Microsoft.OperationalInsights (preview:2024-10-01)

2025/01/09 • 184 new methods

AlertRules_List (new)
Description Gets all alert rules.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
kind: enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
AlertRules_Get (new)
Description Gets the alert rule.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
ruleId: string ,
}

⚐ Response (200)

{
kind: enum ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
AlertRules_CreateOrUpdate (new)
Description Creates or updates the alert rule.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
ruleId: string ,
alertRule:
{
kind: enum ,
}
,
}

⚐ Response (200)

{
kind: enum ,
}

⚐ Response (201)

{
kind: enum ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
AlertRules_Delete (new)
Description Delete the alert rule.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
ruleId: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Actions_ListByAlertRule (new)
Description Gets all actions of alert rule.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
ruleId: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
properties:
{
workflowId: string ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Actions_Get (new)
Description Gets the action of alert rule.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
ruleId: string ,
actionId: string ,
}

⚐ Response (200)

{
properties:
{
workflowId: string ,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Actions_CreateOrUpdate (new)
Description Creates or updates the action of alert rule.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
ruleId: string ,
actionId: string ,
action:
{
properties:
{
triggerUri: string ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
workflowId: string ,
}
,
}

⚐ Response (201)

{
properties:
{
workflowId: string ,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Actions_Delete (new)
Description Delete the action of alert rule.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
ruleId: string ,
actionId: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
AlertRuleTemplates_List (new)
Description Gets all alert rule templates.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
kind: enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
AlertRuleTemplates_Get (new)
Description Gets the alert rule template.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
alertRuleTemplateId: string ,
}

⚐ Response (200)

{
kind: enum ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
AutomationRules_Get (new)
Description Gets the automation rule.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
automationRuleId: string ,
}

⚐ Response (200)

{
properties:
{
displayName: string ,
order: integer ,
triggeringLogic:
{
isEnabled: boolean ,
expirationTimeUtc: string ,
triggersOn: enum ,
triggersWhen: enum ,
conditions:
[
{
conditionType: enum ,
}
,
]
,
}
,
actions:
[
{
order: integer ,
actionType: enum ,
}
,
]
,
lastModifiedTimeUtc: string ,
createdTimeUtc: string ,
lastModifiedBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
AutomationRules_CreateOrUpdate (new)
Description Creates or updates the automation rule.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
automationRuleId: string ,
automationRuleToUpsert:
{
properties:
{
displayName: string ,
order: integer ,
triggeringLogic:
{
isEnabled: boolean ,
expirationTimeUtc: string ,
triggersOn: enum ,
triggersWhen: enum ,
conditions:
[
{
conditionType: enum ,
}
,
]
,
}
,
actions:
[
{
order: integer ,
actionType: enum ,
}
,
]
,
lastModifiedTimeUtc: string ,
createdTimeUtc: string ,
lastModifiedBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
displayName: string ,
order: integer ,
triggeringLogic:
{
isEnabled: boolean ,
expirationTimeUtc: string ,
triggersOn: enum ,
triggersWhen: enum ,
conditions:
[
{
conditionType: enum ,
}
,
]
,
}
,
actions:
[
{
order: integer ,
actionType: enum ,
}
,
]
,
lastModifiedTimeUtc: string ,
createdTimeUtc: string ,
lastModifiedBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}

⚐ Response (201)

{
properties:
{
displayName: string ,
order: integer ,
triggeringLogic:
{
isEnabled: boolean ,
expirationTimeUtc: string ,
triggersOn: enum ,
triggersWhen: enum ,
conditions:
[
{
conditionType: enum ,
}
,
]
,
}
,
actions:
[
{
order: integer ,
actionType: enum ,
}
,
]
,
lastModifiedTimeUtc: string ,
createdTimeUtc: string ,
lastModifiedBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
AutomationRules_Delete (new)
Description Delete the automation rule.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
automationRuleId: string ,
}

⚐ Response (200)

{
$schema: object ,
}

⚐ Response (204)

{
$schema: object ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
AutomationRules_List (new)
Description Gets all automation rules.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
}

⚐ Response (200)

{
value:
[
{
properties:
{
displayName: string ,
order: integer ,
triggeringLogic:
{
isEnabled: boolean ,
expirationTimeUtc: string ,
triggersOn: enum ,
triggersWhen: enum ,
conditions:
[
{
conditionType: enum ,
}
,
]
,
}
,
actions:
[
{
order: integer ,
actionType: enum ,
}
,
]
,
lastModifiedTimeUtc: string ,
createdTimeUtc: string ,
lastModifiedBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}
,
]
,
nextLink: string ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Entities_RunPlaybook (new)
Description Triggers playbook on a specific entity.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityIdentifier}/runPlaybook
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
entityIdentifier: string ,
requestBody:
{
incidentArmId: string ,
tenantId: string ,
logicAppsResourceId: string ,
}
,
}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Incidents_RunPlaybook (new)
Description Triggers playbook on a specific incident
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentIdentifier: string ,
requestBody:
{
tenantId: string ,
logicAppsResourceId: string ,
}
,
}

