,
}
{
alertDisplayName:
{
Description: The display name of the alert. ,
Required: False ,
}
string ,
alertType:
{
Description: The type name of the alert. ,
Required: False ,
}
string ,
compromisedEntity:
{
Description: Display name of the main entity being reported on. ,
Required: False ,
}
string ,
confidenceLevel:
{
Description: The confidence level of this alert. ,
Enum:
{
Unknown: Unknown confidence, the is the default value ,
Low: Low confidence, meaning we have some doubts this is indeed malicious or part of an attack ,
High: High confidence that the alert is true positive malicious ,
}
,
Required: False ,
}
enum ,
confidenceReasons:
{
Description: The confidence reasons ,
Required: False ,
}
[
{
reason:
{
Description: The reason's description ,
Required: False ,
}
string ,
reasonType:
{
Description: The type (category) of the reason ,
Required: False ,
}
string ,
}
,
]
,
confidenceScore:
{
Description: The confidence score of the alert. ,
Format: double ,
Required: False ,
}
number ,
confidenceScoreStatus:
{
Description: The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. ,
Enum:
{
NotApplicable: Score will not be calculated for this alert as it is not supported by virtual analyst ,
InProcess: No score was set yet and calculation is in progress ,
NotFinal: Score is calculated and shown as part of the alert, but may be updated again at a later time following the processing of additional data ,
Final: Final score was calculated and available ,
}
,
Required: False ,
}
enum ,
description:
{
Description: Alert description. ,
Required: False ,
}
string ,
endTimeUtc:
{
Description: The impact end time of the alert (the time of the last event contributing to the alert). ,
Format: date-time ,
Required: False ,
}
string ,
intent:
{
Description: Holds the alert intent stage(s) mapping for this alert. ,
Enum:
{
Unknown: The default value. ,
Probing: Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in. ,
Exploitation: Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage. ,
Persistence: Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access. ,
PrivilegeEscalation: Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege. ,
DefenseEvasion: Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. ,
CredentialAccess: Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment. ,
Discovery: Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must navigate themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase. ,
LateralMovement: Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect. ,
Execution: The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network. ,
Collection: Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate. ,
Exfiltration: Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate. ,
CommandAndControl: The command and control tactic represents how adversaries communicate with systems under their control within a target network. ,
Impact: The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others. ,
}
,
Required: False ,
}
enum ,
providerAlertId:
{
Description: The identifier of the alert inside the product which generated the alert. ,
Required: False ,
}
string ,
processingEndTime:
{
Description: The time the alert was made available for consumption. ,
Format: date-time ,
Required: False ,
}
string ,
productComponentName:
{
Description: The name of a component inside the product which generated the alert. ,
Required: False ,
}
string ,
productName:
{
Description: The name of the product which published this alert. ,
Required: False ,
}
string ,
productVersion:
{
Description: The version of the product generating the alert. ,
Required: False ,
}
string ,
remediationSteps:
{
Description: Manual action items to take to remediate the alert. ,
Required: False ,
}
[
string ,
]
,
severity:
{
Description: The severity of the alert ,
Enum:
{
High: High severity ,
Medium: Medium severity ,
Low: Low severity ,
Informational: Informational severity ,
}
,
Required: False ,
}
enum ,
startTimeUtc:
{
Description: The impact start time of the alert (the time of the first event contributing to the alert). ,
Format: date-time ,
Required: False ,
}
string ,
status:
{
Description: The lifecycle status of the alert. ,
Enum:
{
Unknown: Unknown value ,
New: New alert ,
Resolved: Alert closed after handling ,
Dismissed: Alert dismissed as false positive ,
InProgress: Alert is being handled ,
}
,
Required: False ,
}
enum ,
systemAlertId:
{
Description: Holds the product identifier of the alert for the product. ,
Required: False ,
}
string ,
tactics:
{
Description: The tactics of the alert ,
Required: False ,
}
[
string ,
]
,
timeGenerated:
{
Description: The time the alert was generated. ,
Format: date-time ,
Required: False ,
}
string ,
vendorName:
{
Description: The name of the vendor that raise the alert. ,
Required: False ,
}
string ,
alertLink:
{
Description: The uri link of the alert. ,
Required: False ,
}
string ,
resourceIdentifiers:
{
Description: The list of resource identifiers of the alert. ,
Required: False ,
}
[
object ,
]
,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Incidents_ListBookmarks (new)
Description Gets all incident bookmarks.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentId:
{
Description: Incident ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
value:
{
Description: Array of incident bookmarks. ,
Required: True ,
}
[
{
properties:
{
Description: HuntingBookmark entity properties ,
Required: False ,
}
{
created:
{
Description: The time the bookmark was created ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Describes a user that created the bookmark ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
displayName:
{
Description: The display name of the bookmark ,
Required: True ,
}
string ,
eventTime:
{
Description: The time of the event ,
Format: date-time ,
Required: False ,
}
string ,
labels:
{
Description: List of labels relevant to this bookmark ,
Required: False ,
}
[
string ,
]
,
notes:
{
Description: The notes of the bookmark ,
Required: False ,
}
string ,
query:
{
Description: The query of the bookmark. ,
Required: True ,
}
string ,
queryResult:
{
Description: The query result of the bookmark. ,
Required: False ,
}
string ,
updated:
{
Description: The last time the bookmark was updated ,
Format: date-time ,
Required: False ,
}
string ,
updatedBy:
{
Description: Describes a user that updated the bookmark ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
incidentInfo:
{
Description: Describes an incident that relates to bookmark ,
Required: False ,
}
{
incidentId:
{
Description: Incident Id ,
Required: False ,
}
string ,
severity:
{
Description: The severity of the incident ,
Enum:
{
High: High severity ,
Medium: Medium severity ,
Low: Low severity ,
Informational: Informational severity ,
}
,
Required: False ,
}
enum ,
title:
{
Description: The title of the incident ,
Required: False ,
}
string ,
relationName:
{
Description: Relation Name ,
Required: False ,
}
string ,
}
,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
IncidentComments_List (new)
Description Gets all incident comments.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentId:
{
Description: Incident ID ,
Required: True ,
}
string ,
$filter:
{
Description: Filters the results, based on a Boolean condition. Optional. ,
Required: False ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
value:
{
Required: True ,
}
[
{
properties:
{
Description: Incident comment properties ,
Required: False ,
}
{
message:
{
Description: The comment message ,
Required: True ,
}
string ,
createdTimeUtc:
{
Description: The time the comment was created ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedTimeUtc:
{
Description: The time the comment was updated ,
Format: date-time ,
Required: False ,
}
string ,
author:
{
Description: Describes the client that created the comment ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
}
,
}
,
]
,
nextLink:
{
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
IncidentComments_Get (new)
Description Gets an incident comment.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentId:
{
Description: Incident ID ,
Required: True ,
}
string ,
incidentCommentId:
{
Description: Incident comment ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: Incident comment properties ,
Required: False ,
}
{
message:
{
Description: The comment message ,
Required: True ,
}
string ,
createdTimeUtc:
{
Description: The time the comment was created ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedTimeUtc:
{
Description: The time the comment was updated ,
Format: date-time ,
Required: False ,
}
string ,
author:
{
Description: Describes the client that created the comment ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
IncidentComments_CreateOrUpdate (new)
Description Creates or updates the incident comment.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentId:
{
Description: Incident ID ,
Required: True ,
}
string ,
incidentCommentId:
{
Description: Incident comment ID ,
Required: True ,
}
string ,
incidentComment:
{
Description: The incident comment ,
Required: True ,
}
{
properties:
{
Description: Incident comment properties ,
Required: False ,
}
{
message:
{
Description: The comment message ,
Required: True ,
}
string ,
createdTimeUtc:
{
Description: The time the comment was created ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedTimeUtc:
{
Description: The time the comment was updated ,
Format: date-time ,
Required: False ,
}
string ,
author:
{
Description: Describes the client that created the comment ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: Incident comment properties ,
Required: False ,
}
{
message:
{
Description: The comment message ,
Required: True ,
}
string ,
createdTimeUtc:
{
Description: The time the comment was created ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedTimeUtc:
{
Description: The time the comment was updated ,
Format: date-time ,
Required: False ,
}
string ,
author:
{
Description: Describes the client that created the comment ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
}
,
}

⚐ Response (201)

{
properties:
{
Description: Incident comment properties ,
Required: False ,
}
{
message:
{
Description: The comment message ,
Required: True ,
}
string ,
createdTimeUtc:
{
Description: The time the comment was created ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedTimeUtc:
{
Description: The time the comment was updated ,
Format: date-time ,
Required: False ,
}
string ,
author:
{
Description: Describes the client that created the comment ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
IncidentComments_Delete (new)
Description Delete the incident comment.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentId:
{
Description: Incident ID ,
Required: True ,
}
string ,
incidentCommentId:
{
Description: Incident comment ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Incidents_ListEntities (new)
Description Gets all incident related entities.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentId:
{
Description: Incident ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
entities:
{
Description: Array of the incident related entities. ,
Required: False ,
}
[
{
kind:
{
Description: The kind of the entity. ,
Enum:
{
Account: Entity represents account in the system. ,
Host: Entity represents host in the system. ,
File: Entity represents file in the system. ,
AzureResource: Entity represents azure resource in the system. ,
CloudApplication: Entity represents cloud application in the system. ,
DnsResolution: Entity represents dns resolution in the system. ,
FileHash: Entity represents file hash in the system. ,
Ip: Entity represents ip in the system. ,
Malware: Entity represents malware in the system. ,
Process: Entity represents process in the system. ,
RegistryKey: Entity represents registry key in the system. ,
RegistryValue: Entity represents registry value in the system. ,
SecurityGroup: Entity represents security group in the system. ,
Url: Entity represents url in the system. ,
IoTDevice: Entity represents IoT device in the system. ,
SecurityAlert: Entity represents security alert in the system. ,
Bookmark: Entity represents bookmark in the system. ,
Mailbox: Entity represents mailbox in the system. ,
MailCluster: Entity represents mail cluster in the system. ,
MailMessage: Entity represents mail message in the system. ,
SubmissionMail: Entity represents submission mail in the system. ,
Nic: Entity represents network interface in the system. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
metaData:
{
Description: The metadata from the incident related entities results. ,
Required: False ,
}
[
{
entityKind:
{
Description: The kind of the aggregated entity. ,
Enum:
{
Account: Entity represents account in the system. ,
Host: Entity represents host in the system. ,
File: Entity represents file in the system. ,
AzureResource: Entity represents azure resource in the system. ,
CloudApplication: Entity represents cloud application in the system. ,
DnsResolution: Entity represents dns resolution in the system. ,
FileHash: Entity represents file hash in the system. ,
Ip: Entity represents ip in the system. ,
Malware: Entity represents malware in the system. ,
Process: Entity represents process in the system. ,
RegistryKey: Entity represents registry key in the system. ,
RegistryValue: Entity represents registry value in the system. ,
SecurityGroup: Entity represents security group in the system. ,
Url: Entity represents url in the system. ,
IoTDevice: Entity represents IoT device in the system. ,
SecurityAlert: Entity represents security alert in the system. ,
Bookmark: Entity represents bookmark in the system. ,
Mailbox: Entity represents mailbox in the system. ,
MailCluster: Entity represents mail cluster in the system. ,
MailMessage: Entity represents mail message in the system. ,
SubmissionMail: Entity represents submission mail in the system. ,
Nic: Entity represents network interface in the system. ,
}
,
Required: True ,
}
enum ,
count:
{
Description: Total number of aggregations of the given kind in the incident related entities result. ,
Format: int32 ,
Required: True ,
}
integer ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
IncidentRelations_List (new)
Description Gets all incident relations.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentId:
{
Description: Incident ID ,
Required: True ,
}
string ,
$filter:
{
Description: Filters the results, based on a Boolean condition. Optional. ,
Required: False ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of relations. ,
Required: False ,
}
string ,
value:
{
Description: Array of relations. ,
Required: True ,
}
[
{
properties:
{
Description: Relation properties ,
Required: False ,
}
{
relatedResourceId:
{
Description: The resource ID of the related resource ,
Required: True ,
}
string ,
relatedResourceName:
{
Description: The name of the related resource ,
Required: False ,
}
string ,
relatedResourceType:
{
Description: The resource type of the related resource ,
Required: False ,
}
string ,
relatedResourceKind:
{
Description: The resource kind of the related resource ,
Required: False ,
}
string ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
IncidentRelations_Get (new)
Description Gets an incident relation.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentId:
{
Description: Incident ID ,
Required: True ,
}
string ,
relationName:
{
Description: Relation Name ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: Relation properties ,
Required: False ,
}
{
relatedResourceId:
{
Description: The resource ID of the related resource ,
Required: True ,
}
string ,
relatedResourceName:
{
Description: The name of the related resource ,
Required: False ,
}
string ,
relatedResourceType:
{
Description: The resource type of the related resource ,
Required: False ,
}
string ,
relatedResourceKind:
{
Description: The resource kind of the related resource ,
Required: False ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
IncidentRelations_CreateOrUpdate (new)
Description Creates or updates the incident relation.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentId:
{
Description: Incident ID ,
Required: True ,
}
string ,
relationName:
{
Description: Relation Name ,
Required: True ,
}
string ,
relation:
{
Description: The relation model ,
Required: True ,
}
{
properties:
{
Description: Relation properties ,
Required: False ,
}
{
relatedResourceId:
{
Description: The resource ID of the related resource ,
Required: True ,
}
string ,
relatedResourceName:
{
Description: The name of the related resource ,
Required: False ,
}
string ,
relatedResourceType:
{
Description: The resource type of the related resource ,
Required: False ,
}
string ,
relatedResourceKind:
{
Description: The resource kind of the related resource ,
Required: False ,
}
string ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: Relation properties ,
Required: False ,
}
{
relatedResourceId:
{
Description: The resource ID of the related resource ,
Required: True ,
}
string ,
relatedResourceName:
{
Description: The name of the related resource ,
Required: False ,
}
string ,
relatedResourceType:
{
Description: The resource type of the related resource ,
Required: False ,
}
string ,
relatedResourceKind:
{
Description: The resource kind of the related resource ,
Required: False ,
}
string ,
}
,
}

⚐ Response (201)

{
properties:
{
Description: Relation properties ,
Required: False ,
}
{
relatedResourceId:
{
Description: The resource ID of the related resource ,
Required: True ,
}
string ,
relatedResourceName:
{
Description: The name of the related resource ,
Required: False ,
}
string ,
relatedResourceType:
{
Description: The resource type of the related resource ,
Required: False ,
}
string ,
relatedResourceKind:
{
Description: The resource kind of the related resource ,
Required: False ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
IncidentRelations_Delete (new)
Description Delete the incident relation.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentId:
{
Description: Incident ID ,
Required: True ,
}
string ,
relationName:
{
Description: Relation Name ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
IncidentTasks_List (new)
Description Gets all incident tasks.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentId:
{
Description: Incident ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
value:
{
Required: False ,
}
[
{
properties:
{
Required: True ,
}
{
title:
{
Description: The title of the task ,
Required: True ,
}
string ,
description:
{
Description: The description of the task ,
Required: False ,
}
string ,
status:
{
Enum:
{
New: A new task ,
Completed: A completed task ,
}
,
Required: True ,
}
enum ,
createdTimeUtc:
{
Description: The time the task was created ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedTimeUtc:
{
Description: The last time the task was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
lastModifiedBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
}
,
}
,
]
,
nextLink:
{
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
IncidentTasks_Get (new)
Description Gets an incident task.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentId:
{
Description: Incident ID ,
Required: True ,
}
string ,
incidentTaskId:
{
Description: Incident task ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Required: True ,
}
{
title:
{
Description: The title of the task ,
Required: True ,
}
string ,
description:
{
Description: The description of the task ,
Required: False ,
}
string ,
status:
{
Enum:
{
New: A new task ,
Completed: A completed task ,
}
,
Required: True ,
}
enum ,
createdTimeUtc:
{
Description: The time the task was created ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedTimeUtc:
{
Description: The last time the task was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
lastModifiedBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
IncidentTasks_CreateOrUpdate (new)
Description Creates or updates the incident task.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentId:
{
Description: Incident ID ,
Required: True ,
}
string ,
incidentTaskId:
{
Description: Incident task ID ,
Required: True ,
}
string ,
incidentTask:
{
Description: The incident task ,
Required: True ,
}
{
properties:
{
Required: True ,
}
{
title:
{
Description: The title of the task ,
Required: True ,
}
string ,
description:
{
Description: The description of the task ,
Required: False ,
}
string ,
status:
{
Enum:
{
New: A new task ,
Completed: A completed task ,
}
,
Required: True ,
}
enum ,
createdTimeUtc:
{
Description: The time the task was created ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedTimeUtc:
{
Description: The last time the task was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
lastModifiedBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Required: True ,
}
{
title:
{
Description: The title of the task ,
Required: True ,
}
string ,
description:
{
Description: The description of the task ,
Required: False ,
}
string ,
status:
{
Enum:
{
New: A new task ,
Completed: A completed task ,
}
,
Required: True ,
}
enum ,
createdTimeUtc:
{
Description: The time the task was created ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedTimeUtc:
{
Description: The last time the task was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
lastModifiedBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
}
,
}

⚐ Response (201)

{
properties:
{
Required: True ,
}
{
title:
{
Description: The title of the task ,
Required: True ,
}
string ,
description:
{
Description: The description of the task ,
Required: False ,
}
string ,
status:
{
Enum:
{
New: A new task ,
Completed: A completed task ,
}
,
Required: True ,
}
enum ,
createdTimeUtc:
{
Description: The time the task was created ,
Format: date-time ,
Required: False ,
}
string ,
lastModifiedTimeUtc:
{
Description: The last time the task was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
lastModifiedBy:
{
Description: Information on the client (user or application) that made some action ,
Required: False ,
}
{
email:
{
Description: The email of the client. ,
Required: False ,
}
string ,
name:
{
Description: The name of the client. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the client. ,
Format: uuid ,
Required: False ,
}
string ,
userPrincipalName:
{
Description: The user principal name of the client. ,
Required: False ,
}
string ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
IncidentTasks_Delete (new)
Description Delete the incident task.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
incidentId:
{
Description: Incident ID ,
Required: True ,
}
string ,
incidentTaskId:
{
Description: Incident task ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Metadata_List (new)
Description List of all metadata
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
$filter:
{
Description: Filters the results, based on a Boolean condition. Optional. ,
Required: False ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skip:
{
Description: Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. ,
Format: int32 ,
Required: False ,
}
integer ,
}

⚐ Response (200)