⚐ Response (204)

{
$schema: object ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
BillingStatistics_List (new)
Description Gets all Microsoft Sentinel billing statistics.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
kind: enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
target: string ,
details:
[
string ,
]
,
additionalInfo:
[
{
type: string ,
info: object ,
}
,
]
,
}
,
}
BillingStatistics_Get (new)
Description Gets a billing statistic
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics/{billingStatisticName}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
billingStatisticName: string ,
}

⚐ Response (200)

{
kind: enum ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
target: string ,
details:
[
string ,
]
,
additionalInfo:
[
{
type: string ,
info: object ,
}
,
]
,
}
,
}
Bookmarks_List (new)
Description Gets all bookmarks.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
properties:
{
created: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
displayName: string ,
labels:
[
string ,
]
,
notes: string ,
query: string ,
queryResult: string ,
updated: string ,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
eventTime: string ,
queryStartTime: string ,
queryEndTime: string ,
incidentInfo:
{
incidentId: string ,
severity: enum ,
title: string ,
relationName: string ,
}
,
entityMappings: object ,
tactics:
[
string ,
]
,
techniques:
[
string ,
]
,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Bookmarks_Get (new)
Description Gets a bookmark.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
bookmarkId: string ,
}

⚐ Response (200)

{
properties:
{
created: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
displayName: string ,
labels:
[
string ,
]
,
notes: string ,
query: string ,
queryResult: string ,
updated: string ,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
eventTime: string ,
queryStartTime: string ,
queryEndTime: string ,
incidentInfo:
{
incidentId: string ,
severity: enum ,
title: string ,
relationName: string ,
}
,
entityMappings: object ,
tactics:
[
string ,
]
,
techniques:
[
string ,
]
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Bookmarks_CreateOrUpdate (new)
Description Creates or updates the bookmark.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
bookmarkId: string ,
bookmark:
{
properties:
{
created: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
displayName: string ,
labels:
[
string ,
]
,
notes: string ,
query: string ,
queryResult: string ,
updated: string ,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
eventTime: string ,
queryStartTime: string ,
queryEndTime: string ,
incidentInfo:
{
incidentId: string ,
severity: enum ,
title: string ,
relationName: string ,
}
,
entityMappings: object ,
tactics:
[
string ,
]
,
techniques:
[
string ,
]
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
created: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
displayName: string ,
labels:
[
string ,
]
,
notes: string ,
query: string ,
queryResult: string ,
updated: string ,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
eventTime: string ,
queryStartTime: string ,
queryEndTime: string ,
incidentInfo:
{
incidentId: string ,
severity: enum ,
title: string ,
relationName: string ,
}
,
entityMappings: object ,
tactics:
[
string ,
]
,
techniques:
[
string ,
]
,
}
,
}

⚐ Response (201)

{
properties:
{
created: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
displayName: string ,
labels:
[
string ,
]
,
notes: string ,
query: string ,
queryResult: string ,
updated: string ,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
eventTime: string ,
queryStartTime: string ,
queryEndTime: string ,
incidentInfo:
{
incidentId: string ,
severity: enum ,
title: string ,
relationName: string ,
}
,
entityMappings: object ,
tactics:
[
string ,
]
,
techniques:
[
string ,
]
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Bookmarks_Delete (new)
Description Delete the bookmark.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
bookmarkId: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
BookmarkRelations_List (new)
Description Gets all bookmark relations.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
bookmarkId: string ,
$filter: string ,
$orderby: string ,
$top: integer ,
$skipToken: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
properties:
{
relatedResourceId: string ,
relatedResourceName: string ,
relatedResourceType: string ,
relatedResourceKind: string ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Bookmark_Expand (new)
Description Expand an bookmark
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/expand
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
bookmarkId: string ,
parameters:
{
endTime: string ,
expansionId: string ,
startTime: string ,
}
,
}

⚐ Response (200)

{
metaData:
{
aggregations:
[
{
aggregationType: string ,
count: integer ,
displayName: string ,
entityKind: enum ,
}
,
]
,
}
,
value:
{
entities:
[
{
kind: enum ,
}
,
]
,
edges:
[
{
targetEntityId: string ,
additionalData: object ,
}
,
]
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
BookmarkRelations_Get (new)
Description Gets a bookmark relation.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
bookmarkId: string ,
relationName: string ,
}

⚐ Response (200)

{
properties:
{
relatedResourceId: string ,
relatedResourceName: string ,
relatedResourceType: string ,
relatedResourceKind: string ,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
BookmarkRelations_CreateOrUpdate (new)
Description Creates the bookmark relation.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
bookmarkId: string ,
relationName: string ,
relation:
{
properties:
{
relatedResourceId: string ,
relatedResourceName: string ,
relatedResourceType: string ,
relatedResourceKind: string ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
relatedResourceId: string ,
relatedResourceName: string ,
relatedResourceType: string ,
relatedResourceKind: string ,
}
,
}

⚐ Response (201)

{
properties:
{
relatedResourceId: string ,
relatedResourceName: string ,
relatedResourceType: string ,
relatedResourceKind: string ,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
BookmarkRelations_Delete (new)
Description Delete the bookmark relation.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
bookmarkId: string ,
relationName: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
BusinessApplicationAgents_CreateOrUpdate (new)
Description Creates or updates the Business Application Agent.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}
{
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
agentResourceName: string ,
api-version: string ,
agentToUpsert:
{
properties:
{
configuration:
{
type: enum ,
}
,
agentSystems:
[
{
systemResourceName: string ,
systemDisplayName: string ,
}
,
]
,
displayName: string ,
lastModifiedTimeUtc: string ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
configuration:
{
type: enum ,
}
,
agentSystems:
[
{
systemResourceName: string ,
systemDisplayName: string ,
}
,
]
,
displayName: string ,
lastModifiedTimeUtc: string ,
}
,
}

⚐ Response (201)

{
properties:
{
configuration:
{
type: enum ,
}
,
agentSystems:
[
{
systemResourceName: string ,
systemDisplayName: string ,
}
,
]
,
displayName: string ,
lastModifiedTimeUtc: string ,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
BusinessApplicationAgent_Get (new)
Description Gets Business Application Agent.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}
{
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
agentResourceName: string ,
api-version: string ,
}

⚐ Response (200)

{
properties:
{
configuration:
{
type: enum ,
}
,
agentSystems:
[
{
systemResourceName: string ,
systemDisplayName: string ,
}
,
]
,
displayName: string ,
lastModifiedTimeUtc: string ,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
BusinessApplicationAgents_Delete (new)
Description Delete the Business Application Agent.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}
{
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
agentResourceName: string ,
api-version: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
BusinessApplicationAgents_List (new)
Description Gets all Business Application Agents under the workspace.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents
{
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
api-version: string ,
$filter: string ,
$skipToken: string ,
}

⚐ Response (200)

{
value:
[
{
properties:
{
configuration:
{
type: enum ,
}
,
agentSystems:
[
{
systemResourceName: string ,
systemDisplayName: string ,
}
,
]
,
displayName: string ,
lastModifiedTimeUtc: string ,
}
,
}
,
]
,
nextLink: string ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Systems_CreateOrUpdate (new)
Description Creates or updates the system.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}/systems/{systemResourceName}
{
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
agentResourceName: string ,
systemResourceName: string ,
api-version: string ,
systemToUpsert:
{
properties:
{
status: enum ,
configuration:
{
type: enum ,
}
,
displayName: string ,
lastModifiedTimeUtc: string ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
status: enum ,
configuration:
{
type: enum ,
}
,
displayName: string ,
lastModifiedTimeUtc: string ,
}
,
}

⚐ Response (201)

{
properties:
{
status: enum ,
configuration:
{
type: enum ,
}
,
displayName: string ,
lastModifiedTimeUtc: string ,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Systems_Get (new)
Description Gets the system.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}/systems/{systemResourceName}
{
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
agentResourceName: string ,
systemResourceName: string ,
api-version: string ,
}

⚐ Response (200)

{
properties:
{
status: enum ,
configuration:
{
type: enum ,
}
,
displayName: string ,
lastModifiedTimeUtc: string ,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Systems_Delete (new)
Description Deletes the system.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}/systems/{systemResourceName}
{
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
agentResourceName: string ,
systemResourceName: string ,
api-version: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Systems_List (new)
Description ListAll the systems.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}/systems
{
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
agentResourceName: string ,
api-version: string ,
$filter: string ,
$skipToken: string ,
}

⚐ Response (200)

{
value:
[
{
properties:
{
status: enum ,
configuration:
{
type: enum ,
}
,
displayName: string ,
lastModifiedTimeUtc: string ,
}
,
}
,
]
,
nextLink: string ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Systems_ListActions (new)
Description List of actions for a business application system.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}/systems/{systemResourceName}/listActions
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
agentResourceName: string ,
systemResourceName: string ,
}

⚐ Response (200)