{
value:
{
Description: Array of metadata. ,
Required: True ,
}
[
{
properties:
{
Description: Metadata properties ,
Required: False ,
}
{
contentId:
{
Description: Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name ,
Required: False ,
}
string ,
parentId:
{
Description: Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) ,
Required: True ,
}
string ,
version:
{
Description: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks ,
Required: False ,
}
string ,
kind:
{
Description: The kind of content the metadata is for. ,
Required: True ,
}
string ,
source:
{
Description: Source of the content. This is where/how it was created. ,
Required: False ,
}
{
kind:
{
Description: Source type of the content ,
Enum:
{
LocalWorkspace: No description available. ,
Community: No description available. ,
Solution: No description available. ,
SourceRepository: No description available. ,
}
,
Required: True ,
}
enum ,
name:
{
Description: Name of the content source. The repo name, solution name, LA workspace name etc. ,
Required: False ,
}
string ,
sourceId:
{
Description: ID of the content source. The solution ID, workspace ID, etc ,
Required: False ,
}
string ,
}
,
author:
{
Description: The creator of the content item. ,
Required: False ,
}
{
name:
{
Description: Name of the author. Company or person. ,
Required: False ,
}
string ,
email:
{
Description: Email of author contact ,
Required: False ,
}
string ,
link:
{
Description: Link for author/vendor page ,
Required: False ,
}
string ,
}
,
support:
{
Description: Support information for the metadata - type, name, contact information ,
Required: False ,
}
{
tier:
{
Description: Type of support for content item ,
Enum:
{
Microsoft: No description available. ,
Partner: No description available. ,
Community: No description available. ,
}
,
Required: True ,
}
enum ,
name:
{
Description: Name of the support contact. Company or person. ,
Required: False ,
}
string ,
email:
{
Description: Email of support contact ,
Required: False ,
}
string ,
link:
{
Description: Link for support help, like to support page to open a ticket etc. ,
Required: False ,
}
string ,
}
,
dependencies:
{
Description: Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats. ,
Required: False ,
}
{
contentId:
{
Description: Id of the content item we depend on ,
Required: False ,
}
string ,
kind:
{
Description: Type of the content item we depend on ,
Enum:
{
DataConnector: No description available. ,
DataType: No description available. ,
Workbook: No description available. ,
WorkbookTemplate: No description available. ,
Playbook: No description available. ,
PlaybookTemplate: No description available. ,
AnalyticsRuleTemplate: No description available. ,
AnalyticsRule: No description available. ,
HuntingQuery: No description available. ,
InvestigationQuery: No description available. ,
Parser: No description available. ,
Watchlist: No description available. ,
WatchlistTemplate: No description available. ,
Solution: No description available. ,
AzureFunction: No description available. ,
LogicAppsCustomConnector: No description available. ,
AutomationRule: No description available. ,
ResourcesDataConnector: No description available. ,
Notebook: No description available. ,
Standalone: No description available. ,
SummaryRule: No description available. ,
}
,
Required: False ,
}
enum ,
version:
{
Description: Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. ,
Required: False ,
}
string ,
name:
{
Description: Name of the content item ,
Required: False ,
}
string ,
operator:
{
Description: Operator used for list of dependencies in criteria array. ,
Enum:
{
AND: No description available. ,
OR: No description available. ,
}
,
Required: False ,
}
enum ,
criteria:
{
Description: This is the list of dependencies we must fulfill, according to the AND/OR operator ,
Required: False ,
}
[
string ,
]
,
}
,
categories:
{
Description: Categories for the solution content item ,
Required: False ,
}
{
domains:
{
Description: domain for the solution content item ,
Required: False ,
}
[
string ,
]
,
verticals:
{
Description: Industry verticals for the solution content item ,
Required: False ,
}
[
string ,
]
,
}
,
providers:
{
Description: Providers for the solution content item ,
Required: False ,
}
[
string ,
]
,
firstPublishDate:
{
Description: first publish date solution content item ,
Format: date ,
Required: False ,
}
string ,
lastPublishDate:
{
Description: last publish date for the solution content item ,
Format: date ,
Required: False ,
}
string ,
customVersion:
{
Description: The custom version of the content. A optional free text ,
Required: False ,
}
string ,
contentSchemaVersion:
{
Description: Schema version of the content. Can be used to distinguish between different flow based on the schema version ,
Required: False ,
}
string ,
icon:
{
Description: the icon identifier. this id can later be fetched from the solution template ,
Required: False ,
}
string ,
threatAnalysisTactics:
{
Description: the tactics the resource covers ,
Required: False ,
}
[
string ,
]
,
threatAnalysisTechniques:
{
Description: the techniques the resource covers, these have to be aligned with the tactics being used ,
Required: False ,
}
[
string ,
]
,
previewImages:
{
Description: preview image file names. These will be taken from the solution artifacts ,
Required: False ,
}
[
string ,
]
,
previewImagesDark:
{
Description: preview image file names. These will be taken from the solution artifacts. used for dark theme support ,
Required: False ,
}
[
string ,
]
,
}
,
}
,
]
,
nextLink:
{
Description: URL to fetch the next page of metadata. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Metadata_Get (new)
Description Get a Metadata.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
metadataName:
{
Description: The Metadata name. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: Metadata properties ,
Required: False ,
}
{
contentId:
{
Description: Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name ,
Required: False ,
}
string ,
parentId:
{
Description: Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) ,
Required: True ,
}
string ,
version:
{
Description: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks ,
Required: False ,
}
string ,
kind:
{
Description: The kind of content the metadata is for. ,
Required: True ,
}
string ,
source:
{
Description: Source of the content. This is where/how it was created. ,
Required: False ,
}
{
kind:
{
Description: Source type of the content ,
Enum:
{
LocalWorkspace: No description available. ,
Community: No description available. ,
Solution: No description available. ,
SourceRepository: No description available. ,
}
,
Required: True ,
}
enum ,
name:
{
Description: Name of the content source. The repo name, solution name, LA workspace name etc. ,
Required: False ,
}
string ,
sourceId:
{
Description: ID of the content source. The solution ID, workspace ID, etc ,
Required: False ,
}
string ,
}
,
author:
{
Description: The creator of the content item. ,
Required: False ,
}
{
name:
{
Description: Name of the author. Company or person. ,
Required: False ,
}
string ,
email:
{
Description: Email of author contact ,
Required: False ,
}
string ,
link:
{
Description: Link for author/vendor page ,
Required: False ,
}
string ,
}
,
support:
{
Description: Support information for the metadata - type, name, contact information ,
Required: False ,
}
{
tier:
{
Description: Type of support for content item ,
Enum:
{
Microsoft: No description available. ,
Partner: No description available. ,
Community: No description available. ,
}
,
Required: True ,
}
enum ,
name:
{
Description: Name of the support contact. Company or person. ,
Required: False ,
}
string ,
email:
{
Description: Email of support contact ,
Required: False ,
}
string ,
link:
{
Description: Link for support help, like to support page to open a ticket etc. ,
Required: False ,
}
string ,
}
,
dependencies:
{
Description: Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats. ,
Required: False ,
}
{
contentId:
{
Description: Id of the content item we depend on ,
Required: False ,
}
string ,
kind:
{
Description: Type of the content item we depend on ,
Enum:
{
DataConnector: No description available. ,
DataType: No description available. ,
Workbook: No description available. ,
WorkbookTemplate: No description available. ,
Playbook: No description available. ,
PlaybookTemplate: No description available. ,
AnalyticsRuleTemplate: No description available. ,
AnalyticsRule: No description available. ,
HuntingQuery: No description available. ,
InvestigationQuery: No description available. ,
Parser: No description available. ,
Watchlist: No description available. ,
WatchlistTemplate: No description available. ,
Solution: No description available. ,
AzureFunction: No description available. ,
LogicAppsCustomConnector: No description available. ,
AutomationRule: No description available. ,
ResourcesDataConnector: No description available. ,
Notebook: No description available. ,
Standalone: No description available. ,
SummaryRule: No description available. ,
}
,
Required: False ,
}
enum ,
version:
{
Description: Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. ,
Required: False ,
}
string ,
name:
{
Description: Name of the content item ,
Required: False ,
}
string ,
operator:
{
Description: Operator used for list of dependencies in criteria array. ,
Enum:
{
AND: No description available. ,
OR: No description available. ,
}
,
Required: False ,
}
enum ,
criteria:
{
Description: This is the list of dependencies we must fulfill, according to the AND/OR operator ,
Required: False ,
}
[
string ,
]
,
}
,
categories:
{
Description: Categories for the solution content item ,
Required: False ,
}
{
domains:
{
Description: domain for the solution content item ,
Required: False ,
}
[
string ,
]
,
verticals:
{
Description: Industry verticals for the solution content item ,
Required: False ,
}
[
string ,
]
,
}
,
providers:
{
Description: Providers for the solution content item ,
Required: False ,
}
[
string ,
]
,
firstPublishDate:
{
Description: first publish date solution content item ,
Format: date ,
Required: False ,
}
string ,
lastPublishDate:
{
Description: last publish date for the solution content item ,
Format: date ,
Required: False ,
}
string ,
customVersion:
{
Description: The custom version of the content. A optional free text ,
Required: False ,
}
string ,
contentSchemaVersion:
{
Description: Schema version of the content. Can be used to distinguish between different flow based on the schema version ,
Required: False ,
}
string ,
icon:
{
Description: the icon identifier. this id can later be fetched from the solution template ,
Required: False ,
}
string ,
threatAnalysisTactics:
{
Description: the tactics the resource covers ,
Required: False ,
}
[
string ,
]
,
threatAnalysisTechniques:
{
Description: the techniques the resource covers, these have to be aligned with the tactics being used ,
Required: False ,
}
[
string ,
]
,
previewImages:
{
Description: preview image file names. These will be taken from the solution artifacts ,
Required: False ,
}
[
string ,
]
,
previewImagesDark:
{
Description: preview image file names. These will be taken from the solution artifacts. used for dark theme support ,
Required: False ,
}
[
string ,
]
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Metadata_Delete (new)
Description Delete a Metadata.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
metadataName:
{
Description: The Metadata name. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Metadata_Create (new)
Description Create a Metadata.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
metadataName:
{
Description: The Metadata name. ,
Required: True ,
}
string ,
metadata:
{
Description: Metadata resource. ,
Required: True ,
}
{
properties:
{
Description: Metadata properties ,
Required: False ,
}
{
contentId:
{
Description: Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name ,
Required: False ,
}
string ,
parentId:
{
Description: Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) ,
Required: True ,
}
string ,
version:
{
Description: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks ,
Required: False ,
}
string ,
kind:
{
Description: The kind of content the metadata is for. ,
Required: True ,
}
string ,
source:
{
Description: Source of the content. This is where/how it was created. ,
Required: False ,
}
{
kind:
{
Description: Source type of the content ,
Enum:
{
LocalWorkspace: No description available. ,
Community: No description available. ,
Solution: No description available. ,
SourceRepository: No description available. ,
}
,
Required: True ,
}
enum ,
name:
{
Description: Name of the content source. The repo name, solution name, LA workspace name etc. ,
Required: False ,
}
string ,
sourceId:
{
Description: ID of the content source. The solution ID, workspace ID, etc ,
Required: False ,
}
string ,
}
,
author:
{
Description: The creator of the content item. ,
Required: False ,
}
{
name:
{
Description: Name of the author. Company or person. ,
Required: False ,
}
string ,
email:
{
Description: Email of author contact ,
Required: False ,
}
string ,
link:
{
Description: Link for author/vendor page ,
Required: False ,
}
string ,
}
,
support:
{
Description: Support information for the metadata - type, name, contact information ,
Required: False ,
}
{
tier:
{
Description: Type of support for content item ,
Enum:
{
Microsoft: No description available. ,
Partner: No description available. ,
Community: No description available. ,
}
,
Required: True ,
}
enum ,
name:
{
Description: Name of the support contact. Company or person. ,
Required: False ,
}
string ,
email:
{
Description: Email of support contact ,
Required: False ,
}
string ,
link:
{
Description: Link for support help, like to support page to open a ticket etc. ,
Required: False ,
}
string ,
}
,
dependencies:
{
Description: Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats. ,
Required: False ,
}
{
contentId:
{
Description: Id of the content item we depend on ,
Required: False ,
}
string ,
kind:
{
Description: Type of the content item we depend on ,
Enum:
{
DataConnector: No description available. ,
DataType: No description available. ,
Workbook: No description available. ,
WorkbookTemplate: No description available. ,
Playbook: No description available. ,
PlaybookTemplate: No description available. ,
AnalyticsRuleTemplate: No description available. ,
AnalyticsRule: No description available. ,
HuntingQuery: No description available. ,
InvestigationQuery: No description available. ,
Parser: No description available. ,
Watchlist: No description available. ,
WatchlistTemplate: No description available. ,
Solution: No description available. ,
AzureFunction: No description available. ,
LogicAppsCustomConnector: No description available. ,
AutomationRule: No description available. ,
ResourcesDataConnector: No description available. ,
Notebook: No description available. ,
Standalone: No description available. ,
SummaryRule: No description available. ,
}
,
Required: False ,
}
enum ,
version:
{
Description: Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. ,
Required: False ,
}
string ,
name:
{
Description: Name of the content item ,
Required: False ,
}
string ,
operator:
{
Description: Operator used for list of dependencies in criteria array. ,
Enum:
{
AND: No description available. ,
OR: No description available. ,
}
,
Required: False ,
}
enum ,
criteria:
{
Description: This is the list of dependencies we must fulfill, according to the AND/OR operator ,
Required: False ,
}
[
string ,
]
,
}
,
categories:
{
Description: Categories for the solution content item ,
Required: False ,
}
{
domains:
{
Description: domain for the solution content item ,
Required: False ,
}
[
string ,
]
,
verticals:
{
Description: Industry verticals for the solution content item ,
Required: False ,
}
[
string ,
]
,
}
,
providers:
{
Description: Providers for the solution content item ,
Required: False ,
}
[
string ,
]
,
firstPublishDate:
{
Description: first publish date solution content item ,
Format: date ,
Required: False ,
}
string ,
lastPublishDate:
{
Description: last publish date for the solution content item ,
Format: date ,
Required: False ,
}
string ,
customVersion:
{
Description: The custom version of the content. A optional free text ,
Required: False ,
}
string ,
contentSchemaVersion:
{
Description: Schema version of the content. Can be used to distinguish between different flow based on the schema version ,
Required: False ,
}
string ,
icon:
{
Description: the icon identifier. this id can later be fetched from the solution template ,
Required: False ,
}
string ,
threatAnalysisTactics:
{
Description: the tactics the resource covers ,
Required: False ,
}
[
string ,
]
,
threatAnalysisTechniques:
{
Description: the techniques the resource covers, these have to be aligned with the tactics being used ,
Required: False ,
}
[
string ,
]
,
previewImages:
{
Description: preview image file names. These will be taken from the solution artifacts ,
Required: False ,
}
[
string ,
]
,
previewImagesDark:
{
Description: preview image file names. These will be taken from the solution artifacts. used for dark theme support ,
Required: False ,
}
[
string ,
]
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: Metadata properties ,
Required: False ,
}
{
contentId:
{
Description: Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name ,
Required: False ,
}
string ,
parentId:
{
Description: Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) ,
Required: True ,
}
string ,
version:
{
Description: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks ,
Required: False ,
}
string ,
kind:
{
Description: The kind of content the metadata is for. ,
Required: True ,
}
string ,
source:
{
Description: Source of the content. This is where/how it was created. ,
Required: False ,
}
{
kind:
{
Description: Source type of the content ,
Enum:
{
LocalWorkspace: No description available. ,
Community: No description available. ,
Solution: No description available. ,
SourceRepository: No description available. ,
}
,
Required: True ,
}
enum ,
name:
{
Description: Name of the content source. The repo name, solution name, LA workspace name etc. ,
Required: False ,
}
string ,
sourceId:
{
Description: ID of the content source. The solution ID, workspace ID, etc ,
Required: False ,
}
string ,
}
,
author:
{
Description: The creator of the content item. ,
Required: False ,
}
{
name:
{
Description: Name of the author. Company or person. ,
Required: False ,
}
string ,
email:
{
Description: Email of author contact ,
Required: False ,
}
string ,
link:
{
Description: Link for author/vendor page ,
Required: False ,
}
string ,
}
,
support:
{
Description: Support information for the metadata - type, name, contact information ,
Required: False ,
}
{
tier:
{
Description: Type of support for content item ,
Enum:
{
Microsoft: No description available. ,
Partner: No description available. ,
Community: No description available. ,
}
,
Required: True ,
}
enum ,
name:
{
Description: Name of the support contact. Company or person. ,
Required: False ,
}
string ,
email:
{
Description: Email of support contact ,
Required: False ,
}
string ,
link:
{
Description: Link for support help, like to support page to open a ticket etc. ,
Required: False ,
}
string ,
}
,
dependencies:
{
Description: Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats. ,
Required: False ,
}
{
contentId:
{
Description: Id of the content item we depend on ,
Required: False ,
}
string ,
kind:
{
Description: Type of the content item we depend on ,
Enum:
{
DataConnector: No description available. ,
DataType: No description available. ,
Workbook: No description available. ,
WorkbookTemplate: No description available. ,
Playbook: No description available. ,
PlaybookTemplate: No description available. ,
AnalyticsRuleTemplate: No description available. ,
AnalyticsRule: No description available. ,
HuntingQuery: No description available. ,
InvestigationQuery: No description available. ,
Parser: No description available. ,
Watchlist: No description available. ,
WatchlistTemplate: No description available. ,
Solution: No description available. ,
AzureFunction: No description available. ,
LogicAppsCustomConnector: No description available. ,
AutomationRule: No description available. ,
ResourcesDataConnector: No description available. ,
Notebook: No description available. ,
Standalone: No description available. ,
SummaryRule: No description available. ,
}
,
Required: False ,
}
enum ,
version:
{
Description: Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. ,
Required: False ,
}
string ,
name:
{
Description: Name of the content item ,
Required: False ,
}
string ,
operator:
{
Description: Operator used for list of dependencies in criteria array. ,
Enum:
{
AND: No description available. ,
OR: No description available. ,
}
,
Required: False ,
}
enum ,
criteria:
{
Description: This is the list of dependencies we must fulfill, according to the AND/OR operator ,
Required: False ,
}
[
string ,
]
,
}
,
categories:
{
Description: Categories for the solution content item ,
Required: False ,
}
{
domains:
{
Description: domain for the solution content item ,
Required: False ,
}
[
string ,
]
,
verticals:
{
Description: Industry verticals for the solution content item ,
Required: False ,
}
[
string ,
]
,
}
,
providers:
{
Description: Providers for the solution content item ,
Required: False ,
}
[
string ,
]
,
firstPublishDate:
{
Description: first publish date solution content item ,
Format: date ,
Required: False ,
}
string ,
lastPublishDate:
{
Description: last publish date for the solution content item ,
Format: date ,
Required: False ,
}
string ,
customVersion:
{
Description: The custom version of the content. A optional free text ,
Required: False ,
}
string ,
contentSchemaVersion:
{
Description: Schema version of the content. Can be used to distinguish between different flow based on the schema version ,
Required: False ,
}
string ,
icon:
{
Description: the icon identifier. this id can later be fetched from the solution template ,
Required: False ,
}
string ,
threatAnalysisTactics:
{
Description: the tactics the resource covers ,
Required: False ,
}
[
string ,
]
,
threatAnalysisTechniques:
{
Description: the techniques the resource covers, these have to be aligned with the tactics being used ,
Required: False ,
}
[
string ,
]
,
previewImages:
{
Description: preview image file names. These will be taken from the solution artifacts ,
Required: False ,
}
[
string ,
]
,
previewImagesDark:
{
Description: preview image file names. These will be taken from the solution artifacts. used for dark theme support ,
Required: False ,
}
[
string ,
]
,
}
,
}

⚐ Response (201)

{
properties:
{
Description: Metadata properties ,
Required: False ,
}
{
contentId:
{
Description: Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name ,
Required: False ,
}
string ,
parentId:
{
Description: Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) ,
Required: True ,
}
string ,
version:
{
Description: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks ,
Required: False ,
}
string ,
kind:
{
Description: The kind of content the metadata is for. ,
Required: True ,
}
string ,
source:
{
Description: Source of the content. This is where/how it was created. ,
Required: False ,
}
{
kind:
{
Description: Source type of the content ,
Enum:
{
LocalWorkspace: No description available. ,
Community: No description available. ,
Solution: No description available. ,
SourceRepository: No description available. ,
}
,
Required: True ,
}
enum ,
name:
{
Description: Name of the content source. The repo name, solution name, LA workspace name etc. ,
Required: False ,
}
string ,
sourceId:
{
Description: ID of the content source. The solution ID, workspace ID, etc ,
Required: False ,
}
string ,
}
,
author:
{
Description: The creator of the content item. ,
Required: False ,
}
{
name:
{
Description: Name of the author. Company or person. ,
Required: False ,
}
string ,
email:
{
Description: Email of author contact ,
Required: False ,
}
string ,
link:
{
Description: Link for author/vendor page ,
Required: False ,
}
string ,
}
,
support:
{
Description: Support information for the metadata - type, name, contact information ,
Required: False ,
}
{
tier:
{
Description: Type of support for content item ,
Enum:
{
Microsoft: No description available. ,
Partner: No description available. ,
Community: No description available. ,
}
,
Required: True ,
}
enum ,
name:
{
Description: Name of the support contact. Company or person. ,
Required: False ,
}
string ,
email:
{
Description: Email of support contact ,
Required: False ,
}
string ,
link:
{
Description: Link for support help, like to support page to open a ticket etc. ,
Required: False ,
}
string ,
}
,
dependencies:
{
Description: Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats. ,
Required: False ,
}
{
contentId:
{
Description: Id of the content item we depend on ,
Required: False ,
}
string ,
kind:
{
Description: Type of the content item we depend on ,
Enum:
{
DataConnector: No description available. ,
DataType: No description available. ,
Workbook: No description available. ,
WorkbookTemplate: No description available. ,
Playbook: No description available. ,
PlaybookTemplate: No description available. ,
AnalyticsRuleTemplate: No description available. ,
AnalyticsRule: No description available. ,
HuntingQuery: No description available. ,
InvestigationQuery: No description available. ,
Parser: No description available. ,
Watchlist: No description available. ,
WatchlistTemplate: No description available. ,
Solution: No description available. ,
AzureFunction: No description available. ,
LogicAppsCustomConnector: No description available. ,
AutomationRule: No description available. ,
ResourcesDataConnector: No description available. ,
Notebook: No description available. ,
Standalone: No description available. ,
SummaryRule: No description available. ,
}
,
Required: False ,
}
enum ,
version:
{
Description: Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. ,
Required: False ,
}
string ,
name:
{
Description: Name of the content item ,
Required: False ,
}
string ,
operator:
{
Description: Operator used for list of dependencies in criteria array. ,
Enum:
{
AND: No description available. ,
OR: No description available. ,
}
,
Required: False ,
}
enum ,
criteria:
{
Description: This is the list of dependencies we must fulfill, according to the AND/OR operator ,
Required: False ,
}
[
string ,
]
,
}
,
categories:
{
Description: Categories for the solution content item ,
Required: False ,
}
{
domains:
{
Description: domain for the solution content item ,
Required: False ,
}
[
string ,
]
,
verticals:
{
Description: Industry verticals for the solution content item ,
Required: False ,
}
[
string ,
]
,
}
,
providers:
{
Description: Providers for the solution content item ,
Required: False ,
}
[
string ,
]
,
firstPublishDate:
{
Description: first publish date solution content item ,
Format: date ,
Required: False ,
}
string ,
lastPublishDate:
{
Description: last publish date for the solution content item ,
Format: date ,
Required: False ,
}
string ,
customVersion:
{
Description: The custom version of the content. A optional free text ,
Required: False ,
}
string ,
contentSchemaVersion:
{
Description: Schema version of the content. Can be used to distinguish between different flow based on the schema version ,
Required: False ,
}
string ,
icon:
{
Description: the icon identifier. this id can later be fetched from the solution template ,
Required: False ,
}
string ,
threatAnalysisTactics:
{
Description: the tactics the resource covers ,
Required: False ,
}
[
string ,
]
,
threatAnalysisTechniques:
{
Description: the techniques the resource covers, these have to be aligned with the tactics being used ,
Required: False ,
}
[
string ,
]
,
previewImages:
{
Description: preview image file names. These will be taken from the solution artifacts ,
Required: False ,
}
[
string ,
]
,
previewImagesDark:
{
Description: preview image file names. These will be taken from the solution artifacts. used for dark theme support ,
Required: False ,
}
[
string ,
]
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Metadata_Update (new)
Description Update an existing Metadata.
Reference Link ¶

⚼ Request

PATCH:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
metadataName:
{
Description: The Metadata name. ,
Required: True ,
}
string ,
metadataPatch:
{
Description: Partial metadata request. ,
Required: True ,
}
{
properties:
{
Description: Metadata patch request body ,
Required: False ,
}
{
contentId:
{
Description: Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name ,
Required: False ,
}
string ,
parentId:
{
Description: Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) ,
Required: False ,
}
string ,
version:
{
Description: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks ,
Required: False ,
}
string ,
kind:
{
Description: The kind of content the metadata is for. ,
Required: False ,
}
string ,
source:
{
Description: Source of the content. This is where/how it was created. ,
Required: False ,
}
{
kind:
{
Description: Source type of the content ,
Enum:
{
LocalWorkspace: No description available. ,
Community: No description available. ,
Solution: No description available. ,
SourceRepository: No description available. ,
}
,
Required: True ,
}
enum ,
name:
{
Description: Name of the content source. The repo name, solution name, LA workspace name etc. ,
Required: False ,
}
string ,
sourceId:
{
Description: ID of the content source. The solution ID, workspace ID, etc ,
Required: False ,
}
string ,
}
,
author:
{
Description: The creator of the content item. ,
Required: False ,
}
{
name:
{
Description: Name of the author. Company or person. ,
Required: False ,
}
string ,
email:
{
Description: Email of author contact ,
Required: False ,
}
string ,
link:
{
Description: Link for author/vendor page ,
Required: False ,
}
string ,
}
,
support:
{
Description: Support information for the metadata - type, name, contact information ,
Required: False ,
}
{
tier:
{
Description: Type of support for content item ,
Enum:
{
Microsoft: No description available. ,
Partner: No description available. ,
Community: No description available. ,
}
,
Required: True ,
}
enum ,
name:
{
Description: Name of the support contact. Company or person. ,
Required: False ,
}
string ,
email:
{
Description: Email of support contact ,
Required: False ,
}
string ,
link:
{
Description: Link for support help, like to support page to open a ticket etc. ,
Required: False ,
}
string ,
}
,
dependencies:
{
Description: Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats. ,
Required: False ,
}
{
contentId:
{
Description: Id of the content item we depend on ,
Required: False ,
}
string ,
kind:
{
Description: Type of the content item we depend on ,
Enum:
{
DataConnector: No description available. ,
DataType: No description available. ,
Workbook: No description available. ,
WorkbookTemplate: No description available. ,
Playbook: No description available. ,
PlaybookTemplate: No description available. ,
AnalyticsRuleTemplate: No description available. ,
AnalyticsRule: No description available. ,
HuntingQuery: No description available. ,
InvestigationQuery: No description available. ,
Parser: No description available. ,
Watchlist: No description available. ,
WatchlistTemplate: No description available. ,
Solution: No description available. ,
AzureFunction: No description available. ,
LogicAppsCustomConnector: No description available. ,
AutomationRule: No description available. ,
ResourcesDataConnector: No description available. ,
Notebook: No description available. ,
Standalone: No description available. ,
SummaryRule: No description available. ,
}
,
Required: False ,
}
enum ,
version:
{
Description: Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. ,
Required: False ,
}
string ,
name:
{
Description: Name of the content item ,
Required: False ,
}
string ,
operator:
{
Description: Operator used for list of dependencies in criteria array. ,
Enum:
{
AND: No description available. ,
OR: No description available. ,
}
,
Required: False ,
}
enum ,
criteria:
{
Description: This is the list of dependencies we must fulfill, according to the AND/OR operator ,
Required: False ,
}
[
string ,
]
,
}
,
categories:
{
Description: Categories for the solution content item ,
Required: False ,
}
{
domains:
{
Description: domain for the solution content item ,
Required: False ,
}
[
string ,
]
,
verticals:
{
Description: Industry verticals for the solution content item ,
Required: False ,
}
[
string ,
]
,
}
,
providers:
{
Description: Providers for the solution content item ,
Required: False ,
}
[
string ,
]
,
firstPublishDate:
{
Description: first publish date solution content item ,
Format: date ,
Required: False ,
}
string ,
lastPublishDate:
{
Description: last publish date for the solution content item ,
Format: date ,
Required: False ,
}
string ,
customVersion:
{
Description: The custom version of the content. A optional free text ,
Required: False ,
}
string ,
contentSchemaVersion:
{
Description: Schema version of the content. Can be used to distinguish between different flow based on the schema version ,
Required: False ,
}
string ,
icon:
{
Description: the icon identifier. this id can later be fetched from the solution template ,
Required: False ,
}
string ,
threatAnalysisTactics:
{
Description: the tactics the resource covers ,
Required: False ,
}
[
string ,
]
,
threatAnalysisTechniques:
{
Description: the techniques the resource covers, these have to be aligned with the tactics being used ,
Required: False ,
}
[
string ,
]
,
previewImages:
{
Description: preview image file names. These will be taken from the solution artifacts ,
Required: False ,
}
[
string ,
]
,
previewImagesDark:
{
Description: preview image file names. These will be taken from the solution artifacts. used for dark theme support ,
Required: False ,
}
[
string ,
]
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: Metadata properties ,
Required: False ,
}
{
contentId:
{
Description: Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name ,
Required: False ,
}
string ,
parentId:
{
Description: Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) ,
Required: True ,
}
string ,
version:
{
Description: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks ,
Required: False ,
}
string ,
kind:
{
Description: The kind of content the metadata is for. ,
Required: True ,
}
string ,
source:
{
Description: Source of the content. This is where/how it was created. ,
Required: False ,
}
{
kind:
{
Description: Source type of the content ,
Enum:
{
LocalWorkspace: No description available. ,
Community: No description available. ,
Solution: No description available. ,
SourceRepository: No description available. ,
}
,
Required: True ,
}
enum ,
name:
{
Description: Name of the content source. The repo name, solution name, LA workspace name etc. ,
Required: False ,
}
string ,
sourceId:
{
Description: ID of the content source. The solution ID, workspace ID, etc ,
Required: False ,
}
string ,
}
,
author:
{
Description: The creator of the content item. ,
Required: False ,
}
{
name:
{
Description: Name of the author. Company or person. ,
Required: False ,
}
string ,
email:
{
Description: Email of author contact ,
Required: False ,
}
string ,
link:
{
Description: Link for author/vendor page ,
Required: False ,
}
string ,
}
,
support:
{
Description: Support information for the metadata - type, name, contact information ,
Required: False ,
}
{
tier:
{
Description: Type of support for content item ,
Enum:
{
Microsoft: No description available. ,
Partner: No description available. ,
Community: No description available. ,
}
,
Required: True ,
}
enum ,
name:
{
Description: Name of the support contact. Company or person. ,
Required: False ,
}
string ,
email:
{
Description: Email of support contact ,
Required: False ,
}
string ,
link:
{
Description: Link for support help, like to support page to open a ticket etc. ,
Required: False ,
}
string ,
}
,
dependencies:
{
Description: Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats. ,
Required: False ,
}
{
contentId:
{
Description: Id of the content item we depend on ,
Required: False ,
}
string ,
kind:
{
Description: Type of the content item we depend on ,
Enum:
{
DataConnector: No description available. ,
DataType: No description available. ,
Workbook: No description available. ,
WorkbookTemplate: No description available. ,
Playbook: No description available. ,
PlaybookTemplate: No description available. ,
AnalyticsRuleTemplate: No description available. ,
AnalyticsRule: No description available. ,
HuntingQuery: No description available. ,
InvestigationQuery: No description available. ,
Parser: No description available. ,
Watchlist: No description available. ,
WatchlistTemplate: No description available. ,
Solution: No description available. ,
AzureFunction: No description available. ,
LogicAppsCustomConnector: No description available. ,
AutomationRule: No description available. ,
ResourcesDataConnector: No description available. ,
Notebook: No description available. ,
Standalone: No description available. ,
SummaryRule: No description available. ,
}
,
Required: False ,
}
enum ,
version:
{
Description: Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. ,
Required: False ,
}
string ,
name:
{
Description: Name of the content item ,
Required: False ,
}
string ,
operator:
{
Description: Operator used for list of dependencies in criteria array. ,
Enum:
{
AND: No description available. ,
OR: No description available. ,
}
,
Required: False ,
}
enum ,
criteria:
{
Description: This is the list of dependencies we must fulfill, according to the AND/OR operator ,
Required: False ,
}
[
string ,
]
,
}
,
categories:
{
Description: Categories for the solution content item ,
Required: False ,
}
{
domains:
{
Description: domain for the solution content item ,
Required: False ,
}
[
string ,
]
,
verticals:
{
Description: Industry verticals for the solution content item ,
Required: False ,
}
[
string ,
]
,
}
,
providers:
{
Description: Providers for the solution content item ,
Required: False ,
}
[
string ,
]
,
firstPublishDate:
{
Description: first publish date solution content item ,
Format: date ,
Required: False ,
}
string ,
lastPublishDate:
{
Description: last publish date for the solution content item ,
Format: date ,
Required: False ,
}
string ,
customVersion:
{
Description: The custom version of the content. A optional free text ,
Required: False ,
}
string ,
contentSchemaVersion:
{
Description: Schema version of the content. Can be used to distinguish between different flow based on the schema version ,
Required: False ,
}
string ,
icon:
{
Description: the icon identifier. this id can later be fetched from the solution template ,
Required: False ,
}
string ,
threatAnalysisTactics:
{
Description: the tactics the resource covers ,
Required: False ,
}
[
string ,
]
,
threatAnalysisTechniques:
{
Description: the techniques the resource covers, these have to be aligned with the tactics being used ,
Required: False ,
}
[
string ,
]
,
previewImages:
{
Description: preview image file names. These will be taken from the solution artifacts ,
Required: False ,
}
[
string ,
]
,
previewImagesDark:
{
Description: preview image file names. These will be taken from the solution artifacts. used for dark theme support ,
Required: False ,
}
[
string ,
]
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
OfficeConsents_List (new)
Description Gets all office365 consents.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of office consents. ,
Required: False ,
}
string ,
value:
{
Description: Array of the consents. ,
Required: True ,
}
[
{
properties:
{
Description: Office consent properties ,
Required: False ,
}
{
tenantId:
{
Description: The tenantId of the Office365 with the consent. ,
Required: False ,
}
string ,
consentId:
{
Description: Help to easily cascade among the data layers. ,
Required: False ,
}
string ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
OfficeConsents_Get (new)
Description Gets an office365 consent.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
consentId:
{
Description: consent ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: Office consent properties ,
Required: False ,
}
{
tenantId:
{
Description: The tenantId of the Office365 with the consent. ,
Required: False ,
}
string ,
consentId:
{
Description: Help to easily cascade among the data layers. ,
Required: False ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
OfficeConsents_Delete (new)
Description Delete the office365 consent.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
consentId:
{
Description: consent ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
SentinelOnboardingStates_Get (new)
Description Get Sentinel onboarding state
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
sentinelOnboardingStateName:
{
Description: The Sentinel onboarding state name. Supports - default ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: The Sentinel onboarding state object ,
Required: False ,
}
{
customerManagedKey:
{
Description: Flag that indicates the status of the CMK setting ,
Required: False ,
}
boolean ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
SentinelOnboardingStates_Create (new)
Description Create Sentinel onboarding state
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
sentinelOnboardingStateName:
{
Description: The Sentinel onboarding state name. Supports - default ,
Required: True ,
}
string ,
sentinelOnboardingStateParameter:
{
Description: The Sentinel onboarding state parameter ,
Required: False ,
}
{
properties:
{
Description: The Sentinel onboarding state object ,
Required: False ,
}
{
customerManagedKey:
{
Description: Flag that indicates the status of the CMK setting ,
Required: False ,
}
boolean ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: The Sentinel onboarding state object ,
Required: False ,
}
{
customerManagedKey:
{
Description: Flag that indicates the status of the CMK setting ,
Required: False ,
}
boolean ,
}
,
}

⚐ Response (201)

{
properties:
{
Description: The Sentinel onboarding state object ,
Required: False ,
}
{
customerManagedKey:
{
Description: Flag that indicates the status of the CMK setting ,
Required: False ,
}
boolean ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
SentinelOnboardingStates_Delete (new)
Description Delete Sentinel onboarding state
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
sentinelOnboardingStateName:
{
Description: The Sentinel onboarding state name. Supports - default ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
SentinelOnboardingStates_List (new)
Description Gets all Sentinel onboarding states
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
value:
{
Description: Array of Sentinel onboarding states ,
Required: True ,
}
[
{
properties:
{
Description: The Sentinel onboarding state object ,
Required: False ,
}
{
customerManagedKey:
{
Description: Flag that indicates the status of the CMK setting ,
Required: False ,
}
boolean ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
GetRecommendations_List (new)
Description Gets a list of all recommendations.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
value:
{
Description: An list of recommendations ,
Required: True ,
}
[
{
properties:
{
Description: Recommendation properties object. ,
Required: False ,
}
{
recommendationTypeId:
{
Description: Id of the recommendation type. ,
Required: True ,
}
string ,
state:
{
Description: State of the recommendation. ,
Enum:
{
Active: Recommendation is active. ,
InProgress: Recommendation is in progress. ,
Dismissed: Recommendation has been dismissed. ,
CompletedByUser: Recommendation has been completed by user. ,
CompletedBySystem: Recommendation has been completed by the system. ,
}
,
Required: True ,
}
enum ,
title:
{
Description: Title of the recommendation. ,
Required: True ,
}
string ,
description:
{
Description: Description of the recommendation. ,
Required: True ,
}
string ,
creationTimeUtc:
{
Description: The time stamp (UTC) when the recommendation was created. ,
Format: date-time ,
Required: True ,
}
string ,
lastEvaluatedTimeUtc:
{
Description: The time stamp (UTC) when the recommendation was last evaluated. ,
Format: date-time ,
Required: True ,
}
string ,
lastModifiedTimeUtc:
{
Description: The time stamp (UTC) when the recommendation was last modified. ,
Format: date-time ,
Required: True ,
}
string ,
suggestions:
{
Description: List of suggestions to take for this recommendation. ,
Required: True ,
}
[
{
suggestionTypeId:
{
Description: Id of the suggestion type. ,
Required: True ,
}
string ,
title:
{
Description: Title of the suggestion. ,
Required: True ,
}
string ,
description:
{
Description: Description of the suggestion. ,
Required: True ,
}
string ,
action:
{
Description: Action of the suggestion. ,
Required: True ,
}
string ,
additionalProperties:
{
Description: Collection of additional properties for the suggestion. ,
Required: False ,
}
object ,
}
,
]
,
resourceId:
{
Description: Id of the resource this recommendation refers to. ,
Required: False ,
}
string ,
additionalProperties:
{
Description: Collection of additional properties for the recommendation. ,
Required: False ,
}
object ,
}
,
}
,
]
,
nextLink:
{
Description: Link to next page of resources. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Get_SingleRecommendation (new)
Description Gets a recommendation by its id.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations/{recommendationId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
recommendationId:
{
Description: Recommendation Id. ,
Format: uuid ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: Recommendation properties object. ,
Required: False ,
}
{
recommendationTypeId:
{
Description: Id of the recommendation type. ,
Required: True ,
}
string ,
state:
{
Description: State of the recommendation. ,
Enum:
{
Active: Recommendation is active. ,
InProgress: Recommendation is in progress. ,
Dismissed: Recommendation has been dismissed. ,
CompletedByUser: Recommendation has been completed by user. ,
CompletedBySystem: Recommendation has been completed by the system. ,
}
,
Required: True ,
}
enum ,
title:
{
Description: Title of the recommendation. ,
Required: True ,
}
string ,
description:
{
Description: Description of the recommendation. ,
Required: True ,
}
string ,
creationTimeUtc:
{
Description: The time stamp (UTC) when the recommendation was created. ,
Format: date-time ,
Required: True ,
}
string ,
lastEvaluatedTimeUtc:
{
Description: The time stamp (UTC) when the recommendation was last evaluated. ,
Format: date-time ,
Required: True ,
}
string ,
lastModifiedTimeUtc:
{
Description: The time stamp (UTC) when the recommendation was last modified. ,
Format: date-time ,
Required: True ,
}
string ,
suggestions:
{
Description: List of suggestions to take for this recommendation. ,
Required: True ,
}
[
{
suggestionTypeId:
{
Description: Id of the suggestion type. ,
Required: True ,
}
string ,
title:
{
Description: Title of the suggestion. ,
Required: True ,
}
string ,
description:
{
Description: Description of the suggestion. ,
Required: True ,
}
string ,
action:
{
Description: Action of the suggestion. ,
Required: True ,
}
string ,
additionalProperties:
{
Description: Collection of additional properties for the suggestion. ,
Required: False ,
}
object ,
}
,
]
,
resourceId:
{
Description: Id of the resource this recommendation refers to. ,
Required: False ,
}
string ,
additionalProperties:
{
Description: Collection of additional properties for the recommendation. ,
Required: False ,
}
object ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Update_Recommendation (new)
Description Patch a recommendation.
Reference Link ¶

⚼ Request

PATCH:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations/{recommendationId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
recommendationId:
{
Description: Recommendation Id. ,
Format: uuid ,
Required: True ,
}
string ,
recommendationPatch:
{
Description: Recommendation Fields to Update. ,
Required: True ,
}
{
properties:
{
Description: Recommendation Fields Properties to update. ,
Required: False ,
}
{
state:
{
Description: State of the recommendation. ,
Enum:
{
Active: Recommendation is active. ,
InProgress: Recommendation is in progress. ,
Dismissed: Recommendation has been dismissed. ,
CompletedByUser: Recommendation has been completed by user. ,
CompletedBySystem: Recommendation has been completed by the system. ,
}
,
Required: False ,
}
enum ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: Recommendation properties object. ,
Required: False ,
}
{
recommendationTypeId:
{
Description: Id of the recommendation type. ,
Required: True ,
}
string ,
state:
{
Description: State of the recommendation. ,
Enum:
{
Active: Recommendation is active. ,
InProgress: Recommendation is in progress. ,
Dismissed: Recommendation has been dismissed. ,
CompletedByUser: Recommendation has been completed by user. ,
CompletedBySystem: Recommendation has been completed by the system. ,
}
,
Required: True ,
}
enum ,
title:
{
Description: Title of the recommendation. ,
Required: True ,
}
string ,
description:
{
Description: Description of the recommendation. ,
Required: True ,
}
string ,
creationTimeUtc:
{
Description: The time stamp (UTC) when the recommendation was created. ,
Format: date-time ,
Required: True ,
}
string ,
lastEvaluatedTimeUtc:
{
Description: The time stamp (UTC) when the recommendation was last evaluated. ,
Format: date-time ,
Required: True ,
}
string ,
lastModifiedTimeUtc:
{
Description: The time stamp (UTC) when the recommendation was last modified. ,
Format: date-time ,
Required: True ,
}
string ,
suggestions:
{
Description: List of suggestions to take for this recommendation. ,
Required: True ,
}
[
{
suggestionTypeId:
{
Description: Id of the suggestion type. ,
Required: True ,
}
string ,
title:
{
Description: Title of the suggestion. ,
Required: True ,
}
string ,
description:
{
Description: Description of the suggestion. ,
Required: True ,
}
string ,
action:
{
Description: Action of the suggestion. ,
Required: True ,
}
string ,
additionalProperties:
{
Description: Collection of additional properties for the suggestion. ,
Required: False ,
}
object ,
}
,
]
,
resourceId:
{
Description: Id of the resource this recommendation refers to. ,
Required: False ,
}
string ,
additionalProperties:
{
Description: Collection of additional properties for the recommendation. ,
Required: False ,
}
object ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Reevaluate_Recommendation (new)
Description Reevaluate a recommendation.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations/{recommendationId}/triggerEvaluation
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
recommendationId:
{
Description: Recommendation Id. ,
Format: uuid ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
lastEvaluatedTimeUtc:
{
Description: The time stamp (UTC) when the recommendation was last evaluated. ,
Format: date-time ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
SecurityMLAnalyticsSettings_List (new)
Description Gets all Security ML Analytics Settings.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of SecurityMLAnalyticsSettings. ,
Required: False ,
}
string ,
value:
{
Description: Array of SecurityMLAnalyticsSettings ,
Required: True ,
}
[
{
kind:
{
Description: The kind of security ML Analytics Settings ,
Enum:
{
Anomaly: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
SecurityMLAnalyticsSettings_Get (new)
Description Gets the Security ML Analytics Settings.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
settingsResourceName:
{
Description: Security ML Analytics Settings resource name ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
kind:
{
Description: The kind of security ML Analytics Settings ,
Enum:
{
Anomaly: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
SecurityMLAnalyticsSettings_CreateOrUpdate (new)
Description Creates or updates the Security ML Analytics Settings.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
settingsResourceName:
{
Description: Security ML Analytics Settings resource name ,
Required: True ,
}
string ,
securityMLAnalyticsSetting:
{
Description: The security ML Analytics setting ,
Required: True ,
}
{
kind:
{
Description: The kind of security ML Analytics Settings ,
Enum:
{
Anomaly: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
}

⚐ Response (200)

{
kind:
{
Description: The kind of security ML Analytics Settings ,
Enum:
{
Anomaly: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (201)

{
kind:
{
Description: The kind of security ML Analytics Settings ,
Enum:
{
Anomaly: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
SecurityMLAnalyticsSettings_Delete (new)
Description Delete the Security ML Analytics Settings.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
settingsResourceName:
{
Description: Security ML Analytics Settings resource name ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ProductSettings_List (new)
Description List of all the settings
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
value:
{
Description: Array of settings. ,
Required: True ,
}
[
{
kind:
{
Description: The kind of the setting ,
Enum:
{
Anomalies: No description available. ,
EyesOn: No description available. ,
EntityAnalytics: No description available. ,
Ueba: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
nextLink:
{
Description: URL to fetch the next set of settings. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ProductSettings_Get (new)
Description Gets a setting.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
settingsName:
{
Description: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
kind:
{
Description: The kind of the setting ,
Enum:
{
Anomalies: No description available. ,
EyesOn: No description available. ,
EntityAnalytics: No description available. ,
Ueba: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ProductSettings_Delete (new)
Description Delete setting of the product.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
settingsName:
{
Description: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ProductSettings_Update (new)
Description Updates setting.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
settingsName:
{
Description: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba ,
Required: True ,
}
string ,
settings:
{
Description: The setting ,
Required: True ,
}
{
kind:
{
Description: The kind of the setting ,
Enum:
{
Anomalies: No description available. ,
EyesOn: No description available. ,
EntityAnalytics: No description available. ,
Ueba: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
}

⚐ Response (200)

{
kind:
{
Description: The kind of the setting ,
Enum:
{
Anomalies: No description available. ,
EyesOn: No description available. ,
EntityAnalytics: No description available. ,
Ueba: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (201)

{
kind:
{
Description: The kind of the setting ,
Enum:
{
Anomalies: No description available. ,
EyesOn: No description available. ,
EntityAnalytics: No description available. ,
Ueba: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
SourceControl_listRepositories (new)
Description Gets a list of repositories metadata.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
repositoryAccess:
{
Description: The repository access credentials. ,
Required: True ,
}
{
properties:
{
Description: RepositoryAccess properties ,
Required: False ,
}
{
repositoryAccess:
{
Description: RepositoryAccess properties ,
Required: True ,
}
{
kind:
{
Description: The kind of repository access credentials ,
Enum:
{
OAuth: No description available. ,
PAT: No description available. ,
App: No description available. ,
}
,
Required: True ,
}
enum ,
code:
{
Description: OAuth Code. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
state:
{
Description: OAuth State. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
clientId:
{
Description: OAuth ClientId. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
token:
{
Description: Personal Access Token. Required when `kind` is `PAT` ,
Required: False ,
}
string ,
installationId:
{
Description: Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only. ,
Required: False ,
}
string ,
}
,
}
,
}
,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of repositories. ,
Required: False ,
}
string ,
value:
{
Description: Array of repositories. ,
Required: True ,
}
[
{
url:
{
Description: The url to access the repository. ,
Required: False ,
}
string ,
fullName:
{
Description: The name of the repository. ,
Required: False ,
}
string ,
installationId:
{
Description: The installation id of the repository. ,
Format: int64 ,
Required: False ,
}
integer ,
branches:
{
Description: Array of branches. ,
Required: False ,
}
[
string ,
]
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
SourceControls_List (new)
Description Gets all source controls, without source control items.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of source controls. ,
Required: False ,
}
string ,
value:
{
Description: Array of source controls. ,
Required: True ,
}
[
{
properties:
{
Description: source control properties ,
Required: True ,
}
{
id:
{
Description: The id (a Guid) of the source control ,
Required: False ,
}
string ,
version:
{
Description: The version number associated with the source control ,
Enum:
{
V1: No description available. ,
V2: No description available. ,
}
,
Required: False ,
}
enum ,
displayName:
{
Description: The display name of the source control ,
Required: True ,
}
string ,
description:
{
Description: A description of the source control ,
Required: False ,
}
string ,
repoType:
{
Description: The repository type of the source control ,
Enum:
{
Github: No description available. ,
AzureDevOps: No description available. ,
}
,
Required: True ,
}
enum ,
contentTypes:
{
Description: Array of source control content types. ,
Required: True ,
}
[
string ,
]
,
repository:
{
Description: Repository metadata. ,
Required: True ,
}
{
url:
{
Description: Url of repository. ,
Required: True ,
}
string ,
branch:
{
Description: Branch name of repository. ,
Required: True ,
}
string ,
displayUrl:
{
Description: Display url of repository. ,
Required: False ,
}
string ,
deploymentLogsUrl:
{
Description: Url to access repository action logs. ,
Required: False ,
}
string ,
}
,
servicePrincipal:
{
Description: Service principal metadata. ,
Required: False ,
}
{
id:
{
Description: Id of service principal. ,
Required: False ,
}
string ,
tenantId:
{
Description: Tenant id of service principal. ,
Required: False ,
}
string ,
appId:
{
Description: App id of service principal. ,
Required: False ,
}
string ,
credentialsExpireOn:
{
Description: Expiration time of service principal credentials. ,
Format: date-time ,
Required: False ,
}
string ,
}
,
repositoryAccess:
{
Description: Repository access credentials. This is write-only object and it never returns back to a user. ,
Required: False ,
}
{
kind:
{
Description: The kind of repository access credentials ,
Enum:
{
OAuth: No description available. ,
PAT: No description available. ,
App: No description available. ,
}
,
Required: True ,
}
enum ,
code:
{
Description: OAuth Code. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
state:
{
Description: OAuth State. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
clientId:
{
Description: OAuth ClientId. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
token:
{
Description: Personal Access Token. Required when `kind` is `PAT` ,
Required: False ,
}
string ,
installationId:
{
Description: Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only. ,
Required: False ,
}
string ,
}
,
repositoryResourceInfo:
{
Description: Information regarding the resources created in user's repository. ,
Required: False ,
}
{
webhook:
{
Description: The webhook object created for the source-control. ,
Required: False ,
}
{
webhookId:
{
Description: Unique identifier for the webhook. ,
Required: False ,
}
string ,
webhookUrl:
{
Description: URL that gets invoked by the webhook. ,
Required: False ,
}
string ,
webhookSecretUpdateTime:
{
Description: Time when the webhook secret was updated. ,
Format: date-time ,
Required: False ,
}
string ,
rotateWebhookSecret:
{
Description: A flag to instruct the backend service to rotate webhook secret. ,
Required: False ,
}
boolean ,
}
,
gitHubResourceInfo:
{
Description: Resources created in GitHub for this source-control. ,
Required: False ,
}
{
appInstallationId:
{
Description: GitHub application installation id. ,
Required: False ,
}
string ,
}
,
azureDevOpsResourceInfo:
{
Description: Resources created in Azure DevOps for this source-control. ,
Required: False ,
}
{
pipelineId:
{
Description: Id of the pipeline created for the source-control. ,
Required: False ,
}
string ,
serviceConnectionId:
{
Description: Id of the service-connection created for the source-control. ,
Required: False ,
}
string ,
}
,
}
,
lastDeploymentInfo:
{
Description: Information regarding the latest deployment for the source control. ,
Required: False ,
}
{
deploymentFetchStatus:
{
Description: Status while fetching the last deployment. ,
Enum:
{
Success: No description available. ,
Unauthorized: No description available. ,
NotFound: No description available. ,
}
,
Required: False ,
}
enum ,
deployment:
{
Description: Deployment information. ,
Required: False ,
}
{
deploymentId:
{
Description: Deployment identifier. ,
Required: False ,
}
string ,
deploymentState:
{
Description: Current status of the deployment. ,
Enum:
{
In_Progress: No description available. ,
Completed: No description available. ,
Queued: No description available. ,
Canceling: No description available. ,
}
,
Required: False ,
}
enum ,
deploymentResult:
{
Description: The outcome of the deployment. ,
Enum:
{
Success: No description available. ,
Canceled: No description available. ,
Failed: No description available. ,
}
,
Required: False ,
}
enum ,
deploymentTime:
{
Description: The time when the deployment finished. ,
Format: date-time ,
Required: False ,
}
string ,
deploymentLogsUrl:
{
Description: Url to access repository action logs. ,
Required: False ,
}
string ,
}
,
message:
{
Description: Additional details about the deployment that can be shown to the user. ,
Required: False ,
}
string ,
}
,
pullRequest:
{
Description: Information regarding the pull request of the source control. ,
Required: False ,
}
{
url:
{
Description: URL of pull request ,
Required: False ,
}
string ,
state:
{
Description: State of the pull request ,
Required: False ,
}
object ,
}
,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
SourceControls_Get (new)
Description Gets a source control byt its identifier.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
sourceControlId:
{
Description: Source control Id ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: source control properties ,
Required: True ,
}
{
id:
{
Description: The id (a Guid) of the source control ,
Required: False ,
}
string ,
version:
{
Description: The version number associated with the source control ,
Enum:
{
V1: No description available. ,
V2: No description available. ,
}
,
Required: False ,
}
enum ,
displayName:
{
Description: The display name of the source control ,
Required: True ,
}
string ,
description:
{
Description: A description of the source control ,
Required: False ,
}
string ,
repoType:
{
Description: The repository type of the source control ,
Enum:
{
Github: No description available. ,
AzureDevOps: No description available. ,
}
,
Required: True ,
}
enum ,
contentTypes:
{
Description: Array of source control content types. ,
Required: True ,
}
[
string ,
]
,
repository:
{
Description: Repository metadata. ,
Required: True ,
}
{
url:
{
Description: Url of repository. ,
Required: True ,
}
string ,
branch:
{
Description: Branch name of repository. ,
Required: True ,
}
string ,
displayUrl:
{
Description: Display url of repository. ,
Required: False ,
}
string ,
deploymentLogsUrl:
{
Description: Url to access repository action logs. ,
Required: False ,
}
string ,
}
,
servicePrincipal:
{
Description: Service principal metadata. ,
Required: False ,
}
{
id:
{
Description: Id of service principal. ,
Required: False ,
}
string ,
tenantId:
{
Description: Tenant id of service principal. ,
Required: False ,
}
string ,
appId:
{
Description: App id of service principal. ,
Required: False ,
}
string ,
credentialsExpireOn:
{
Description: Expiration time of service principal credentials. ,
Format: date-time ,
Required: False ,
}
string ,
}
,
repositoryAccess:
{
Description: Repository access credentials. This is write-only object and it never returns back to a user. ,
Required: False ,
}
{
kind:
{
Description: The kind of repository access credentials ,
Enum:
{
OAuth: No description available. ,
PAT: No description available. ,
App: No description available. ,
}
,
Required: True ,
}
enum ,
code:
{
Description: OAuth Code. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
state:
{
Description: OAuth State. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
clientId:
{
Description: OAuth ClientId. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
token:
{
Description: Personal Access Token. Required when `kind` is `PAT` ,
Required: False ,
}
string ,
installationId:
{
Description: Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only. ,
Required: False ,
}
string ,
}
,
repositoryResourceInfo:
{
Description: Information regarding the resources created in user's repository. ,
Required: False ,
}
{
webhook:
{
Description: The webhook object created for the source-control. ,
Required: False ,
}
{
webhookId:
{
Description: Unique identifier for the webhook. ,
Required: False ,
}
string ,
webhookUrl:
{
Description: URL that gets invoked by the webhook. ,
Required: False ,
}
string ,
webhookSecretUpdateTime:
{
Description: Time when the webhook secret was updated. ,
Format: date-time ,
Required: False ,
}
string ,
rotateWebhookSecret:
{
Description: A flag to instruct the backend service to rotate webhook secret. ,
Required: False ,
}
boolean ,
}
,
gitHubResourceInfo:
{
Description: Resources created in GitHub for this source-control. ,
Required: False ,
}
{
appInstallationId:
{
Description: GitHub application installation id. ,
Required: False ,
}
string ,
}
,
azureDevOpsResourceInfo:
{
Description: Resources created in Azure DevOps for this source-control. ,
Required: False ,
}
{
pipelineId:
{
Description: Id of the pipeline created for the source-control. ,
Required: False ,
}
string ,
serviceConnectionId:
{
Description: Id of the service-connection created for the source-control. ,
Required: False ,
}
string ,
}
,
}
,
lastDeploymentInfo:
{
Description: Information regarding the latest deployment for the source control. ,
Required: False ,
}
{
deploymentFetchStatus:
{
Description: Status while fetching the last deployment. ,
Enum:
{
Success: No description available. ,
Unauthorized: No description available. ,
NotFound: No description available. ,
}
,
Required: False ,
}
enum ,
deployment:
{
Description: Deployment information. ,
Required: False ,
}
{
deploymentId:
{
Description: Deployment identifier. ,
Required: False ,
}
string ,
deploymentState:
{
Description: Current status of the deployment. ,
Enum:
{
In_Progress: No description available. ,
Completed: No description available. ,
Queued: No description available. ,
Canceling: No description available. ,
}
,
Required: False ,
}
enum ,
deploymentResult:
{
Description: The outcome of the deployment. ,
Enum:
{
Success: No description available. ,
Canceled: No description available. ,
Failed: No description available. ,
}
,
Required: False ,
}
enum ,
deploymentTime:
{
Description: The time when the deployment finished. ,
Format: date-time ,
Required: False ,
}
string ,
deploymentLogsUrl:
{
Description: Url to access repository action logs. ,
Required: False ,
}
string ,
}
,
message:
{
Description: Additional details about the deployment that can be shown to the user. ,
Required: False ,
}
string ,
}
,
pullRequest:
{
Description: Information regarding the pull request of the source control. ,
Required: False ,
}
{
url:
{
Description: URL of pull request ,
Required: False ,
}
string ,
state:
{
Description: State of the pull request ,
Required: False ,
}
object ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
SourceControls_Create (new)
Description Creates a source control.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
sourceControlId:
{
Description: Source control Id ,
Required: True ,
}
string ,
sourceControl:
{
Description: The SourceControl ,
Required: True ,
}
{
properties:
{
Description: source control properties ,
Required: True ,
}
{
id:
{
Description: The id (a Guid) of the source control ,
Required: False ,
}
string ,
version:
{
Description: The version number associated with the source control ,
Enum:
{
V1: No description available. ,
V2: No description available. ,
}
,
Required: False ,
}
enum ,
displayName:
{
Description: The display name of the source control ,
Required: True ,
}
string ,
description:
{
Description: A description of the source control ,
Required: False ,
}
string ,
repoType:
{
Description: The repository type of the source control ,
Enum:
{
Github: No description available. ,
AzureDevOps: No description available. ,
}
,
Required: True ,
}
enum ,
contentTypes:
{
Description: Array of source control content types. ,
Required: True ,
}
[
string ,
]
,
repository:
{
Description: Repository metadata. ,
Required: True ,
}
{
url:
{
Description: Url of repository. ,
Required: True ,
}
string ,
branch:
{
Description: Branch name of repository. ,
Required: True ,
}
string ,
displayUrl:
{
Description: Display url of repository. ,
Required: False ,
}
string ,
deploymentLogsUrl:
{
Description: Url to access repository action logs. ,
Required: False ,
}
string ,
}
,
servicePrincipal:
{
Description: Service principal metadata. ,
Required: False ,
}
{
id:
{
Description: Id of service principal. ,
Required: False ,
}
string ,
tenantId:
{
Description: Tenant id of service principal. ,
Required: False ,
}
string ,
appId:
{
Description: App id of service principal. ,
Required: False ,
}
string ,
credentialsExpireOn:
{
Description: Expiration time of service principal credentials. ,
Format: date-time ,
Required: False ,
}
string ,
}
,
repositoryAccess:
{
Description: Repository access credentials. This is write-only object and it never returns back to a user. ,
Required: False ,
}
{
kind:
{
Description: The kind of repository access credentials ,
Enum:
{
OAuth: No description available. ,
PAT: No description available. ,
App: No description available. ,
}
,
Required: True ,
}
enum ,
code:
{
Description: OAuth Code. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
state:
{
Description: OAuth State. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
clientId:
{
Description: OAuth ClientId. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
token:
{
Description: Personal Access Token. Required when `kind` is `PAT` ,
Required: False ,
}
string ,
installationId:
{
Description: Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only. ,
Required: False ,
}
string ,
}
,
repositoryResourceInfo:
{
Description: Information regarding the resources created in user's repository. ,
Required: False ,
}
{
webhook:
{
Description: The webhook object created for the source-control. ,
Required: False ,
}
{
webhookId:
{
Description: Unique identifier for the webhook. ,
Required: False ,
}
string ,
webhookUrl:
{
Description: URL that gets invoked by the webhook. ,
Required: False ,
}
string ,
webhookSecretUpdateTime:
{
Description: Time when the webhook secret was updated. ,
Format: date-time ,
Required: False ,
}
string ,
rotateWebhookSecret:
{
Description: A flag to instruct the backend service to rotate webhook secret. ,
Required: False ,
}
boolean ,
}
,
gitHubResourceInfo:
{
Description: Resources created in GitHub for this source-control. ,
Required: False ,
}
{
appInstallationId:
{
Description: GitHub application installation id. ,
Required: False ,
}
string ,
}
,
azureDevOpsResourceInfo:
{
Description: Resources created in Azure DevOps for this source-control. ,
Required: False ,
}
{
pipelineId:
{
Description: Id of the pipeline created for the source-control. ,
Required: False ,
}
string ,
serviceConnectionId:
{
Description: Id of the service-connection created for the source-control. ,
Required: False ,
}
string ,
}
,
}
,
lastDeploymentInfo:
{
Description: Information regarding the latest deployment for the source control. ,
Required: False ,
}
{
deploymentFetchStatus:
{
Description: Status while fetching the last deployment. ,
Enum:
{
Success: No description available. ,
Unauthorized: No description available. ,
NotFound: No description available. ,
}
,
Required: False ,
}
enum ,
deployment:
{
Description: Deployment information. ,
Required: False ,
}
{
deploymentId:
{
Description: Deployment identifier. ,
Required: False ,
}
string ,
deploymentState:
{
Description: Current status of the deployment. ,
Enum:
{
In_Progress: No description available. ,
Completed: No description available. ,
Queued: No description available. ,
Canceling: No description available. ,
}
,
Required: False ,
}
enum ,
deploymentResult:
{
Description: The outcome of the deployment. ,
Enum:
{
Success: No description available. ,
Canceled: No description available. ,
Failed: No description available. ,
}
,
Required: False ,
}
enum ,
deploymentTime:
{
Description: The time when the deployment finished. ,
Format: date-time ,
Required: False ,
}
string ,
deploymentLogsUrl:
{
Description: Url to access repository action logs. ,
Required: False ,
}
string ,
}
,
message:
{
Description: Additional details about the deployment that can be shown to the user. ,
Required: False ,
}
string ,
}
,
pullRequest:
{
Description: Information regarding the pull request of the source control. ,
Required: False ,
}
{
url:
{
Description: URL of pull request ,
Required: False ,
}
string ,
state:
{
Description: State of the pull request ,
Required: False ,
}
object ,
}
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: source control properties ,
Required: True ,
}
{
id:
{
Description: The id (a Guid) of the source control ,
Required: False ,
}
string ,
version:
{
Description: The version number associated with the source control ,
Enum:
{
V1: No description available. ,
V2: No description available. ,
}
,
Required: False ,
}
enum ,
displayName:
{
Description: The display name of the source control ,
Required: True ,
}
string ,
description:
{
Description: A description of the source control ,
Required: False ,
}
string ,
repoType:
{
Description: The repository type of the source control ,
Enum:
{
Github: No description available. ,
AzureDevOps: No description available. ,
}
,
Required: True ,
}
enum ,
contentTypes:
{
Description: Array of source control content types. ,
Required: True ,
}
[
string ,
]
,
repository:
{
Description: Repository metadata. ,
Required: True ,
}
{
url:
{
Description: Url of repository. ,
Required: True ,
}
string ,
branch:
{
Description: Branch name of repository. ,
Required: True ,
}
string ,
displayUrl:
{
Description: Display url of repository. ,
Required: False ,
}
string ,
deploymentLogsUrl:
{
Description: Url to access repository action logs. ,
Required: False ,
}
string ,
}
,
servicePrincipal:
{
Description: Service principal metadata. ,
Required: False ,
}
{
id:
{
Description: Id of service principal. ,
Required: False ,
}
string ,
tenantId:
{
Description: Tenant id of service principal. ,
Required: False ,
}
string ,
appId:
{
Description: App id of service principal. ,
Required: False ,
}
string ,
credentialsExpireOn:
{
Description: Expiration time of service principal credentials. ,
Format: date-time ,
Required: False ,
}
string ,
}
,
repositoryAccess:
{
Description: Repository access credentials. This is write-only object and it never returns back to a user. ,
Required: False ,
}
{
kind:
{
Description: The kind of repository access credentials ,
Enum:
{
OAuth: No description available. ,
PAT: No description available. ,
App: No description available. ,
}
,
Required: True ,
}
enum ,
code:
{
Description: OAuth Code. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
state:
{
Description: OAuth State. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
clientId:
{
Description: OAuth ClientId. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
token:
{
Description: Personal Access Token. Required when `kind` is `PAT` ,
Required: False ,
}
string ,
installationId:
{
Description: Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only. ,
Required: False ,
}
string ,
}
,
repositoryResourceInfo:
{
Description: Information regarding the resources created in user's repository. ,
Required: False ,
}
{
webhook:
{
Description: The webhook object created for the source-control. ,
Required: False ,
}
{
webhookId:
{
Description: Unique identifier for the webhook. ,
Required: False ,
}
string ,
webhookUrl:
{
Description: URL that gets invoked by the webhook. ,
Required: False ,
}
string ,
webhookSecretUpdateTime:
{
Description: Time when the webhook secret was updated. ,
Format: date-time ,
Required: False ,
}
string ,
rotateWebhookSecret:
{
Description: A flag to instruct the backend service to rotate webhook secret. ,
Required: False ,
}
boolean ,
}
,
gitHubResourceInfo:
{
Description: Resources created in GitHub for this source-control. ,
Required: False ,
}
{
appInstallationId:
{
Description: GitHub application installation id. ,
Required: False ,
}
string ,
}
,
azureDevOpsResourceInfo:
{
Description: Resources created in Azure DevOps for this source-control. ,
Required: False ,
}
{
pipelineId:
{
Description: Id of the pipeline created for the source-control. ,
Required: False ,
}
string ,
serviceConnectionId:
{
Description: Id of the service-connection created for the source-control. ,
Required: False ,
}
string ,
}
,
}
,
lastDeploymentInfo:
{
Description: Information regarding the latest deployment for the source control. ,
Required: False ,
}
{
deploymentFetchStatus:
{
Description: Status while fetching the last deployment. ,
Enum:
{
Success: No description available. ,
Unauthorized: No description available. ,
NotFound: No description available. ,
}
,
Required: False ,
}
enum ,
deployment:
{
Description: Deployment information. ,
Required: False ,
}
{
deploymentId:
{
Description: Deployment identifier. ,
Required: False ,
}
string ,
deploymentState:
{
Description: Current status of the deployment. ,
Enum:
{
In_Progress: No description available. ,
Completed: No description available. ,
Queued: No description available. ,
Canceling: No description available. ,
}
,
Required: False ,
}
enum ,
deploymentResult:
{
Description: The outcome of the deployment. ,
Enum:
{
Success: No description available. ,
Canceled: No description available. ,
Failed: No description available. ,
}
,
Required: False ,
}
enum ,
deploymentTime:
{
Description: The time when the deployment finished. ,
Format: date-time ,
Required: False ,
}
string ,
deploymentLogsUrl:
{
Description: Url to access repository action logs. ,
Required: False ,
}
string ,
}
,
message:
{
Description: Additional details about the deployment that can be shown to the user. ,
Required: False ,
}
string ,
}
,
pullRequest:
{
Description: Information regarding the pull request of the source control. ,
Required: False ,
}
{
url:
{
Description: URL of pull request ,
Required: False ,
}
string ,
state:
{
Description: State of the pull request ,
Required: False ,
}
object ,
}
,
}
,
}

⚐ Response (201)

{
properties:
{
Description: source control properties ,
Required: True ,
}
{
id:
{
Description: The id (a Guid) of the source control ,
Required: False ,
}
string ,
version:
{
Description: The version number associated with the source control ,
Enum:
{
V1: No description available. ,
V2: No description available. ,
}
,
Required: False ,
}
enum ,
displayName:
{
Description: The display name of the source control ,
Required: True ,
}
string ,
description:
{
Description: A description of the source control ,
Required: False ,
}
string ,
repoType:
{
Description: The repository type of the source control ,
Enum:
{
Github: No description available. ,
AzureDevOps: No description available. ,
}
,
Required: True ,
}
enum ,
contentTypes:
{
Description: Array of source control content types. ,
Required: True ,
}
[
string ,
]
,
repository:
{
Description: Repository metadata. ,
Required: True ,
}
{
url:
{
Description: Url of repository. ,
Required: True ,
}
string ,
branch:
{
Description: Branch name of repository. ,
Required: True ,
}
string ,
displayUrl:
{
Description: Display url of repository. ,
Required: False ,
}
string ,
deploymentLogsUrl:
{
Description: Url to access repository action logs. ,
Required: False ,
}
string ,
}
,
servicePrincipal:
{
Description: Service principal metadata. ,
Required: False ,
}
{
id:
{
Description: Id of service principal. ,
Required: False ,
}
string ,
tenantId:
{
Description: Tenant id of service principal. ,
Required: False ,
}
string ,
appId:
{
Description: App id of service principal. ,
Required: False ,
}
string ,
credentialsExpireOn:
{
Description: Expiration time of service principal credentials. ,
Format: date-time ,
Required: False ,
}
string ,
}
,
repositoryAccess:
{
Description: Repository access credentials. This is write-only object and it never returns back to a user. ,
Required: False ,
}
{
kind:
{
Description: The kind of repository access credentials ,
Enum:
{
OAuth: No description available. ,
PAT: No description available. ,
App: No description available. ,
}
,
Required: True ,
}
enum ,
code:
{
Description: OAuth Code. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
state:
{
Description: OAuth State. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
clientId:
{
Description: OAuth ClientId. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
token:
{
Description: Personal Access Token. Required when `kind` is `PAT` ,
Required: False ,
}
string ,
installationId:
{
Description: Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only. ,
Required: False ,
}
string ,
}
,
repositoryResourceInfo:
{
Description: Information regarding the resources created in user's repository. ,
Required: False ,
}
{
webhook:
{
Description: The webhook object created for the source-control. ,
Required: False ,
}
{
webhookId:
{
Description: Unique identifier for the webhook. ,
Required: False ,
}
string ,
webhookUrl:
{
Description: URL that gets invoked by the webhook. ,
Required: False ,
}
string ,
webhookSecretUpdateTime:
{
Description: Time when the webhook secret was updated. ,
Format: date-time ,
Required: False ,
}
string ,
rotateWebhookSecret:
{
Description: A flag to instruct the backend service to rotate webhook secret. ,
Required: False ,
}
boolean ,
}
,
gitHubResourceInfo:
{
Description: Resources created in GitHub for this source-control. ,
Required: False ,
}
{
appInstallationId:
{
Description: GitHub application installation id. ,
Required: False ,
}
string ,
}
,
azureDevOpsResourceInfo:
{
Description: Resources created in Azure DevOps for this source-control. ,
Required: False ,
}
{
pipelineId:
{
Description: Id of the pipeline created for the source-control. ,
Required: False ,
}
string ,
serviceConnectionId:
{
Description: Id of the service-connection created for the source-control. ,
Required: False ,
}
string ,
}
,
}
,
lastDeploymentInfo:
{
Description: Information regarding the latest deployment for the source control. ,
Required: False ,
}
{
deploymentFetchStatus:
{
Description: Status while fetching the last deployment. ,
Enum:
{
Success: No description available. ,
Unauthorized: No description available. ,
NotFound: No description available. ,
}
,
Required: False ,
}
enum ,
deployment:
{
Description: Deployment information. ,
Required: False ,
}
{
deploymentId:
{
Description: Deployment identifier. ,
Required: False ,
}
string ,
deploymentState:
{
Description: Current status of the deployment. ,
Enum:
{
In_Progress: No description available. ,
Completed: No description available. ,
Queued: No description available. ,
Canceling: No description available. ,
}
,
Required: False ,
}
enum ,
deploymentResult:
{
Description: The outcome of the deployment. ,
Enum:
{
Success: No description available. ,
Canceled: No description available. ,
Failed: No description available. ,
}
,
Required: False ,
}
enum ,
deploymentTime:
{
Description: The time when the deployment finished. ,
Format: date-time ,
Required: False ,
}
string ,
deploymentLogsUrl:
{
Description: Url to access repository action logs. ,
Required: False ,
}
string ,
}
,
message:
{
Description: Additional details about the deployment that can be shown to the user. ,
Required: False ,
}
string ,
}
,
pullRequest:
{
Description: Information regarding the pull request of the source control. ,
Required: False ,
}
{
url:
{
Description: URL of pull request ,
Required: False ,
}
string ,
state:
{
Description: State of the pull request ,
Required: False ,
}
object ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
SourceControls_Delete (new)
Description Delete a source control.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}/delete
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
sourceControlId:
{
Description: Source control Id ,
Required: True ,
}
string ,
repositoryAccess:
{
Description: The repository access credentials. ,
Required: True ,
}
{
properties:
{
Description: RepositoryAccess properties ,
Required: False ,
}
{
repositoryAccess:
{
Description: RepositoryAccess properties ,
Required: True ,
}
{
kind:
{
Description: The kind of repository access credentials ,
Enum:
{
OAuth: No description available. ,
PAT: No description available. ,
App: No description available. ,
}
,
Required: True ,
}
enum ,
code:
{
Description: OAuth Code. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
state:
{
Description: OAuth State. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
clientId:
{
Description: OAuth ClientId. Required when `kind` is `OAuth` ,
Required: False ,
}
string ,
token:
{
Description: Personal Access Token. Required when `kind` is `PAT` ,
Required: False ,
}
string ,
installationId:
{
Description: Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only. ,
Required: False ,
}
string ,
}
,
}
,
}
,
}

⚐ Response (200)

{
warning:
{
Description: Warning data. ,
Required: False ,
}
{
code:
{
Description: An identifier for the warning. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
object ,
message:
{
Description: A message describing the warning, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
details:
{
Required: False ,
}
[
string ,
]
,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ThreatIntelligenceIndicator_CreateIndicator (new)
Description Create a new threat intelligence indicator.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
ThreatIntelligenceProperties:
{
Description: Properties of threat intelligence indicators to create and update. ,
Required: True ,
}
{
properties:
{
Description: Threat Intelligence Entity properties ,
Required: False ,
}
{
threatIntelligenceTags:
{
Description: List of tags ,
Required: False ,
}
[
string ,
]
,
lastUpdatedTimeUtc:
{
Description: Last updated time in UTC ,
Required: False ,
}
string ,
source:
{
Description: Source of a threat intelligence entity ,
Required: False ,
}
string ,
displayName:
{
Description: Display name of a threat intelligence entity ,
Required: False ,
}
string ,
description:
{
Description: Description of a threat intelligence entity ,
Required: False ,
}
string ,
indicatorTypes:
{
Description: Indicator types of threat intelligence entities ,
Required: False ,
}
[
string ,
]
,
pattern:
{
Description: Pattern of a threat intelligence entity ,
Required: False ,
}
string ,
patternType:
{
Description: Pattern type of a threat intelligence entity ,
Required: False ,
}
string ,
patternVersion:
{
Description: Pattern version of a threat intelligence entity ,
Required: False ,
}
string ,
killChainPhases:
{
Description: Kill chain phases ,
Required: False ,
}
[
{
killChainName:
{
Description: Kill chainName name ,
Required: False ,
}
string ,
phaseName:
{
Description: Phase name ,
Required: False ,
}
string ,
}
,
]
,
parsedPattern:
{
Description: Parsed patterns ,
Required: False ,
}
[
{
patternTypeKey:
{
Description: Pattern type key ,
Required: False ,
}
string ,
patternTypeValues:
{
Description: Pattern type keys ,
Required: False ,
}
[
{
valueType:
{
Description: Type of the value ,
Required: False ,
}
string ,
value:
{
Description: Value of parsed pattern ,
Required: False ,
}
string ,
}
,
]
,
}
,
]
,
externalId:
{
Description: External ID of threat intelligence entity ,
Required: False ,
}
string ,
createdByRef:
{
Description: Created by reference of threat intelligence entity ,
Required: False ,
}
string ,
defanged:
{
Description: Is threat intelligence entity defanged ,
Required: False ,
}
boolean ,
externalLastUpdatedTimeUtc:
{
Description: External last updated time in UTC ,
Required: False ,
}
string ,
externalReferences:
{
Description: External References ,
Required: False ,
}
[
{
description:
{
Description: External reference description ,
Required: False ,
}
string ,
externalId:
{
Description: External reference ID ,
Required: False ,
}
string ,
sourceName:
{
Description: External reference source name ,
Required: False ,
}
string ,
url:
{
Description: External reference URL ,
Required: False ,
}
string ,
hashes:
{
Description: External reference hashes ,
Required: False ,
}
object ,
}
,
]
,
granularMarkings:
{
Description: Granular Markings ,
Required: False ,
}
[
{
language:
{
Description: Language granular marking model ,
Required: False ,
}
string ,
markingRef:
{
Description: marking reference granular marking model ,
Format: int32 ,
Required: False ,
}
integer ,
selectors:
{
Description: granular marking model selectors ,
Required: False ,
}
[
string ,
]
,
}
,
]
,
labels:
{
Description: Labels of threat intelligence entity ,
Required: False ,
}
[
string ,
]
,
revoked:
{
Description: Is threat intelligence entity revoked ,
Required: False ,
}
boolean ,
confidence:
{
Description: Confidence of threat intelligence entity ,
Format: int32 ,
Required: False ,
}
integer ,
objectMarkingRefs:
{
Description: Threat intelligence entity object marking references ,
Required: False ,
}
[
string ,
]
,
language:
{
Description: Language of threat intelligence entity ,
Required: False ,
}
string ,
threatTypes:
{
Description: Threat types ,
Required: False ,
}
[
string ,
]
,
validFrom:
{
Description: Valid from ,
Required: False ,
}
string ,
validUntil:
{
Description: Valid until ,
Required: False ,
}
string ,
created:
{
Description: Created by ,
Required: False ,
}
string ,
modified:
{
Description: Modified by ,
Required: False ,
}
string ,
extensions:
{
Description: Extensions map ,
Required: False ,
}
object ,
}
,
}
,
}

⚐ Response (200)

{
kind:
{
Description: The kind of the entity. ,
Enum:
{
indicator: Entity represents threat intelligence indicator in the system. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (201)

{
kind:
{
Description: The kind of the entity. ,
Enum:
{
indicator: Entity represents threat intelligence indicator in the system. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ThreatIntelligenceIndicators_List (new)
Description Get all threat intelligence indicators.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
$filter:
{
Description: Filters the results, based on a Boolean condition. Optional. ,
Required: False ,
}
string ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of information objects. ,
Required: False ,
}
string ,
value:
{
Description: Array of threat intelligence information objects. ,
Required: True ,
}
[
{
kind:
{
Description: The kind of the entity. ,
Enum:
{
indicator: Entity represents threat intelligence indicator in the system. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ThreatIntelligenceIndicator_Get (new)
Description View a threat intelligence indicator by name.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
name:
{
Description: Threat intelligence indicator name field. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
kind:
{
Description: The kind of the entity. ,
Enum:
{
indicator: Entity represents threat intelligence indicator in the system. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ThreatIntelligenceIndicator_Create (new)
Description Update a threat Intelligence indicator.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
name:
{
Description: Threat intelligence indicator name field. ,
Required: True ,
}
string ,
ThreatIntelligenceProperties:
{
Description: Properties of threat intelligence indicators to create and update. ,
Required: True ,
}
{
properties:
{
Description: Threat Intelligence Entity properties ,
Required: False ,
}
{
threatIntelligenceTags:
{
Description: List of tags ,
Required: False ,
}
[
string ,
]
,
lastUpdatedTimeUtc:
{
Description: Last updated time in UTC ,
Required: False ,
}
string ,
source:
{
Description: Source of a threat intelligence entity ,
Required: False ,
}
string ,
displayName:
{
Description: Display name of a threat intelligence entity ,
Required: False ,
}
string ,
description:
{
Description: Description of a threat intelligence entity ,
Required: False ,
}
string ,
indicatorTypes:
{
Description: Indicator types of threat intelligence entities ,
Required: False ,
}
[
string ,
]
,
pattern:
{
Description: Pattern of a threat intelligence entity ,
Required: False ,
}
string ,
patternType:
{
Description: Pattern type of a threat intelligence entity ,
Required: False ,
}
string ,
patternVersion:
{
Description: Pattern version of a threat intelligence entity ,
Required: False ,
}
string ,
killChainPhases:
{
Description: Kill chain phases ,
Required: False ,
}
[
{
killChainName:
{
Description: Kill chainName name ,
Required: False ,
}
string ,
phaseName:
{
Description: Phase name ,
Required: False ,
}
string ,
}
,
]
,
parsedPattern:
{
Description: Parsed patterns ,
Required: False ,
}
[
{
patternTypeKey:
{
Description: Pattern type key ,
Required: False ,
}
string ,
patternTypeValues:
{
Description: Pattern type keys ,
Required: False ,
}
[
{
valueType:
{
Description: Type of the value ,
Required: False ,
}
string ,
value:
{
Description: Value of parsed pattern ,
Required: False ,
}
string ,
}
,
]
,
}
,
]
,
externalId:
{
Description: External ID of threat intelligence entity ,
Required: False ,
}
string ,
createdByRef:
{
Description: Created by reference of threat intelligence entity ,
Required: False ,
}
string ,
defanged:
{
Description: Is threat intelligence entity defanged ,
Required: False ,
}
boolean ,
externalLastUpdatedTimeUtc:
{
Description: External last updated time in UTC ,
Required: False ,
}
string ,
externalReferences:
{
Description: External References ,
Required: False ,
}
[
{
description:
{
Description: External reference description ,
Required: False ,
}
string ,
externalId:
{
Description: External reference ID ,
Required: False ,
}
string ,
sourceName:
{
Description: External reference source name ,
Required: False ,
}
string ,
url:
{
Description: External reference URL ,
Required: False ,
}
string ,
hashes:
{
Description: External reference hashes ,
Required: False ,
}
object ,
}
,
]
,
granularMarkings:
{
Description: Granular Markings ,
Required: False ,
}
[
{
language:
{
Description: Language granular marking model ,
Required: False ,
}
string ,
markingRef:
{
Description: marking reference granular marking model ,
Format: int32 ,
Required: False ,
}
integer ,
selectors:
{
Description: granular marking model selectors ,
Required: False ,
}
[
string ,
]
,
}
,
]
,
labels:
{
Description: Labels of threat intelligence entity ,
Required: False ,
}
[
string ,
]
,
revoked:
{
Description: Is threat intelligence entity revoked ,
Required: False ,
}
boolean ,
confidence:
{
Description: Confidence of threat intelligence entity ,
Format: int32 ,
Required: False ,
}
integer ,
objectMarkingRefs:
{
Description: Threat intelligence entity object marking references ,
Required: False ,
}
[
string ,
]
,
language:
{
Description: Language of threat intelligence entity ,
Required: False ,
}
string ,
threatTypes:
{
Description: Threat types ,
Required: False ,
}
[
string ,
]
,
validFrom:
{
Description: Valid from ,
Required: False ,
}
string ,
validUntil:
{
Description: Valid until ,
Required: False ,
}
string ,
created:
{
Description: Created by ,
Required: False ,
}
string ,
modified:
{
Description: Modified by ,
Required: False ,
}
string ,
extensions:
{
Description: Extensions map ,
Required: False ,
}
object ,
}
,
}
,
}

⚐ Response (200)

{
kind:
{
Description: The kind of the entity. ,
Enum:
{
indicator: Entity represents threat intelligence indicator in the system. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (201)

{
kind:
{
Description: The kind of the entity. ,
Enum:
{
indicator: Entity represents threat intelligence indicator in the system. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ThreatIntelligenceIndicator_Delete (new)
Description Delete a threat intelligence indicator.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
name:
{
Description: Threat intelligence indicator name field. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ThreatIntelligenceIndicator_QueryIndicators (new)
Description Query threat intelligence indicators as per filtering criteria.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
ThreatIntelligenceFilteringCriteria:
{
Description: Filtering criteria for querying threat intelligence indicators. ,
Required: True ,
}
{
pageSize:
{
Description: Page size ,
Format: int32 ,
Required: False ,
}
integer ,
minConfidence:
{
Description: Minimum confidence. ,
Format: int32 ,
Required: False ,
}
integer ,
maxConfidence:
{
Description: Maximum confidence. ,
Format: int32 ,
Required: False ,
}
integer ,
minValidUntil:
{
Description: Start time for ValidUntil filter. ,
Required: False ,
}
string ,
maxValidUntil:
{
Description: End time for ValidUntil filter. ,
Required: False ,
}
string ,
includeDisabled:
{
Description: Parameter to include/exclude disabled indicators. ,
Required: False ,
}
boolean ,
sortBy:
{
Description: Columns to sort by and sorting order ,
Required: False ,
}
[
{
itemKey:
{
Description: Column name ,
Required: False ,
}
string ,
sortOrder:
{
Description: Sorting order (ascending/descending/unsorted). ,
Enum:
{
unsorted: No description available. ,
ascending: No description available. ,
descending: No description available. ,
}
,
Required: False ,
}
enum ,
}
,
]
,
sources:
{
Description: Sources of threat intelligence indicators ,
Required: False ,
}
[
string ,
]
,
patternTypes:
{
Description: Pattern types ,
Required: False ,
}
[
string ,
]
,
threatTypes:
{
Description: Threat types of threat intelligence indicators ,
Required: False ,
}
[
string ,
]
,
ids:
{
Description: Ids of threat intelligence indicators ,
Required: False ,
}
[
string ,
]
,
keywords:
{
Description: Keywords for searching threat intelligence indicators ,
Required: False ,
}
[
string ,
]
,
skipToken:
{
Description: Skip token. ,
Required: False ,
}
string ,
}
,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of information objects. ,
Required: False ,
}
string ,
value:
{
Description: Array of threat intelligence information objects. ,
Required: True ,
}
[
{
kind:
{
Description: The kind of the entity. ,
Enum:
{
indicator: Entity represents threat intelligence indicator in the system. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ThreatIntelligenceIndicatorMetrics_List (new)
Description Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source).
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
value:
{
Description: Array of threat intelligence metric fields (type/threat type/source). ,
Required: True ,
}
[
{
properties:
{
Description: Threat intelligence metrics. ,
Required: False ,
}
{
lastUpdatedTimeUtc:
{
Description: Last updated indicator metric ,
Required: False ,
}
string ,
threatTypeMetrics:
{
Description: Threat type metrics ,
Required: False ,
}
[
{
metricName:
{
Description: Metric name ,
Required: False ,
}
string ,
metricValue:
{
Description: Metric value ,
Format: int32 ,
Required: False ,
}
integer ,
}
,
]
,
patternTypeMetrics:
{
Description: Pattern type metrics ,
Required: False ,
}
[
{
metricName:
{
Description: Metric name ,
Required: False ,
}
string ,
metricValue:
{
Description: Metric value ,
Format: int32 ,
Required: False ,
}
integer ,
}
,
]
,
sourceMetrics:
{
Description: Source metrics ,
Required: False ,
}
[
{
metricName:
{
Description: Metric name ,
Required: False ,
}
string ,
metricValue:
{
Description: Metric value ,
Format: int32 ,
Required: False ,
}
integer ,
}
,
]
,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ThreatIntelligenceIndicator_AppendTags (new)
Description Append tags to a threat intelligence indicator.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
name:
{
Description: Threat intelligence indicator name field. ,
Required: True ,
}
string ,
ThreatIntelligenceAppendTags:
{
Description: The threat intelligence append tags request body ,
Required: True ,
}
{
threatIntelligenceTags:
{
Description: List of tags to be appended. ,
Required: False ,
}
[
string ,
]
,
}
,
}

⚐ Response (200)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ThreatIntelligenceIndicator_ReplaceTags (new)
Description Replace tags added to a threat intelligence indicator.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
name:
{
Description: Threat intelligence indicator name field. ,
Required: True ,
}
string ,
ThreatIntelligenceReplaceTags:
{
Description: Tags in the threat intelligence indicator to be replaced. ,
Required: True ,
}
{
properties:
{
Description: Threat Intelligence Entity properties ,
Required: False ,
}
{
threatIntelligenceTags:
{
Description: List of tags ,
Required: False ,
}
[
string ,
]
,
lastUpdatedTimeUtc:
{
Description: Last updated time in UTC ,
Required: False ,
}
string ,
source:
{
Description: Source of a threat intelligence entity ,
Required: False ,
}
string ,
displayName:
{
Description: Display name of a threat intelligence entity ,
Required: False ,
}
string ,
description:
{
Description: Description of a threat intelligence entity ,
Required: False ,
}
string ,
indicatorTypes:
{
Description: Indicator types of threat intelligence entities ,
Required: False ,
}
[
string ,
]
,
pattern:
{
Description: Pattern of a threat intelligence entity ,
Required: False ,
}
string ,
patternType:
{
Description: Pattern type of a threat intelligence entity ,
Required: False ,
}
string ,
patternVersion:
{
Description: Pattern version of a threat intelligence entity ,
Required: False ,
}
string ,
killChainPhases:
{
Description: Kill chain phases ,
Required: False ,
}
[
{
killChainName:
{
Description: Kill chainName name ,
Required: False ,
}
string ,
phaseName:
{
Description: Phase name ,
Required: False ,
}
string ,
}
,
]
,
parsedPattern:
{
Description: Parsed patterns ,
Required: False ,
}
[
{
patternTypeKey:
{
Description: Pattern type key ,
Required: False ,
}
string ,
patternTypeValues:
{
Description: Pattern type keys ,
Required: False ,
}
[
{
valueType:
{
Description: Type of the value ,
Required: False ,
}
string ,
value:
{
Description: Value of parsed pattern ,
Required: False ,
}
string ,
}
,
]
,
}
,
]
,
externalId:
{
Description: External ID of threat intelligence entity ,
Required: False ,
}
string ,
createdByRef:
{
Description: Created by reference of threat intelligence entity ,
Required: False ,
}
string ,
defanged:
{
Description: Is threat intelligence entity defanged ,
Required: False ,
}
boolean ,
externalLastUpdatedTimeUtc:
{
Description: External last updated time in UTC ,
Required: False ,
}
string ,
externalReferences:
{
Description: External References ,
Required: False ,
}
[
{
description:
{
Description: External reference description ,
Required: False ,
}
string ,
externalId:
{
Description: External reference ID ,
Required: False ,
}
string ,
sourceName:
{
Description: External reference source name ,
Required: False ,
}
string ,
url:
{
Description: External reference URL ,
Required: False ,
}
string ,
hashes:
{
Description: External reference hashes ,
Required: False ,
}
object ,
}
,
]
,
granularMarkings:
{
Description: Granular Markings ,
Required: False ,
}
[
{
language:
{
Description: Language granular marking model ,
Required: False ,
}
string ,
markingRef:
{
Description: marking reference granular marking model ,
Format: int32 ,
Required: False ,
}
integer ,
selectors:
{
Description: granular marking model selectors ,
Required: False ,
}
[
string ,
]
,
}
,
]
,
labels:
{
Description: Labels of threat intelligence entity ,
Required: False ,
}
[
string ,
]
,
revoked:
{
Description: Is threat intelligence entity revoked ,
Required: False ,
}
boolean ,
confidence:
{
Description: Confidence of threat intelligence entity ,
Format: int32 ,
Required: False ,
}
integer ,
objectMarkingRefs:
{
Description: Threat intelligence entity object marking references ,
Required: False ,
}
[
string ,
]
,
language:
{
Description: Language of threat intelligence entity ,
Required: False ,
}
string ,
threatTypes:
{
Description: Threat types ,
Required: False ,
}
[
string ,
]
,
validFrom:
{
Description: Valid from ,
Required: False ,
}
string ,
validUntil:
{
Description: Valid until ,
Required: False ,
}
string ,
created:
{
Description: Created by ,
Required: False ,
}
string ,
modified:
{
Description: Modified by ,
Required: False ,
}
string ,
extensions:
{
Description: Extensions map ,
Required: False ,
}
object ,
}
,
}
,
}

⚐ Response (200)

{
kind:
{
Description: The kind of the entity. ,
Enum:
{
indicator: Entity represents threat intelligence indicator in the system. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ThreatIntelligence_Count (new)
Description Gets the count of all TI objects for the workspace.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/{tiType}/count
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
tiType:
{
Description: TI type ,
Required: True ,
}
string ,
query:
{
Description: The query to run on the TI objects in the workspace. ,
Required: False ,
}
{
properties:
{
Description: Query properties ,
Required: False ,
}
{
condition:
{
Description: Represents a condition used to query for TI objects. ,
Required: False ,
}
string ,
}
,
}
,
}

⚐ Response (200)

{
count:
{
Description: Count of all the threat intelligence objects on the workspace that match the provided query. ,
Format: int32 ,
Required: True ,
}
integer ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
ThreatIntelligence_Query (new)
Description Gets all TI objects for the workspace.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/{tiType}/query
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
tiType:
{
Description: TI type ,
Required: True ,
}
string ,
query:
{
Description: The query to run on the TI objects in the workspace. ,
Required: False ,
}
{
condition:
{
Description: Represents a condition used to query for TI objects. ,
Required: False ,
}
{
stixObjectType:
{
Description: The STIX type for the objects returned by this query. ,
Required: False ,
}
string ,
clauses:
{
Description: The list of clauses to be evaluated in disjunction or conjunction base on the specified top level connective operator. ,
Required: True ,
}
[
{
clauseConnective:
{
Description: The connective used to join all values in this ConditionClause ,
Enum:
{
And: 'And' connective ,
Or: 'Or' connective ,
}
,
Required: False ,
}
enum ,
field:
{
Description: The name of the field that is evaluated. ,
Required: True ,
}
string ,
operator:
{
Description: Represents an operator in a ConditionClause. ,
Enum:
{
Equals: No description available. ,
NotEquals: No description available. ,
LessThan: No description available. ,
LessThanEqual: No description available. ,
GreaterThan: No description available. ,
GreaterThanEqual: No description available. ,
StringContains: No description available. ,
StringNotContains: No description available. ,
StringStartsWith: No description available. ,
StringNotStartsWith: No description available. ,
StringEndsWith: No description available. ,
StringNotEndsWith: No description available. ,
StringIsEmpty: No description available. ,
IsNull: No description available. ,
IsTrue: No description available. ,
IsFalse: No description available. ,
ArrayContains: No description available. ,
ArrayNotContains: No description available. ,
OnOrAfterRelative: No description available. ,
AfterRelative: No description available. ,
OnOrBeforeRelative: No description available. ,
BeforeRelative: No description available. ,
OnOrAfterAbsolute: No description available. ,
AfterAbsolute: No description available. ,
OnOrBeforeAbsolute: No description available. ,
BeforeAbsolute: No description available. ,
}
,
Required: True ,
}
enum ,
values:
{
Description: The top level connective operator for this condition. ,
Required: True ,
}
[
string ,
]
,
}
,
]
,
conditionConnective:
{
Description: The top level connective operator for this condition. ,
Enum:
{
And: 'And' connective ,
Or: 'Or' connective ,
}
,
Required: False ,
}
enum ,
}
,
sortBy:
{
Description: Specifies how to sort the query results. ,
Required: False ,
}
{
direction:
{
Description: The direction to sort the results by. ,
Enum:
{
ASC: Indicates that the query should be sorted from lowest-to-highest value. ,
DESC: Indicates that the query should be sorted from lowest-to-highest value. ,
}
,
Required: False ,
}
enum ,
field:
{
Description: Represents the field to sort the results by. ,
Required: False ,
}
string ,
}
,
maxPageSize:
{
Description: Represents the maximum size of the page that will be returned from the query API. ,
Format: int32 ,
Required: False ,
}
integer ,
minPageSize:
{
Description: Represents the minimum size of the page that will be returned from the query API. ,
Format: int32 ,
Required: False ,
}
integer ,
}
,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of threat intelligence objects. ,
Required: False ,
}
string ,
value:
{
Description: Array of threat intelligence objects on the workspace that match the provided query. ,
Required: True ,
}
[
{
properties:
{
Description: The properties of the TI object ,
Required: False ,
}
{
data:
{
Description: The core STIX object that this TI object represents. ,
Required: False ,
}
object ,
createdBy:
{
Description: The UserInfo of the user/entity which originally created this TI object. ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
source:
{
Description: The source name for this TI object. ,
Required: False ,
}
string ,
firstIngestedTimeUtc:
{
Description: The timestamp for the first time this object was ingested. ,
Format: date-time ,
Required: False ,
}
string ,
lastIngestedTimeUtc:
{
Description: The timestamp for the last time this object was ingested. ,
Format: date-time ,
Required: False ,
}
string ,
ingestionRulesVersion:
{
Description: The ID of the rules version that was active when this TI object was last ingested. ,
Format: uuid ,
Required: False ,
}
string ,
lastUpdateMethod:
{
Description: The name of the method/application that initiated the last write to this TI object. ,
Required: False ,
}
string ,
lastModifiedBy:
{
Description: The UserInfo of the user/entity which last modified this TI object. ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
lastUpdatedDateTimeUtc:
{
Description: The timestamp for the last time this TI object was updated. ,
Format: date-time ,
Required: False ,
}
string ,
relationshipHints:
{
Description: A dictionary used to help follow relationships from this object to other STIX objects. The keys are field names from the STIX object (in the 'data' field), and the values are lists of sources that can be prepended to the object ID in order to efficiently locate the target TI object. ,
Required: False ,
}
[
{
fieldName:
{
Required: False ,
}
string ,
source:
{
Required: False ,
}
string ,
}
,
]
,
}
,
kind:
{
Description: The kind of the TI object ,
Enum:
{
AttackPattern: A TI object that represents an attack pattern. ,
Identity: A TI object that represents an identity. ,
Indicator: A TI object that represents an indicator. ,
Relationship: A TI object that represents a relationship between two TI objects. ,
ThreatActor: A TI object that represents a threat actor. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
triggeredAnalyticsRuleRun_Get (new)
Description Gets the triggered analytics rule run.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/{ruleRunId}
{
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
ruleRunId:
{
Description: the triggered rule id ,
Required: True ,
}
string ,
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: The triggered analytics rule run Properties ,
Required: True ,
}
{
executionTimeUtc:
{
Format: date-time ,
Required: True ,
}
string ,
ruleId:
{
Required: True ,
}
string ,
triggeredAnalyticsRuleRunId:
{
Required: True ,
}
string ,
provisioningState:
{
Description: The triggered analytics rule run provisioning state ,
Enum:
{
Accepted: No description available. ,
InProgress: No description available. ,
Succeeded: No description available. ,
Failed: No description available. ,
Canceled: No description available. ,
}
,
Required: True ,
}
enum ,
ruleRunAdditionalData:
{
Required: False ,
}
object ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
getTriggeredAnalyticsRuleRuns_List (new)
Description Gets the triggered analytics rule runs.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns
{
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
value:
{
Required: True ,
}
[
{
properties:
{
Description: The triggered analytics rule run Properties ,
Required: True ,
}
{
executionTimeUtc:
{
Format: date-time ,
Required: True ,
}
string ,
ruleId:
{
Required: True ,
}
string ,
triggeredAnalyticsRuleRunId:
{
Required: True ,
}
string ,
provisioningState:
{
Description: The triggered analytics rule run provisioning state ,
Enum:
{
Accepted: No description available. ,
InProgress: No description available. ,
Succeeded: No description available. ,
Failed: No description available. ,
Canceled: No description available. ,
}
,
Required: True ,
}
enum ,
ruleRunAdditionalData:
{
Required: False ,
}
object ,
}
,
}
,
]
,
nextLink:
{
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
alertRule_TriggerRuleRun (new)
Description triggers analytics rule run
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/triggerRuleRun
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
ruleId:
{
Description: Alert rule ID ,
Required: True ,
}
string ,
analyticsRuleRunTriggerParameter:
{
Description: The Analytics Rule Run Trigger parameter ,
Required: True ,
}
{
properties:
{
Description: The analytics Rule Run Trigger request ,
Required: True ,
}
{
executionTimeUtc:
{
Format: date-time ,
Required: True ,
}
string ,
}
,
}
,
}

⚐ Response (202)

{
location: string ,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
Watchlists_List (new)
Description Gets all watchlists, without watchlist items.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of watchlists. ,
Required: False ,
}
string ,
value:
{
Description: Array of watchlist. ,
Required: True ,
}
[
{
properties:
{
Description: Watchlist properties ,
Required: False ,
}
{
watchlistId:
{
Description: The id (a Guid) of the watchlist ,
Required: False ,
}
string ,
displayName:
{
Description: The display name of the watchlist ,
Required: True ,
}
string ,
provider:
{
Description: The provider of the watchlist ,
Required: True ,
}
string ,
source:
{
Description: The filename of the watchlist, called 'source' ,
Required: False ,
}
string ,
sourceType:
{
Description: The sourceType of the watchlist ,
Enum:
{
Local file: No description available. ,
Remote storage: No description available. ,
}
,
Required: False ,
}
enum ,
created:
{
Description: The time the watchlist was created ,
Format: date-time ,
Required: False ,
}
string ,
updated:
{
Description: The last time the watchlist was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Describes a user that created the watchlist ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
updatedBy:
{
Description: Describes a user that updated the watchlist ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
description:
{
Description: A description of the watchlist ,
Required: False ,
}
string ,
watchlistType:
{
Description: The type of the watchlist ,
Required: False ,
}
string ,
watchlistAlias:
{
Description: The alias of the watchlist ,
Required: False ,
}
string ,
isDeleted:
{
Description: A flag that indicates if the watchlist is deleted or not ,
Required: False ,
}
boolean ,
labels:
{
Description: List of labels relevant to this watchlist ,
Required: False ,
}
[
string ,
]
,
defaultDuration:
{
Description: The default duration of a watchlist (in ISO 8601 duration format) ,
Format: duration ,
Required: False ,
}
string ,
tenantId:
{
Description: The tenantId where the watchlist belongs to ,
Required: False ,
}
string ,
numberOfLinesToSkip:
{
Description: The number of lines in a csv/tsv content to skip before the header ,
Format: int32 ,
Required: False ,
}
integer ,
rawContent:
{
Description: The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint ,
Required: False ,
}
string ,
itemsSearchKey:
{
Description: The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address. ,
Required: True ,
}
string ,
contentType:
{
Description: The content type of the raw content. Example : text/csv or text/tsv ,
Required: False ,
}
string ,
uploadStatus:
{
Description: The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted ,
Required: False ,
}
string ,
provisioningState:
{
Description: Describes provisioning state ,
Enum:
{
New: No description available. ,
InProgress: No description available. ,
Uploading: No description available. ,
Deleting: No description available. ,
Succeeded: No description available. ,
Failed: No description available. ,
Canceled: No description available. ,
}
,
Required: False ,
}
enum ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Watchlists_Get (new)
Description Gets a watchlist, without its watchlist items.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
watchlistAlias:
{
Description: Watchlist Alias ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: Watchlist properties ,
Required: False ,
}
{
watchlistId:
{
Description: The id (a Guid) of the watchlist ,
Required: False ,
}
string ,
displayName:
{
Description: The display name of the watchlist ,
Required: True ,
}
string ,
provider:
{
Description: The provider of the watchlist ,
Required: True ,
}
string ,
source:
{
Description: The filename of the watchlist, called 'source' ,
Required: False ,
}
string ,
sourceType:
{
Description: The sourceType of the watchlist ,
Enum:
{
Local file: No description available. ,
Remote storage: No description available. ,
}
,
Required: False ,
}
enum ,
created:
{
Description: The time the watchlist was created ,
Format: date-time ,
Required: False ,
}
string ,
updated:
{
Description: The last time the watchlist was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Describes a user that created the watchlist ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
updatedBy:
{
Description: Describes a user that updated the watchlist ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
description:
{
Description: A description of the watchlist ,
Required: False ,
}
string ,
watchlistType:
{
Description: The type of the watchlist ,
Required: False ,
}
string ,
watchlistAlias:
{
Description: The alias of the watchlist ,
Required: False ,
}
string ,
isDeleted:
{
Description: A flag that indicates if the watchlist is deleted or not ,
Required: False ,
}
boolean ,
labels:
{
Description: List of labels relevant to this watchlist ,
Required: False ,
}
[
string ,
]
,
defaultDuration:
{
Description: The default duration of a watchlist (in ISO 8601 duration format) ,
Format: duration ,
Required: False ,
}
string ,
tenantId:
{
Description: The tenantId where the watchlist belongs to ,
Required: False ,
}
string ,
numberOfLinesToSkip:
{
Description: The number of lines in a csv/tsv content to skip before the header ,
Format: int32 ,
Required: False ,
}
integer ,
rawContent:
{
Description: The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint ,
Required: False ,
}
string ,
itemsSearchKey:
{
Description: The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address. ,
Required: True ,
}
string ,
contentType:
{
Description: The content type of the raw content. Example : text/csv or text/tsv ,
Required: False ,
}
string ,
uploadStatus:
{
Description: The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted ,
Required: False ,
}
string ,
provisioningState:
{
Description: Describes provisioning state ,
Enum:
{
New: No description available. ,
InProgress: No description available. ,
Uploading: No description available. ,
Deleting: No description available. ,
Succeeded: No description available. ,
Failed: No description available. ,
Canceled: No description available. ,
}
,
Required: False ,
}
enum ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
Watchlists_Delete (new)
Description Delete a watchlist.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
watchlistAlias:
{
Description: Watchlist Alias ,
Required: True ,
}
string ,
}

⚐ Response (202)

{
azure-asyncoperation:
{
Description: Contains the status URL on which clients are expected to poll the status of the delete operation. ,
}
string ,
location: string ,
}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
Watchlists_CreateOrUpdate (new)
Description Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint with either rawContent or a valid SAR URI and contentType properties. The rawContent is mainly used for small watchlist (content size below 3.8 MB). The SAS URI enables the creation of large watchlist, where the content size can go up to 500 MB. The status of processing such large file can be polled through the URL returned in Azure-AsyncOperation header.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
watchlistAlias:
{
Description: Watchlist Alias ,
Required: True ,
}
string ,
watchlist:
{
Description: The watchlist ,
Required: True ,
}
{
properties:
{
Description: Watchlist properties ,
Required: False ,
}
{
watchlistId:
{
Description: The id (a Guid) of the watchlist ,
Required: False ,
}
string ,
displayName:
{
Description: The display name of the watchlist ,
Required: True ,
}
string ,
provider:
{
Description: The provider of the watchlist ,
Required: True ,
}
string ,
source:
{
Description: The filename of the watchlist, called 'source' ,
Required: False ,
}
string ,
sourceType:
{
Description: The sourceType of the watchlist ,
Enum:
{
Local file: No description available. ,
Remote storage: No description available. ,
}
,
Required: False ,
}
enum ,
created:
{
Description: The time the watchlist was created ,
Format: date-time ,
Required: False ,
}
string ,
updated:
{
Description: The last time the watchlist was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Describes a user that created the watchlist ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
updatedBy:
{
Description: Describes a user that updated the watchlist ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
description:
{
Description: A description of the watchlist ,
Required: False ,
}
string ,
watchlistType:
{
Description: The type of the watchlist ,
Required: False ,
}
string ,
watchlistAlias:
{
Description: The alias of the watchlist ,
Required: False ,
}
string ,
isDeleted:
{
Description: A flag that indicates if the watchlist is deleted or not ,
Required: False ,
}
boolean ,
labels:
{
Description: List of labels relevant to this watchlist ,
Required: False ,
}
[
string ,
]
,
defaultDuration:
{
Description: The default duration of a watchlist (in ISO 8601 duration format) ,
Format: duration ,
Required: False ,
}
string ,
tenantId:
{
Description: The tenantId where the watchlist belongs to ,
Required: False ,
}
string ,
numberOfLinesToSkip:
{
Description: The number of lines in a csv/tsv content to skip before the header ,
Format: int32 ,
Required: False ,
}
integer ,
rawContent:
{
Description: The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint ,
Required: False ,
}
string ,
itemsSearchKey:
{
Description: The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address. ,
Required: True ,
}
string ,
contentType:
{
Description: The content type of the raw content. Example : text/csv or text/tsv ,
Required: False ,
}
string ,
uploadStatus:
{
Description: The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted ,
Required: False ,
}
string ,
provisioningState:
{
Description: Describes provisioning state ,
Enum:
{
New: No description available. ,
InProgress: No description available. ,
Uploading: No description available. ,
Deleting: No description available. ,
Succeeded: No description available. ,
Failed: No description available. ,
Canceled: No description available. ,
}
,
Required: False ,
}
enum ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: Watchlist properties ,
Required: False ,
}
{
watchlistId:
{
Description: The id (a Guid) of the watchlist ,
Required: False ,
}
string ,
displayName:
{
Description: The display name of the watchlist ,
Required: True ,
}
string ,
provider:
{
Description: The provider of the watchlist ,
Required: True ,
}
string ,
source:
{
Description: The filename of the watchlist, called 'source' ,
Required: False ,
}
string ,
sourceType:
{
Description: The sourceType of the watchlist ,
Enum:
{
Local file: No description available. ,
Remote storage: No description available. ,
}
,
Required: False ,
}
enum ,
created:
{
Description: The time the watchlist was created ,
Format: date-time ,
Required: False ,
}
string ,
updated:
{
Description: The last time the watchlist was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Describes a user that created the watchlist ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
updatedBy:
{
Description: Describes a user that updated the watchlist ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
description:
{
Description: A description of the watchlist ,
Required: False ,
}
string ,
watchlistType:
{
Description: The type of the watchlist ,
Required: False ,
}
string ,
watchlistAlias:
{
Description: The alias of the watchlist ,
Required: False ,
}
string ,
isDeleted:
{
Description: A flag that indicates if the watchlist is deleted or not ,
Required: False ,
}
boolean ,
labels:
{
Description: List of labels relevant to this watchlist ,
Required: False ,
}
[
string ,
]
,
defaultDuration:
{
Description: The default duration of a watchlist (in ISO 8601 duration format) ,
Format: duration ,
Required: False ,
}
string ,
tenantId:
{
Description: The tenantId where the watchlist belongs to ,
Required: False ,
}
string ,
numberOfLinesToSkip:
{
Description: The number of lines in a csv/tsv content to skip before the header ,
Format: int32 ,
Required: False ,
}
integer ,
rawContent:
{
Description: The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint ,
Required: False ,
}
string ,
itemsSearchKey:
{
Description: The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address. ,
Required: True ,
}
string ,
contentType:
{
Description: The content type of the raw content. Example : text/csv or text/tsv ,
Required: False ,
}
string ,
uploadStatus:
{
Description: The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted ,
Required: False ,
}
string ,
provisioningState:
{
Description: Describes provisioning state ,
Enum:
{
New: No description available. ,
InProgress: No description available. ,
Uploading: No description available. ,
Deleting: No description available. ,
Succeeded: No description available. ,
Failed: No description available. ,
Canceled: No description available. ,
}
,
Required: False ,
}
enum ,
}
,
}

⚐ Response (201)

{
$headers:
{
azure-asyncoperation:
{
Description: Contains the status URL on which clients are expected to poll the status of the operation. ,
}
string ,
}
,
$schema:
{
Description: Represents a Watchlist in Azure Security Insights. ,
}
{
properties:
{
Description: Watchlist properties ,
Required: False ,
}
{
watchlistId:
{
Description: The id (a Guid) of the watchlist ,
Required: False ,
}
string ,
displayName:
{
Description: The display name of the watchlist ,
Required: True ,
}
string ,
provider:
{
Description: The provider of the watchlist ,
Required: True ,
}
string ,
source:
{
Description: The filename of the watchlist, called 'source' ,
Required: False ,
}
string ,
sourceType:
{
Description: The sourceType of the watchlist ,
Enum:
{
Local file: No description available. ,
Remote storage: No description available. ,
}
,
Required: False ,
}
enum ,
created:
{
Description: The time the watchlist was created ,
Format: date-time ,
Required: False ,
}
string ,
updated:
{
Description: The last time the watchlist was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Describes a user that created the watchlist ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
updatedBy:
{
Description: Describes a user that updated the watchlist ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
description:
{
Description: A description of the watchlist ,
Required: False ,
}
string ,
watchlistType:
{
Description: The type of the watchlist ,
Required: False ,
}
string ,
watchlistAlias:
{
Description: The alias of the watchlist ,
Required: False ,
}
string ,
isDeleted:
{
Description: A flag that indicates if the watchlist is deleted or not ,
Required: False ,
}
boolean ,
labels:
{
Description: List of labels relevant to this watchlist ,
Required: False ,
}
[
string ,
]
,
defaultDuration:
{
Description: The default duration of a watchlist (in ISO 8601 duration format) ,
Format: duration ,
Required: False ,
}
string ,
tenantId:
{
Description: The tenantId where the watchlist belongs to ,
Required: False ,
}
string ,
numberOfLinesToSkip:
{
Description: The number of lines in a csv/tsv content to skip before the header ,
Format: int32 ,
Required: False ,
}
integer ,
rawContent:
{
Description: The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint ,
Required: False ,
}
string ,
itemsSearchKey:
{
Description: The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address. ,
Required: True ,
}
string ,
contentType:
{
Description: The content type of the raw content. Example : text/csv or text/tsv ,
Required: False ,
}
string ,
uploadStatus:
{
Description: The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted ,
Required: False ,
}
string ,
provisioningState:
{
Description: Describes provisioning state ,
Enum:
{
New: No description available. ,
InProgress: No description available. ,
Uploading: No description available. ,
Deleting: No description available. ,
Succeeded: No description available. ,
Failed: No description available. ,
Canceled: No description available. ,
}
,
Required: False ,
}
enum ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WatchlistItems_List (new)
Description Gets all watchlist Items.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
watchlistAlias:
{
Description: Watchlist Alias ,
Required: True ,
}
string ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of watchlist item. ,
Required: False ,
}
string ,
value:
{
Description: Array of watchlist items. ,
Required: True ,
}
[
{
properties:
{
Description: Watchlist Item properties ,
Required: False ,
}
{
watchlistItemType:
{
Description: The type of the watchlist item ,
Required: False ,
}
string ,
watchlistItemId:
{
Description: The id (a Guid) of the watchlist item ,
Required: False ,
}
string ,
tenantId:
{
Description: The tenantId to which the watchlist item belongs to ,
Required: False ,
}
string ,
isDeleted:
{
Description: A flag that indicates if the watchlist item is deleted or not ,
Required: False ,
}
boolean ,
created:
{
Description: The time the watchlist item was created ,
Format: date-time ,
Required: False ,
}
string ,
updated:
{
Description: The last time the watchlist item was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Describes a user that created the watchlist item ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
updatedBy:
{
Description: Describes a user that updated the watchlist item ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
itemsKeyValue:
{
Description: key-value pairs for a watchlist item ,
Required: True ,
}
object ,
entityMapping:
{
Description: key-value pairs for a watchlist item entity mapping ,
Required: False ,
}
object ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
WatchlistItems_Get (new)
Description Gets a watchlist, without its watchlist items.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
watchlistAlias:
{
Description: Watchlist Alias ,
Required: True ,
}
string ,
watchlistItemId:
{
Description: Watchlist Item Id (GUID) ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: Watchlist Item properties ,
Required: False ,
}
{
watchlistItemType:
{
Description: The type of the watchlist item ,
Required: False ,
}
string ,
watchlistItemId:
{
Description: The id (a Guid) of the watchlist item ,
Required: False ,
}
string ,
tenantId:
{
Description: The tenantId to which the watchlist item belongs to ,
Required: False ,
}
string ,
isDeleted:
{
Description: A flag that indicates if the watchlist item is deleted or not ,
Required: False ,
}
boolean ,
created:
{
Description: The time the watchlist item was created ,
Format: date-time ,
Required: False ,
}
string ,
updated:
{
Description: The last time the watchlist item was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Describes a user that created the watchlist item ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
updatedBy:
{
Description: Describes a user that updated the watchlist item ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
itemsKeyValue:
{
Description: key-value pairs for a watchlist item ,
Required: True ,
}
object ,
entityMapping:
{
Description: key-value pairs for a watchlist item entity mapping ,
Required: False ,
}
object ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
WatchlistItems_Delete (new)
Description Delete a watchlist item.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
watchlistAlias:
{
Description: Watchlist Alias ,
Required: True ,
}
string ,
watchlistItemId:
{
Description: Watchlist Item Id (GUID) ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
WatchlistItems_CreateOrUpdate (new)
Description Creates or updates a watchlist item.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
watchlistAlias:
{
Description: Watchlist Alias ,
Required: True ,
}
string ,
watchlistItemId:
{
Description: Watchlist Item Id (GUID) ,
Required: True ,
}
string ,
watchlistItem:
{
Description: The watchlist item ,
Required: True ,
}
{
properties:
{
Description: Watchlist Item properties ,
Required: False ,
}
{
watchlistItemType:
{
Description: The type of the watchlist item ,
Required: False ,
}
string ,
watchlistItemId:
{
Description: The id (a Guid) of the watchlist item ,
Required: False ,
}
string ,
tenantId:
{
Description: The tenantId to which the watchlist item belongs to ,
Required: False ,
}
string ,
isDeleted:
{
Description: A flag that indicates if the watchlist item is deleted or not ,
Required: False ,
}
boolean ,
created:
{
Description: The time the watchlist item was created ,
Format: date-time ,
Required: False ,
}
string ,
updated:
{
Description: The last time the watchlist item was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Describes a user that created the watchlist item ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
updatedBy:
{
Description: Describes a user that updated the watchlist item ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
itemsKeyValue:
{
Description: key-value pairs for a watchlist item ,
Required: True ,
}
object ,
entityMapping:
{
Description: key-value pairs for a watchlist item entity mapping ,
Required: False ,
}
object ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: Watchlist Item properties ,
Required: False ,
}
{
watchlistItemType:
{
Description: The type of the watchlist item ,
Required: False ,
}
string ,
watchlistItemId:
{
Description: The id (a Guid) of the watchlist item ,
Required: False ,
}
string ,
tenantId:
{
Description: The tenantId to which the watchlist item belongs to ,
Required: False ,
}
string ,
isDeleted:
{
Description: A flag that indicates if the watchlist item is deleted or not ,
Required: False ,
}
boolean ,
created:
{
Description: The time the watchlist item was created ,
Format: date-time ,
Required: False ,
}
string ,
updated:
{
Description: The last time the watchlist item was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Describes a user that created the watchlist item ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
updatedBy:
{
Description: Describes a user that updated the watchlist item ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
itemsKeyValue:
{
Description: key-value pairs for a watchlist item ,
Required: True ,
}
object ,
entityMapping:
{
Description: key-value pairs for a watchlist item entity mapping ,
Required: False ,
}
object ,
}
,
}

⚐ Response (201)

{
properties:
{
Description: Watchlist Item properties ,
Required: False ,
}
{
watchlistItemType:
{
Description: The type of the watchlist item ,
Required: False ,
}
string ,
watchlistItemId:
{
Description: The id (a Guid) of the watchlist item ,
Required: False ,
}
string ,
tenantId:
{
Description: The tenantId to which the watchlist item belongs to ,
Required: False ,
}
string ,
isDeleted:
{
Description: A flag that indicates if the watchlist item is deleted or not ,
Required: False ,
}
boolean ,
created:
{
Description: The time the watchlist item was created ,
Format: date-time ,
Required: False ,
}
string ,
updated:
{
Description: The last time the watchlist item was updated ,
Format: date-time ,
Required: False ,
}
string ,
createdBy:
{
Description: Describes a user that created the watchlist item ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
updatedBy:
{
Description: Describes a user that updated the watchlist item ,
Required: False ,
}
{
email:
{
Description: The email of the user. ,
Required: False ,
}
string ,
name:
{
Description: The name of the user. ,
Required: False ,
}
string ,
objectId:
{
Description: The object id of the user. ,
Format: uuid ,
Required: False ,
}
string ,
}
,
itemsKeyValue:
{
Description: key-value pairs for a watchlist item ,
Required: True ,
}
object ,
entityMapping:
{
Description: key-value pairs for a watchlist item entity mapping ,
Required: False ,
}
object ,
}
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
WorkspaceManagerAssignments_List (new)
Description Get all workspace manager assignments for the Sentinel workspace manager.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of workspace manager assignments. ,
Required: False ,
}
string ,
value:
{
Description: Array of workspace manager assignments. ,
Required: True ,
}
[
{
properties:
{
Description: The workspace manager assignment object ,
Required: False ,
}
{
targetResourceName:
{
Description: The resource name of the workspace manager group targeted by the workspace manager assignment ,
Required: True ,
}
string ,
lastJobEndTime:
{
Description: The time the last job associated to this assignment ended at ,
Format: date-time ,
Required: False ,
}
string ,
lastJobProvisioningState:
{
Description: State of the last job associated to this assignment ,
Enum:
{
Succeeded: The job succeeded ,
InProgress: The job is in progress ,
Canceled: The job was canceled ,
Failed: The job failed ,
}
,
Required: False ,
}
enum ,
items:
{
Description: List of resources included in this workspace manager assignment ,
Required: True ,
}
[
{
resourceId:
{
Description: The resource id of the content item ,
Required: False ,
}
string ,
}
,
]
,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WorkspaceManagerAssignments_Get (new)
Description Gets a workspace manager assignment
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
workspaceManagerAssignmentName:
{
Description: The name of the workspace manager assignment ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: The workspace manager assignment object ,
Required: False ,
}
{
targetResourceName:
{
Description: The resource name of the workspace manager group targeted by the workspace manager assignment ,
Required: True ,
}
string ,
lastJobEndTime:
{
Description: The time the last job associated to this assignment ended at ,
Format: date-time ,
Required: False ,
}
string ,
lastJobProvisioningState:
{
Description: State of the last job associated to this assignment ,
Enum:
{
Succeeded: The job succeeded ,
InProgress: The job is in progress ,
Canceled: The job was canceled ,
Failed: The job failed ,
}
,
Required: False ,
}
enum ,
items:
{
Description: List of resources included in this workspace manager assignment ,
Required: True ,
}
[
{
resourceId:
{
Description: The resource id of the content item ,
Required: False ,
}
string ,
}
,
]
,
}
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WorkspaceManagerAssignments_CreateOrUpdate (new)
Description Creates or updates a workspace manager assignment.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
workspaceManagerAssignmentName:
{
Description: The name of the workspace manager assignment ,
Required: True ,
}
string ,
workspaceManagerAssignment:
{
Description: The workspace manager assignment ,
Required: True ,
}
{
properties:
{
Description: The workspace manager assignment object ,
Required: False ,
}
{
targetResourceName:
{
Description: The resource name of the workspace manager group targeted by the workspace manager assignment ,
Required: True ,
}
string ,
lastJobEndTime:
{
Description: The time the last job associated to this assignment ended at ,
Format: date-time ,
Required: False ,
}
string ,
lastJobProvisioningState:
{
Description: State of the last job associated to this assignment ,
Enum:
{
Succeeded: The job succeeded ,
InProgress: The job is in progress ,
Canceled: The job was canceled ,
Failed: The job failed ,
}
,
Required: False ,
}
enum ,
items:
{
Description: List of resources included in this workspace manager assignment ,
Required: True ,
}
[
{
resourceId:
{
Description: The resource id of the content item ,
Required: False ,
}
string ,
}
,
]
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: The workspace manager assignment object ,
Required: False ,
}
{
targetResourceName:
{
Description: The resource name of the workspace manager group targeted by the workspace manager assignment ,
Required: True ,
}
string ,
lastJobEndTime:
{
Description: The time the last job associated to this assignment ended at ,
Format: date-time ,
Required: False ,
}
string ,
lastJobProvisioningState:
{
Description: State of the last job associated to this assignment ,
Enum:
{
Succeeded: The job succeeded ,
InProgress: The job is in progress ,
Canceled: The job was canceled ,
Failed: The job failed ,
}
,
Required: False ,
}
enum ,
items:
{
Description: List of resources included in this workspace manager assignment ,
Required: True ,
}
[
{
resourceId:
{
Description: The resource id of the content item ,
Required: False ,
}
string ,
}
,
]
,
}
,
}

⚐ Response (201)

{
properties:
{
Description: The workspace manager assignment object ,
Required: False ,
}
{
targetResourceName:
{
Description: The resource name of the workspace manager group targeted by the workspace manager assignment ,
Required: True ,
}
string ,
lastJobEndTime:
{
Description: The time the last job associated to this assignment ended at ,
Format: date-time ,
Required: False ,
}
string ,
lastJobProvisioningState:
{
Description: State of the last job associated to this assignment ,
Enum:
{
Succeeded: The job succeeded ,
InProgress: The job is in progress ,
Canceled: The job was canceled ,
Failed: The job failed ,
}
,
Required: False ,
}
enum ,
items:
{
Description: List of resources included in this workspace manager assignment ,
Required: True ,
}
[
{
resourceId:
{
Description: The resource id of the content item ,
Required: False ,
}
string ,
}
,
]
,
}
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WorkspaceManagerAssignments_Delete (new)
Description Deletes a workspace manager assignment
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
workspaceManagerAssignmentName:
{
Description: The name of the workspace manager assignment ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WorkspaceManagerAssignmentJobs_List (new)
Description Get all jobs for the specified workspace manager assignment
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
workspaceManagerAssignmentName:
{
Description: The name of the workspace manager assignment ,
Required: True ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of jobs. ,
Required: False ,
}
string ,
value:
{
Description: Array of jobs. ,
Required: True ,
}
[
{
properties:
{
Description: The job object ,
Required: False ,
}
{
endTime:
{
Description: The time the job completed ,
Format: date-time ,
Required: False ,
}
string ,
items:
{
Description: List of items published by the job ,
Required: False ,
}
[
{
resourceId:
{
Description: The resource id of the content item ,
Required: False ,
}
string ,
status:
{
Description: Status of the item publication ,
Enum:
{
Succeeded: The item publication succeeded ,
Failed: The item publication failed ,
InProgress: The item publication is in progress ,
}
,
Required: False ,
}
enum ,
executionTime:
{
Description: The time the item publishing was completed ,
Format: date-time ,
Required: False ,
}
string ,
errors:
{
Description: The list of error descriptions if the item publication fails. ,
Required: False ,
}
[
{
memberResourceName:
{
Description: The member resource name for which the publication error occured ,
Required: True ,
}
string ,
errorMessage:
{
Description: The error message ,
Required: True ,
}
string ,
}
,
]
,
}
,
]
,
provisioningState:
{
Description: State of the job ,
Enum:
{
Succeeded: The job succeeded ,
InProgress: The job is in progress ,
Canceled: The job was canceled ,
Failed: The job failed ,
}
,
Required: False ,
}
enum ,
startTime:
{
Description: The time the job started ,
Format: date-time ,
Required: False ,
}
string ,
errorMessage:
{
Description: Message to describe error, if an error exists ,
Required: False ,
}
string ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WorkspaceManagerAssignmentJobs_Create (new)
Description Create a job for the specified workspace manager assignment
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
workspaceManagerAssignmentName:
{
Description: The name of the workspace manager assignment ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: The job object ,
Required: False ,
}
{
endTime:
{
Description: The time the job completed ,
Format: date-time ,
Required: False ,
}
string ,
items:
{
Description: List of items published by the job ,
Required: False ,
}
[
{
resourceId:
{
Description: The resource id of the content item ,
Required: False ,
}
string ,
status:
{
Description: Status of the item publication ,
Enum:
{
Succeeded: The item publication succeeded ,
Failed: The item publication failed ,
InProgress: The item publication is in progress ,
}
,
Required: False ,
}
enum ,
executionTime:
{
Description: The time the item publishing was completed ,
Format: date-time ,
Required: False ,
}
string ,
errors:
{
Description: The list of error descriptions if the item publication fails. ,
Required: False ,
}
[
{
memberResourceName:
{
Description: The member resource name for which the publication error occured ,
Required: True ,
}
string ,
errorMessage:
{
Description: The error message ,
Required: True ,
}
string ,
}
,
]
,
}
,
]
,
provisioningState:
{
Description: State of the job ,
Enum:
{
Succeeded: The job succeeded ,
InProgress: The job is in progress ,
Canceled: The job was canceled ,
Failed: The job failed ,
}
,
Required: False ,
}
enum ,
startTime:
{
Description: The time the job started ,
Format: date-time ,
Required: False ,
}
string ,
errorMessage:
{
Description: Message to describe error, if an error exists ,
Required: False ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WorkspaceManagerAssignmentJobs_Get (new)
Description Gets a job
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs/{jobName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
workspaceManagerAssignmentName:
{
Description: The name of the workspace manager assignment ,
Required: True ,
}
string ,
jobName:
{
Description: The job name ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: The job object ,
Required: False ,
}
{
endTime:
{
Description: The time the job completed ,
Format: date-time ,
Required: False ,
}
string ,
items:
{
Description: List of items published by the job ,
Required: False ,
}
[
{
resourceId:
{
Description: The resource id of the content item ,
Required: False ,
}
string ,
status:
{
Description: Status of the item publication ,
Enum:
{
Succeeded: The item publication succeeded ,
Failed: The item publication failed ,
InProgress: The item publication is in progress ,
}
,
Required: False ,
}
enum ,
executionTime:
{
Description: The time the item publishing was completed ,
Format: date-time ,
Required: False ,
}
string ,
errors:
{
Description: The list of error descriptions if the item publication fails. ,
Required: False ,
}
[
{
memberResourceName:
{
Description: The member resource name for which the publication error occured ,
Required: True ,
}
string ,
errorMessage:
{
Description: The error message ,
Required: True ,
}
string ,
}
,
]
,
}
,
]
,
provisioningState:
{
Description: State of the job ,
Enum:
{
Succeeded: The job succeeded ,
InProgress: The job is in progress ,
Canceled: The job was canceled ,
Failed: The job failed ,
}
,
Required: False ,
}
enum ,
startTime:
{
Description: The time the job started ,
Format: date-time ,
Required: False ,
}
string ,
errorMessage:
{
Description: Message to describe error, if an error exists ,
Required: False ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WorkspaceManagerAssignmentJobs_Delete (new)
Description Deletes the specified job from the specified workspace manager assignment
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs/{jobName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
workspaceManagerAssignmentName:
{
Description: The name of the workspace manager assignment ,
Required: True ,
}
string ,
jobName:
{
Description: The job name ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WorkspaceManagerConfigurations_List (new)
Description Gets all workspace manager configurations for a Sentinel workspace.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of workspace manager configurations. ,
Required: False ,
}
string ,
value:
{
Description: Array of workspace manager configurations. ,
Required: True ,
}
[
{
properties:
{
Description: The workspace manager configuration object ,
Required: False ,
}
{
mode:
{
Description: The current mode of the workspace manager configuration ,
Enum:
{
Enabled: The workspace manager configuration is enabled ,
Disabled: The workspace manager configuration is disabled ,
}
,
Required: True ,
}
enum ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WorkspaceManagerConfigurations_Get (new)
Description Gets a workspace manager configuration
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
workspaceManagerConfigurationName:
{
Description: The name of the workspace manager configuration ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: The workspace manager configuration object ,
Required: False ,
}
{
mode:
{
Description: The current mode of the workspace manager configuration ,
Enum:
{
Enabled: The workspace manager configuration is enabled ,
Disabled: The workspace manager configuration is disabled ,
}
,
Required: True ,
}
enum ,
}
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WorkspaceManagerConfigurations_Delete (new)
Description Deletes a workspace manager configuration
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
workspaceManagerConfigurationName:
{
Description: The name of the workspace manager configuration ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WorkspaceManagerConfigurations_CreateOrUpdate (new)
Description Creates or updates a workspace manager configuration.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
workspaceManagerConfigurationName:
{
Description: The name of the workspace manager configuration ,
Required: True ,
}
string ,
workspaceManagerConfiguration:
{
Description: The workspace manager configuration ,
Required: True ,
}
{
properties:
{
Description: The workspace manager configuration object ,
Required: False ,
}
{
mode:
{
Description: The current mode of the workspace manager configuration ,
Enum:
{
Enabled: The workspace manager configuration is enabled ,
Disabled: The workspace manager configuration is disabled ,
}
,
Required: True ,
}
enum ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: The workspace manager configuration object ,
Required: False ,
}
{
mode:
{
Description: The current mode of the workspace manager configuration ,
Enum:
{
Enabled: The workspace manager configuration is enabled ,
Disabled: The workspace manager configuration is disabled ,
}
,
Required: True ,
}
enum ,
}
,
}

⚐ Response (201)

{
properties:
{
Description: The workspace manager configuration object ,
Required: False ,
}
{
mode:
{
Description: The current mode of the workspace manager configuration ,
Enum:
{
Enabled: The workspace manager configuration is enabled ,
Disabled: The workspace manager configuration is disabled ,
}
,
Required: True ,
}
enum ,
}
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WorkspaceManagerGroups_List (new)
Description Gets all workspace manager groups in the Sentinel workspace manager
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of workspace manager groups. ,
Required: False ,
}
string ,
value:
{
Description: Array of workspace manager groups. ,
Required: True ,
}
[
{
properties:
{
Description: The workspace manager group object ,
Required: False ,
}
{
description:
{
Description: The description of the workspace manager group ,
Required: False ,
}
string ,
displayName:
{
Description: The display name of the workspace manager group ,
Required: True ,
}
string ,
memberResourceNames:
{
Description: The names of the workspace manager members participating in this group. ,
Required: True ,
}
[
string ,
]
,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WorkspaceManagerGroups_Get (new)
Description Gets a workspace manager group
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
workspaceManagerGroupName:
{
Description: The name of the workspace manager group ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: The workspace manager group object ,
Required: False ,
}
{
description:
{
Description: The description of the workspace manager group ,
Required: False ,
}
string ,
displayName:
{
Description: The display name of the workspace manager group ,
Required: True ,
}
string ,
memberResourceNames:
{
Description: The names of the workspace manager members participating in this group. ,
Required: True ,
}
[
string ,
]
,
}
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WorkspaceManagerGroups_CreateOrUpdate (new)
Description Creates or updates a workspace manager group.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
workspaceManagerGroupName:
{
Description: The name of the workspace manager group ,
Required: True ,
}
string ,
workspaceManagerGroup:
{
Description: The workspace manager group object ,
Required: True ,
}
{
properties:
{
Description: The workspace manager group object ,
Required: False ,
}
{
description:
{
Description: The description of the workspace manager group ,
Required: False ,
}
string ,
displayName:
{
Description: The display name of the workspace manager group ,
Required: True ,
}
string ,
memberResourceNames:
{
Description: The names of the workspace manager members participating in this group. ,
Required: True ,
}
[
string ,
]
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: The workspace manager group object ,
Required: False ,
}
{
description:
{
Description: The description of the workspace manager group ,
Required: False ,
}
string ,
displayName:
{
Description: The display name of the workspace manager group ,
Required: True ,
}
string ,
memberResourceNames:
{
Description: The names of the workspace manager members participating in this group. ,
Required: True ,
}
[
string ,
]
,
}
,
}

⚐ Response (201)

{
properties:
{
Description: The workspace manager group object ,
Required: False ,
}
{
description:
{
Description: The description of the workspace manager group ,
Required: False ,
}
string ,
displayName:
{
Description: The display name of the workspace manager group ,
Required: True ,
}
string ,
memberResourceNames:
{
Description: The names of the workspace manager members participating in this group. ,
Required: True ,
}
[
string ,
]
,
}
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WorkspaceManagerGroups_Delete (new)
Description Deletes a workspace manager group
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
workspaceManagerGroupName:
{
Description: The name of the workspace manager group ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WorkspaceManagerMembers_List (new)
Description Gets all workspace manager members that exist for the given Sentinel workspace manager
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
$orderby:
{
Description: Sorts the results. Optional. ,
Required: False ,
}
string ,
$top:
{
Description: Returns only the first n results. Optional. ,
Format: int32 ,
Required: False ,
}
integer ,
$skipToken:
{
Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,
Required: False ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of workspace manager members ,
Required: False ,
}
string ,
value:
{
Description: Array of workspace manager members ,
Required: True ,
}
[
{
properties:
{
Description: The workspace manager member object ,
Required: False ,
}
{
targetWorkspaceResourceId:
{
Description: Fully qualified resource ID of the target Sentinel workspace joining the given Sentinel workspace manager ,
Required: True ,
}
string ,
targetWorkspaceTenantId:
{
Description: Tenant id of the target Sentinel workspace joining the given Sentinel workspace manager ,
Required: True ,
}
string ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WorkspaceManagerMembers_Get (new)
Description Gets a workspace manager member
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
workspaceManagerMemberName:
{
Description: The name of the workspace manager member ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
properties:
{
Description: The workspace manager member object ,
Required: False ,
}
{
targetWorkspaceResourceId:
{
Description: Fully qualified resource ID of the target Sentinel workspace joining the given Sentinel workspace manager ,
Required: True ,
}
string ,
targetWorkspaceTenantId:
{
Description: Tenant id of the target Sentinel workspace joining the given Sentinel workspace manager ,
Required: True ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WorkspaceManagerMembers_CreateOrUpdate (new)
Description Creates or updates a workspace manager member
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
workspaceManagerMemberName:
{
Description: The name of the workspace manager member ,
Required: True ,
}
string ,
workspaceManagerMember:
{
Description: The workspace manager member object ,
Required: True ,
}
{
properties:
{
Description: The workspace manager member object ,
Required: False ,
}
{
targetWorkspaceResourceId:
{
Description: Fully qualified resource ID of the target Sentinel workspace joining the given Sentinel workspace manager ,
Required: True ,
}
string ,
targetWorkspaceTenantId:
{
Description: Tenant id of the target Sentinel workspace joining the given Sentinel workspace manager ,
Required: True ,
}
string ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
Description: The workspace manager member object ,
Required: False ,
}
{
targetWorkspaceResourceId:
{
Description: Fully qualified resource ID of the target Sentinel workspace joining the given Sentinel workspace manager ,
Required: True ,
}
string ,
targetWorkspaceTenantId:
{
Description: Tenant id of the target Sentinel workspace joining the given Sentinel workspace manager ,
Required: True ,
}
string ,
}
,
}

⚐ Response (201)

{
properties:
{
Description: The workspace manager member object ,
Required: False ,
}
{
targetWorkspaceResourceId:
{
Description: Fully qualified resource ID of the target Sentinel workspace joining the given Sentinel workspace manager ,
Required: True ,
}
string ,
targetWorkspaceTenantId:
{
Description: Tenant id of the target Sentinel workspace joining the given Sentinel workspace manager ,
Required: True ,
}
string ,
}
,
}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
WorkspaceManagerMembers_Delete (new)
Description Deletes a workspace manager member
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
workspaceManagerMemberName:
{
Description: The name of the workspace manager member ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: The error object. ,
Required: False ,
}
{
code:
{
Description: The error code. ,
Required: False ,
}
string ,
message:
{
Description: The error message. ,
Required: False ,
}
string ,
target:
{
Description: The error target. ,
Required: False ,
}
string ,
details:
{
Description: The error details. ,
Required: False ,
}
[
string ,
]
,
additionalInfo:
{
Description: The error additional info. ,
Required: False ,
}
[
{
type:
{
Description: The additional info type. ,
Required: False ,
}
string ,
info:
{
Description: The additional info. ,
Required: False ,
}
object ,
}
,
]
,
}
,
}
DataConnectorDefinitions_List (new)
Description Gets all data connector definitions.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions
{
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
value:
{
Required: False ,
}
[
{
kind:
{
Description: The data connector kind ,
Enum:
{
Customizable: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
nextLink:
{
Required: False ,
}
string ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
DataConnectorDefinitions_Get (new)
Description Gets a data connector definition.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}
{
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
dataConnectorDefinitionName:
{
Description: The data connector definition name. ,
Required: True ,
}
string ,
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
kind:
{
Description: The data connector kind ,
Enum:
{
Customizable: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
DataConnectorDefinitions_CreateOrUpdate (new)
Description Creates or updates the data connector definition.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}
{
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
dataConnectorDefinitionName:
{
Description: The data connector definition name. ,
Required: True ,
}
string ,
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
connectorDefinitionInput:
{
Description: The data connector definition ,
Required: True ,
}
{
kind:
{
Description: The data connector kind ,
Enum:
{
Customizable: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
}

⚐ Response (200)

{
kind:
{
Description: The data connector kind ,
Enum:
{
Customizable: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (201)

{
kind:
{
Description: The data connector kind ,
Enum:
{
Customizable: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
DataConnectorDefinitions_Delete (new)
Description Delete the data connector definition.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}
{
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
dataConnectorDefinitionName:
{
Description: The data connector definition name. ,
Required: True ,
}
string ,
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
DataConnectors_List (new)
Description Gets all data connectors.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
nextLink:
{
Description: URL to fetch the next set of data connectors. ,
Required: False ,
}
string ,
value:
{
Description: Array of data connectors. ,
Required: True ,
}
[
{
kind:
{
Description: The data connector kind ,
Enum:
{
AzureActiveDirectory: No description available. ,
AzureSecurityCenter: No description available. ,
MicrosoftCloudAppSecurity: No description available. ,
ThreatIntelligence: No description available. ,
ThreatIntelligenceTaxii: No description available. ,
Office365: No description available. ,
OfficeATP: No description available. ,
OfficeIRM: No description available. ,
Office365Project: No description available. ,
MicrosoftPurviewInformationProtection: No description available. ,
OfficePowerBI: No description available. ,
AmazonWebServicesCloudTrail: No description available. ,
AmazonWebServicesS3: No description available. ,
AzureAdvancedThreatProtection: No description available. ,
MicrosoftDefenderAdvancedThreatProtection: No description available. ,
Dynamics365: No description available. ,
MicrosoftThreatProtection: No description available. ,
MicrosoftThreatIntelligence: No description available. ,
GenericUI: No description available. ,
APIPolling: No description available. ,
IOT: No description available. ,
GCP: No description available. ,
RestApiPoller: No description available. ,
PurviewAudit: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
DataConnectors_Get (new)
Description Gets a data connector.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
dataConnectorId:
{
Description: Connector ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
kind:
{
Description: The data connector kind ,
Enum:
{
AzureActiveDirectory: No description available. ,
AzureSecurityCenter: No description available. ,
MicrosoftCloudAppSecurity: No description available. ,
ThreatIntelligence: No description available. ,
ThreatIntelligenceTaxii: No description available. ,
Office365: No description available. ,
OfficeATP: No description available. ,
OfficeIRM: No description available. ,
Office365Project: No description available. ,
MicrosoftPurviewInformationProtection: No description available. ,
OfficePowerBI: No description available. ,
AmazonWebServicesCloudTrail: No description available. ,
AmazonWebServicesS3: No description available. ,
AzureAdvancedThreatProtection: No description available. ,
MicrosoftDefenderAdvancedThreatProtection: No description available. ,
Dynamics365: No description available. ,
MicrosoftThreatProtection: No description available. ,
MicrosoftThreatIntelligence: No description available. ,
GenericUI: No description available. ,
APIPolling: No description available. ,
IOT: No description available. ,
GCP: No description available. ,
RestApiPoller: No description available. ,
PurviewAudit: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
DataConnectors_CreateOrUpdate (new)
Description Creates or updates the data connector.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
dataConnectorId:
{
Description: Connector ID ,
Required: True ,
}
string ,
dataConnector:
{
Description: The data connector ,
Required: True ,
}
{
kind:
{
Description: The data connector kind ,
Enum:
{
AzureActiveDirectory: No description available. ,
AzureSecurityCenter: No description available. ,
MicrosoftCloudAppSecurity: No description available. ,
ThreatIntelligence: No description available. ,
ThreatIntelligenceTaxii: No description available. ,
Office365: No description available. ,
OfficeATP: No description available. ,
OfficeIRM: No description available. ,
Office365Project: No description available. ,
MicrosoftPurviewInformationProtection: No description available. ,
OfficePowerBI: No description available. ,
AmazonWebServicesCloudTrail: No description available. ,
AmazonWebServicesS3: No description available. ,
AzureAdvancedThreatProtection: No description available. ,
MicrosoftDefenderAdvancedThreatProtection: No description available. ,
Dynamics365: No description available. ,
MicrosoftThreatProtection: No description available. ,
MicrosoftThreatIntelligence: No description available. ,
GenericUI: No description available. ,
APIPolling: No description available. ,
IOT: No description available. ,
GCP: No description available. ,
RestApiPoller: No description available. ,
PurviewAudit: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
}

⚐ Response (200)

{
kind:
{
Description: The data connector kind ,
Enum:
{
AzureActiveDirectory: No description available. ,
AzureSecurityCenter: No description available. ,
MicrosoftCloudAppSecurity: No description available. ,
ThreatIntelligence: No description available. ,
ThreatIntelligenceTaxii: No description available. ,
Office365: No description available. ,
OfficeATP: No description available. ,
OfficeIRM: No description available. ,
Office365Project: No description available. ,
MicrosoftPurviewInformationProtection: No description available. ,
OfficePowerBI: No description available. ,
AmazonWebServicesCloudTrail: No description available. ,
AmazonWebServicesS3: No description available. ,
AzureAdvancedThreatProtection: No description available. ,
MicrosoftDefenderAdvancedThreatProtection: No description available. ,
Dynamics365: No description available. ,
MicrosoftThreatProtection: No description available. ,
MicrosoftThreatIntelligence: No description available. ,
GenericUI: No description available. ,
APIPolling: No description available. ,
IOT: No description available. ,
GCP: No description available. ,
RestApiPoller: No description available. ,
PurviewAudit: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (201)

{
kind:
{
Description: The data connector kind ,
Enum:
{
AzureActiveDirectory: No description available. ,
AzureSecurityCenter: No description available. ,
MicrosoftCloudAppSecurity: No description available. ,
ThreatIntelligence: No description available. ,
ThreatIntelligenceTaxii: No description available. ,
Office365: No description available. ,
OfficeATP: No description available. ,
OfficeIRM: No description available. ,
Office365Project: No description available. ,
MicrosoftPurviewInformationProtection: No description available. ,
OfficePowerBI: No description available. ,
AmazonWebServicesCloudTrail: No description available. ,
AmazonWebServicesS3: No description available. ,
AzureAdvancedThreatProtection: No description available. ,
MicrosoftDefenderAdvancedThreatProtection: No description available. ,
Dynamics365: No description available. ,
MicrosoftThreatProtection: No description available. ,
MicrosoftThreatIntelligence: No description available. ,
GenericUI: No description available. ,
APIPolling: No description available. ,
IOT: No description available. ,
GCP: No description available. ,
RestApiPoller: No description available. ,
PurviewAudit: No description available. ,
}
,
Required: True ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
DataConnectors_Delete (new)
Description Delete the data connector.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
dataConnectorId:
{
Description: Connector ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
DataConnectors_Connect (new)
Description Connects a data connector.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/connect
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
dataConnectorId:
{
Description: Connector ID ,
Required: True ,
}
string ,
connectBody:
{
Description: The data connector ,
Required: True ,
}
{
kind:
{
Description: The authentication kind used to poll the data ,
Enum:
{
Basic: No description available. ,
OAuth2: No description available. ,
APIKey: No description available. ,
}
,
Required: False ,
}
enum ,
apiKey:
{
Description: The API key of the audit server. ,
Required: False ,
}
string ,
dataCollectionEndpoint:
{
Description: Used in v2 logs connector. Represents the data collection ingestion endpoint in log analytics. ,
Required: False ,
}
string ,
dataCollectionRuleImmutableId:
{
Description: Used in v2 logs connector. The data collection rule immutable id, the rule defines the transformation and data destination. ,
Required: False ,
}
string ,
outputStream:
{
Description: Used in v2 logs connector. The stream we are sending the data to, this is the name of the streamDeclarations defined in the DCR. ,
Required: False ,
}
string ,
clientSecret:
{
Description: The client secret of the OAuth 2.0 application. ,
Required: False ,
}
string ,
clientId:
{
Description: The client id of the OAuth 2.0 application. ,
Required: False ,
}
string ,
authorizationCode:
{
Description: The authorization code used in OAuth 2.0 code flow to issue a token. ,
Required: False ,
}
string ,
userName:
{
Description: The user name in the audit log server. ,
Required: False ,
}
string ,
password:
{
Description: The user password in the audit log server. ,
Required: False ,
}
string ,
requestConfigUserInputValues:
{
Required: False ,
}
[
object ,
]
,
}
,
}

⚐ Response (200)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
DataConnectors_Disconnect (new)
Description Disconnect a data connector.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/disconnect
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
dataConnectorId:
{
Description: Connector ID ,
Required: True ,
}
string ,
}

⚐ Response (200)

{}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}
DataConnectorsCheckRequirements_Post (new)
Description Get requirements state for a data connector type.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorsCheckRequirements
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
subscriptionId:
{
Description: The ID of the target subscription. The value must be an UUID. ,
Format: uuid ,
Required: True ,
}
string ,
resourceGroupName:
{
Description: The name of the resource group. The name is case insensitive. ,
Required: True ,
}
string ,
workspaceName:
{
Description: The name of the workspace. ,
Required: True ,
}
string ,
DataConnectorsCheckRequirements:
{
Description: The parameters for requirements check message ,
Required: True ,
}
{
kind:
{
Description: Describes the kind of connector to be checked. ,
Enum:
{
AzureActiveDirectory: No description available. ,
AzureSecurityCenter: No description available. ,
MicrosoftCloudAppSecurity: No description available. ,
ThreatIntelligence: No description available. ,
ThreatIntelligenceTaxii: No description available. ,
Office365: No description available. ,
OfficeATP: No description available. ,
OfficeIRM: No description available. ,
Office365Project: No description available. ,
MicrosoftPurviewInformationProtection: No description available. ,
OfficePowerBI: No description available. ,
AmazonWebServicesCloudTrail: No description available. ,
AmazonWebServicesS3: No description available. ,
AzureAdvancedThreatProtection: No description available. ,
MicrosoftDefenderAdvancedThreatProtection: No description available. ,
Dynamics365: No description available. ,
MicrosoftThreatProtection: No description available. ,
MicrosoftThreatIntelligence: No description available. ,
GenericUI: No description available. ,
APIPolling: No description available. ,
IOT: No description available. ,
GCP: No description available. ,
RestApiPoller: No description available. ,
PurviewAudit: No description available. ,
}
,
Required: True ,
}
enum ,
}
,
}

⚐ Response (200)

{
authorizationState:
{
Description: Authorization state for this connector ,
Enum:
{
Valid: No description available. ,
Invalid: No description available. ,
}
,
Required: False ,
}
enum ,
licenseState:
{
Description: License state for this connector ,
Enum:
{
Valid: No description available. ,
Invalid: No description available. ,
Unknown: No description available. ,
}
,
Required: False ,
}
enum ,
}

⚐ Response (default)

{
error:
{
Description: Error data ,
Required: False ,
}
{
code:
{
Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,
Required: False ,
}
string ,
message:
{
Description: A message describing the error, intended to be suitable for display in a user interface. ,
Required: False ,
}
string ,
}
,
}