{
value:
[
{
kind: enum ,
}
,
]
,
nextLink: string ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Systems_UndoAction (new)
Description Undo action, based on the actionId.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}/systems/{systemResourceName}/undoAction
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
agentResourceName: string ,
systemResourceName: string ,
payload:
{
actionId: string ,
}
,
}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Systems_ReportActionStatus (new)
Description Report the status of the action.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/businessApplicationAgents/{agentResourceName}/systems/{systemResourceName}/reportActionStatus
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
agentResourceName: string ,
systemResourceName: string ,
payload:
{
actionId: string ,
actionStatus: string ,
failureReason: string ,
}
,
}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ContentPackages_List (new)
Description Gets all installed packages.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
$filter: string ,
$orderby: string ,
$search: string ,
$count: boolean ,
$top: integer ,
$skip: integer ,
$skipToken: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
properties: object ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ContentPackages_Get (new)
Description Gets an installed packages by its id.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
packageId: string ,
}

⚐ Response (200)

{
properties: object ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ContentPackage_Install (new)
Description Install a package to the workspace.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
packageId: string ,
packageInstallationProperties:
{
properties: object ,
}
,
}

⚐ Response (200)

{
properties: object ,
}

⚐ Response (201)

{
properties: object ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ContentPackage_Uninstall (new)
Description Uninstall a package from the workspace.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
packageId: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ProductPackages_List (new)
Description Gets all packages from the catalog. Expandable properties: - properties/installed - properties/packagedContent
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
$filter: string ,
$orderby: string ,
$top: integer ,
$skipToken: string ,
$search: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
properties: object ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ProductPackage_Get (new)
Description Gets a package by its identifier from the catalog.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages/{packageId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
packageId: string ,
}

⚐ Response (200)

{
properties: object ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ProductTemplates_List (new)
Description Gets all templates in the catalog.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductTemplates
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
$filter: string ,
$orderby: string ,
$search: string ,
$count: boolean ,
$top: integer ,
$skip: integer ,
$skipToken: string ,
}

⚐ Response (200)

{
value:
[
{
properties: string ,
}
,
]
,
nextLink: string ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ProductTemplate_Get (new)
Description Gets a template by its identifier.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentproducttemplates/{templateId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
templateId: string ,
}

⚐ Response (200)

{
properties: string ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ContentTemplates_List (new)
Description Gets all installed templates. Expandable properties: - properties/mainTemplate - properties/dependantTemplates
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
$filter: string ,
$orderby: string ,
$expand: string ,
$search: string ,
$count: boolean ,
$top: integer ,
$skip: integer ,
$skipToken: string ,
}

⚐ Response (200)

{
value:
[
{
properties: object ,
}
,
]
,
nextLink: string ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ContentTemplate_Install (new)
Description Install a template.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
templateId: string ,
templateInstallationProperties:
{
properties: object ,
}
,
}

⚐ Response (200)

{
properties: object ,
}

⚐ Response (201)

{
properties: object ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ContentTemplate_Get (new)
Description Gets a template byt its identifier. Expandable properties: - properties/mainTemplate - properties/dependantTemplates
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
templateId: string ,
}

⚐ Response (200)

{
properties: object ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ContentTemplate_Delete (new)
Description Delete an installed template.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
templateId: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ListGeodataByIp (new)
Description Get geodata for a single IP address
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/enrichment/{enrichmentType}/listGeodataByIp
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
enrichmentType: string ,
ipAddressBody:
{
ipAddress: string ,
}
,
}

⚐ Response (200)

{
asn: string ,
carrier: string ,
city: string ,
cityConfidenceFactor: integer ,
continent: string ,
country: string ,
countryConfidenceFactor: integer ,
ipAddr: string ,
ipRoutingType: string ,
latitude: string ,
longitude: string ,
organization: string ,
organizationType: string ,
region: string ,
state: string ,
stateConfidenceFactor: integer ,
stateCode: string ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ListWhoisByDomain (new)
Description Get whois information for a single domain name
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/enrichment/{enrichmentType}/listWhoisByDomain
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
enrichmentType: string ,
domainBody:
{
domain: string ,
}
,
}

⚐ Response (200)

{
domain: string ,
server: string ,
created: string ,
updated: string ,
expires: string ,
parsedWhois:
{
registrar:
{
name: string ,
abuseContactEmail: string ,
abuseContactPhone: string ,
ianaId: string ,
url: string ,
whoisServer: string ,
}
,
contacts:
{
admin:
{
name: string ,
org: string ,
street:
[
string ,
]
,
city: string ,
state: string ,
postal: string ,
country: string ,
phone: string ,
fax: string ,
email: string ,
}
,
billing:
{
name: string ,
org: string ,
street:
[
string ,
]
,
city: string ,
state: string ,
postal: string ,
country: string ,
phone: string ,
fax: string ,
email: string ,
}
,
registrant:
{
name: