Microsoft.OperationalInsights (stable:2025-03-01)

2025/03/04 • 94 new methods

AlertRules_List (new)
Description Gets all alert rules.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
kind: enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
AlertRules_Get (new)
Description Gets the alert rule.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
ruleId: string ,
}

⚐ Response (200)

{
kind: enum ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
AlertRules_CreateOrUpdate (new)
Description Creates or updates the alert rule.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
ruleId: string ,
alertRule:
{
kind: enum ,
}
,
}

⚐ Response (200)

{
kind: enum ,
}

⚐ Response (201)

{
kind: enum ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
AlertRules_Delete (new)
Description Delete the alert rule.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
ruleId: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Actions_ListByAlertRule (new)
Description Gets all actions of alert rule.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
ruleId: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
etag: string ,
properties:
{
workflowId: string ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Actions_Get (new)
Description Gets the action of alert rule.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
ruleId: string ,
actionId: string ,
}

⚐ Response (200)

{
etag: string ,
properties:
{
workflowId: string ,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Actions_CreateOrUpdate (new)
Description Creates or updates the action of alert rule.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
ruleId: string ,
actionId: string ,
action:
{
properties:
{
triggerUri: string ,
}
,
}
,
}

⚐ Response (200)

{
etag: string ,
properties:
{
workflowId: string ,
}
,
}

⚐ Response (201)

{
etag: string ,
properties:
{
workflowId: string ,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Actions_Delete (new)
Description Delete the action of alert rule.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
ruleId: string ,
actionId: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
AlertRuleTemplates_List (new)
Description Gets all alert rule templates.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
kind: enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
AlertRuleTemplates_Get (new)
Description Gets the alert rule template.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
alertRuleTemplateId: string ,
}

⚐ Response (200)

{
kind: enum ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
AutomationRules_Get (new)
Description Gets the automation rule.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
automationRuleId: string ,
}

⚐ Response (200)

{
properties:
{
displayName: string ,
order: integer ,
triggeringLogic:
{
isEnabled: boolean ,
expirationTimeUtc: string ,
triggersOn: enum ,
triggersWhen: enum ,
conditions:
[
{
conditionType: enum ,
}
,
]
,
}
,
actions:
[
{
order: integer ,
actionType: enum ,
}
,
]
,
lastModifiedTimeUtc: string ,
createdTimeUtc: string ,
lastModifiedBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
AutomationRules_CreateOrUpdate (new)
Description Creates or updates the automation rule.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
automationRuleId: string ,
automationRuleToUpsert:
{
properties:
{
displayName: string ,
order: integer ,
triggeringLogic:
{
isEnabled: boolean ,
expirationTimeUtc: string ,
triggersOn: enum ,
triggersWhen: enum ,
conditions:
[
{
conditionType: enum ,
}
,
]
,
}
,
actions:
[
{
order: integer ,
actionType: enum ,
}
,
]
,
lastModifiedTimeUtc: string ,
createdTimeUtc: string ,
lastModifiedBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
displayName: string ,
order: integer ,
triggeringLogic:
{
isEnabled: boolean ,
expirationTimeUtc: string ,
triggersOn: enum ,
triggersWhen: enum ,
conditions:
[
{
conditionType: enum ,
}
,
]
,
}
,
actions:
[
{
order: integer ,
actionType: enum ,
}
,
]
,
lastModifiedTimeUtc: string ,
createdTimeUtc: string ,
lastModifiedBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}

⚐ Response (201)

{
properties:
{
displayName: string ,
order: integer ,
triggeringLogic:
{
isEnabled: boolean ,
expirationTimeUtc: string ,
triggersOn: enum ,
triggersWhen: enum ,
conditions:
[
{
conditionType: enum ,
}
,
]
,
}
,
actions:
[
{
order: integer ,
actionType: enum ,
}
,
]
,
lastModifiedTimeUtc: string ,
createdTimeUtc: string ,
lastModifiedBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
AutomationRules_Delete (new)
Description Delete the automation rule.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
automationRuleId: string ,
}

⚐ Response (200)

{
$schema: object ,
}

⚐ Response (204)

{
$schema: object ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
AutomationRules_List (new)
Description Gets all automation rules.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
}

⚐ Response (200)

{
value:
[
{
properties:
{
displayName: string ,
order: integer ,
triggeringLogic:
{
isEnabled: boolean ,
expirationTimeUtc: string ,
triggersOn: enum ,
triggersWhen: enum ,
conditions:
[
{
conditionType: enum ,
}
,
]
,
}
,
actions:
[
{
order: integer ,
actionType: enum ,
}
,
]
,
lastModifiedTimeUtc: string ,
createdTimeUtc: string ,
lastModifiedBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}
,
]
,
nextLink: string ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Entities_RunPlaybook (new)
Description Triggers playbook on a specific entity.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityIdentifier}/runPlaybook
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
entityIdentifier: string ,
requestBody:
{
incidentArmId: string ,
tenantId: string ,
logicAppsResourceId: string ,
}
,
}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Incidents_RunPlaybook (new)
Description Triggers playbook on a specific incident
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentIdentifier: string ,
requestBody:
{
tenantId: string ,
logicAppsResourceId: string ,
}
,
}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Bookmarks_List (new)
Description Gets all bookmarks.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
properties:
{
created: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
displayName: string ,
labels:
[
string ,
]
,
notes: string ,
query: string ,
queryResult: string ,
updated: string ,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
eventTime: string ,
queryStartTime: string ,
queryEndTime: string ,
incidentInfo:
{
incidentId: string ,
severity: enum ,
title: string ,
relationName: string ,
}
,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Bookmarks_Get (new)
Description Gets a bookmark.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
bookmarkId: string ,
}

⚐ Response (200)

{
properties:
{
created: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
displayName: string ,
labels:
[
string ,
]
,
notes: string ,
query: string ,
queryResult: string ,
updated: string ,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
eventTime: string ,
queryStartTime: string ,
queryEndTime: string ,
incidentInfo:
{
incidentId: string ,
severity: enum ,
title: string ,
relationName: string ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Bookmarks_CreateOrUpdate (new)
Description Creates or updates the bookmark.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
bookmarkId: string ,
bookmark:
{
properties:
{
created: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
displayName: string ,
labels:
[
string ,
]
,
notes: string ,
query: string ,
queryResult: string ,
updated: string ,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
eventTime: string ,
queryStartTime: string ,
queryEndTime: string ,
incidentInfo:
{
incidentId: string ,
severity: enum ,
title: string ,
relationName: string ,
}
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
created: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
displayName: string ,
labels:
[
string ,
]
,
notes: string ,
query: string ,
queryResult: string ,
updated: string ,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
eventTime: string ,
queryStartTime: string ,
queryEndTime: string ,
incidentInfo:
{
incidentId: string ,
severity: enum ,
title: string ,
relationName: string ,
}
,
}
,
}

⚐ Response (201)

{
properties:
{
created: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
displayName: string ,
labels:
[
string ,
]
,
notes: string ,
query: string ,
queryResult: string ,
updated: string ,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
eventTime: string ,
queryStartTime: string ,
queryEndTime: string ,
incidentInfo:
{
incidentId: string ,
severity: enum ,
title: string ,
relationName: string ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Bookmarks_Delete (new)
Description Delete the bookmark.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
bookmarkId: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ContentPackages_List (new)
Description Gets all installed packages.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
$filter: string ,
$orderby: string ,
$search: string ,
$count: boolean ,
$top: integer ,
$skip: integer ,
$skipToken: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
properties: object ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ContentPackages_Get (new)
Description Gets an installed packages by its id.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
packageId: string ,
}

⚐ Response (200)

{
properties: object ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ContentPackage_Install (new)
Description Install a package to the workspace.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
packageId: string ,
packageInstallationProperties:
{
properties: object ,
}
,
}

⚐ Response (200)

{
properties: object ,
}

⚐ Response (201)

{
properties: object ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ContentPackage_Uninstall (new)
Description Uninstall a package from the workspace.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
packageId: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ProductPackages_List (new)
Description Gets all packages from the catalog. Expandable properties: - properties/installed - properties/packagedContent
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
$filter: string ,
$orderby: string ,
$top: integer ,
$skipToken: string ,
$search: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
properties: object ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ProductPackage_Get (new)
Description Gets a package by its identifier from the catalog.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages/{packageId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
packageId: string ,
}

⚐ Response (200)

{
properties: object ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ProductTemplates_List (new)
Description Gets all templates in the catalog.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductTemplates
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
$filter: string ,
$orderby: string ,
$search: string ,
$count: boolean ,
$top: integer ,
$skip: integer ,
$skipToken: string ,
}

⚐ Response (200)

{
value:
[
{
properties: string ,
}
,
]
,
nextLink: string ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ProductTemplate_Get (new)
Description Gets a template by its identifier.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentproducttemplates/{templateId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
templateId: string ,
}

⚐ Response (200)

{
properties: string ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ContentTemplates_List (new)
Description Gets all installed templates. Expandable properties: - properties/mainTemplate - properties/dependantTemplates
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
$filter: string ,
$orderby: string ,
$expand: string ,
$search: string ,
$count: boolean ,
$top: integer ,
$skip: integer ,
$skipToken: string ,
}

⚐ Response (200)

{
value:
[
{
properties: object ,
}
,
]
,
nextLink: string ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ContentTemplate_Install (new)
Description Install a template.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
templateId: string ,
templateInstallationProperties:
{
properties: object ,
}
,
}

⚐ Response (200)

{
properties: object ,
}

⚐ Response (201)

{
properties: object ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ContentTemplate_Get (new)
Description Gets a template byt its identifier. Expandable properties: - properties/mainTemplate - properties/dependantTemplates
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
templateId: string ,
}

⚐ Response (200)

{
properties: object ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ContentTemplate_Delete (new)
Description Delete an installed template.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
templateId: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
DataConnectors_List (new)
Description Gets all data connectors.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
kind: enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
DataConnectors_Get (new)
Description Gets a data connector.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
dataConnectorId: string ,
}

⚐ Response (200)

{
kind: enum ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
DataConnectors_CreateOrUpdate (new)
Description Creates or updates the data connector.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
dataConnectorId: string ,
dataConnector:
{
kind: enum ,
}
,
}

⚐ Response (200)

{
kind: enum ,
}

⚐ Response (201)

{
kind: enum ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
DataConnectors_Delete (new)
Description Delete the data connector.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
dataConnectorId: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Incidents_List (new)
Description Gets all incidents.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
$filter: string ,
$orderby: string ,
$top: integer ,
$skipToken: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
properties:
{
additionalData:
{
alertsCount: integer ,
bookmarksCount: integer ,
commentsCount: integer ,
alertProductNames:
[
string ,
]
,
tactics:
[
string ,
]
,
providerIncidentUrl: string ,
}
,
classification: enum ,
classificationComment: string ,
classificationReason: enum ,
createdTimeUtc: string ,
description: string ,
firstActivityTimeUtc: string ,
incidentUrl: string ,
providerName: string ,
providerIncidentId: string ,
incidentNumber: integer ,
labels:
[
{
labelName: string ,
labelType: enum ,
}
,
]
,
lastActivityTimeUtc: string ,
lastModifiedTimeUtc: string ,
owner:
{
email: string ,
assignedTo: string ,
objectId: string ,
userPrincipalName: string ,
ownerType: enum ,
}
,
relatedAnalyticRuleIds:
[
string ,
]
,
severity: enum ,
status: enum ,
title: string ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Incidents_Get (new)
Description Gets a given incident.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentId: string ,
}

⚐ Response (200)

{
properties:
{
additionalData:
{
alertsCount: integer ,
bookmarksCount: integer ,
commentsCount: integer ,
alertProductNames:
[
string ,
]
,
tactics:
[
string ,
]
,
providerIncidentUrl: string ,
}
,
classification: enum ,
classificationComment: string ,
classificationReason: enum ,
createdTimeUtc: string ,
description: string ,
firstActivityTimeUtc: string ,
incidentUrl: string ,
providerName: string ,
providerIncidentId: string ,
incidentNumber: integer ,
labels:
[
{
labelName: string ,
labelType: enum ,
}
,
]
,
lastActivityTimeUtc: string ,
lastModifiedTimeUtc: string ,
owner:
{
email: string ,
assignedTo: string ,
objectId: string ,
userPrincipalName: string ,
ownerType: enum ,
}
,
relatedAnalyticRuleIds:
[
string ,
]
,
severity: enum ,
status: enum ,
title: string ,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Incidents_CreateOrUpdate (new)
Description Creates or updates an incident.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentId: string ,
incident:
{
properties:
{
additionalData:
{
alertsCount: integer ,
bookmarksCount: integer ,
commentsCount: integer ,
alertProductNames:
[
string ,
]
,
tactics:
[
string ,
]
,
providerIncidentUrl: string ,
}
,
classification: enum ,
classificationComment: string ,
classificationReason: enum ,
createdTimeUtc: string ,
description: string ,
firstActivityTimeUtc: string ,
incidentUrl: string ,
providerName: string ,
providerIncidentId: string ,
incidentNumber: integer ,
labels:
[
{
labelName: string ,
labelType: enum ,
}
,
]
,
lastActivityTimeUtc: string ,
lastModifiedTimeUtc: string ,
owner:
{
email: string ,
assignedTo: string ,
objectId: string ,
userPrincipalName: string ,
ownerType: enum ,
}
,
relatedAnalyticRuleIds:
[
string ,
]
,
severity: enum ,
status: enum ,
title: string ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
additionalData:
{
alertsCount: integer ,
bookmarksCount: integer ,
commentsCount: integer ,
alertProductNames:
[
string ,
]
,
tactics:
[
string ,
]
,
providerIncidentUrl: string ,
}
,
classification: enum ,
classificationComment: string ,
classificationReason: enum ,
createdTimeUtc: string ,
description: string ,
firstActivityTimeUtc: string ,
incidentUrl: string ,
providerName: string ,
providerIncidentId: string ,
incidentNumber: integer ,
labels:
[
{
labelName: string ,
labelType: enum ,
}
,
]
,
lastActivityTimeUtc: string ,
lastModifiedTimeUtc: string ,
owner:
{
email: string ,
assignedTo: string ,
objectId: string ,
userPrincipalName: string ,
ownerType: enum ,
}
,
relatedAnalyticRuleIds:
[
string ,
]
,
severity: enum ,
status: enum ,
title: string ,
}
,
}

⚐ Response (201)

{
properties:
{
additionalData:
{
alertsCount: integer ,
bookmarksCount: integer ,
commentsCount: integer ,
alertProductNames:
[
string ,
]
,
tactics:
[
string ,
]
,
providerIncidentUrl: string ,
}
,
classification: enum ,
classificationComment: string ,
classificationReason: enum ,
createdTimeUtc: string ,
description: string ,
firstActivityTimeUtc: string ,
incidentUrl: string ,
providerName: string ,
providerIncidentId: string ,
incidentNumber: integer ,
labels:
[
{
labelName: string ,
labelType: enum ,
}
,
]
,
lastActivityTimeUtc: string ,
lastModifiedTimeUtc: string ,
owner:
{
email: string ,
assignedTo: string ,
objectId: string ,
userPrincipalName: string ,
ownerType: enum ,
}
,
relatedAnalyticRuleIds:
[
string ,
]
,
severity: enum ,
status: enum ,
title: string ,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Incidents_Delete (new)
Description Deletes a given incident.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentId: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Incidents_ListAlerts (new)
Description Gets all alerts for an incident.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentId: string ,
}

⚐ Response (200)

{
value:
[
{
properties:
{
alertDisplayName: string ,
alertType: string ,
compromisedEntity: string ,
confidenceLevel: enum ,
confidenceReasons:
[
{
reason: string ,
reasonType: string ,
}
,
]
,
confidenceScore: number ,
confidenceScoreStatus: enum ,
description: string ,
endTimeUtc: string ,
intent: enum ,
providerAlertId: string ,
processingEndTime: string ,
productComponentName: string ,
productName: string ,
productVersion: string ,
remediationSteps:
[
string ,
]
,
severity: enum ,
startTimeUtc: string ,
status: enum ,
systemAlertId: string ,
tactics:
[
string ,
]
,
timeGenerated: string ,
vendorName: string ,
alertLink: string ,
resourceIdentifiers:
[
object ,
]
,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Incidents_ListBookmarks (new)
Description Gets all bookmarks for an incident.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentId: string ,
}

⚐ Response (200)

{
value:
[
{
properties:
{
created: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
displayName: string ,
eventTime: string ,
labels:
[
string ,
]
,
notes: string ,
query: string ,
queryResult: string ,
updated: string ,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
incidentInfo:
{
incidentId: string ,
severity: enum ,
title: string ,
relationName: string ,
}
,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
IncidentComments_List (new)
Description Gets all comments for a given incident.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentId: string ,
$filter: string ,
$orderby: string ,
$top: integer ,
$skipToken: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
properties:
{
createdTimeUtc: string ,
lastModifiedTimeUtc: string ,
message: string ,
author:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
IncidentComments_Get (new)
Description Gets a comment for a given incident.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentId: string ,
incidentCommentId: string ,
}

⚐ Response (200)

{
properties:
{
createdTimeUtc: string ,
lastModifiedTimeUtc: string ,
message: string ,
author:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
IncidentComments_CreateOrUpdate (new)
Description Creates or updates a comment for a given incident.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentId: string ,
incidentCommentId: string ,
incidentComment:
{
properties:
{
createdTimeUtc: string ,
lastModifiedTimeUtc: string ,
message: string ,
author:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
createdTimeUtc: string ,
lastModifiedTimeUtc: string ,
message: string ,
author:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}

⚐ Response (201)

{
properties:
{
createdTimeUtc: string ,
lastModifiedTimeUtc: string ,
message: string ,
author:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
IncidentComments_Delete (new)
Description Deletes a comment for a given incident.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentId: string ,
incidentCommentId: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Incidents_ListEntities (new)
Description Gets all entities for an incident.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentId: string ,
}

⚐ Response (200)

{
entities:
[
{
kind: enum ,
}
,
]
,
metaData:
[
{
count: integer ,
entityKind: enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
IncidentRelations_List (new)
Description Gets all relations for a given incident.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentId: string ,
$filter: string ,
$orderby: string ,
$top: integer ,
$skipToken: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
properties:
{
relatedResourceId: string ,
relatedResourceName: string ,
relatedResourceType: string ,
relatedResourceKind: string ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
IncidentRelations_Get (new)
Description Gets a relation for a given incident.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentId: string ,
relationName: string ,
}

⚐ Response (200)

{
properties:
{
relatedResourceId: string ,
relatedResourceName: string ,
relatedResourceType: string ,
relatedResourceKind: string ,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
IncidentRelations_CreateOrUpdate (new)
Description Creates or updates a relation for a given incident.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentId: string ,
relationName: string ,
relation:
{
properties:
{
relatedResourceId: string ,
relatedResourceName: string ,
relatedResourceType: string ,
relatedResourceKind: string ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
relatedResourceId: string ,
relatedResourceName: string ,
relatedResourceType: string ,
relatedResourceKind: string ,
}
,
}

⚐ Response (201)

{
properties:
{
relatedResourceId: string ,
relatedResourceName: string ,
relatedResourceType: string ,
relatedResourceKind: string ,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
IncidentRelations_Delete (new)
Description Deletes a relation for a given incident.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentId: string ,
relationName: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
IncidentTasks_List (new)
Description Gets all incident tasks.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentId: string ,
}

⚐ Response (200)

{
value:
[
{
properties:
{
title: string ,
description: string ,
status: enum ,
createdTimeUtc: string ,
lastModifiedTimeUtc: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
lastModifiedBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}
,
]
,
nextLink: string ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
IncidentTasks_Get (new)
Description Gets an incident task.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentId: string ,
incidentTaskId: string ,
}

⚐ Response (200)

{
properties:
{
title: string ,
description: string ,
status: enum ,
createdTimeUtc: string ,
lastModifiedTimeUtc: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
lastModifiedBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
IncidentTasks_CreateOrUpdate (new)
Description Creates or updates the incident task.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentId: string ,
incidentTaskId: string ,
incidentTask:
{
properties:
{
title: string ,
description: string ,
status: enum ,
createdTimeUtc: string ,
lastModifiedTimeUtc: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
lastModifiedBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
title: string ,
description: string ,
status: enum ,
createdTimeUtc: string ,
lastModifiedTimeUtc: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
lastModifiedBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}

⚐ Response (201)

{
properties:
{
title: string ,
description: string ,
status: enum ,
createdTimeUtc: string ,
lastModifiedTimeUtc: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
lastModifiedBy:
{
email: string ,
name: string ,
objectId: string ,
userPrincipalName: string ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
IncidentTasks_Delete (new)
Description Delete the incident task.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
incidentId: string ,
incidentTaskId: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Metadata_List (new)
Description List of all metadata
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
$filter: string ,
$orderby: string ,
$top: integer ,
$skip: integer ,
}

⚐ Response (200)

{
value:
[
{
properties:
{
contentId: string ,
parentId: string ,
version: string ,
kind: string ,
source:
{
kind: enum ,
name: string ,
sourceId: string ,
}
,
author:
{
name: string ,
email: string ,
link: string ,
}
,
support:
{
tier: enum ,
name: string ,
email: string ,
link: string ,
}
,
dependencies:
{
contentId: string ,
kind: enum ,
version: string ,
name: string ,
operator: enum ,
criteria:
[
string ,
]
,
}
,
categories:
{
domains:
[
string ,
]
,
verticals:
[
string ,
]
,
}
,
providers:
[
string ,
]
,
firstPublishDate: string ,
lastPublishDate: string ,
customVersion: string ,
contentSchemaVersion: string ,
icon: string ,
threatAnalysisTactics:
[
string ,
]
,
threatAnalysisTechniques:
[
string ,
]
,
previewImages:
[
string ,
]
,
previewImagesDark:
[
string ,
]
,
}
,
}
,
]
,
nextLink: string ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Metadata_Get (new)
Description Get a Metadata.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
metadataName: string ,
}

⚐ Response (200)

{
properties:
{
contentId: string ,
parentId: string ,
version: string ,
kind: string ,
source:
{
kind: enum ,
name: string ,
sourceId: string ,
}
,
author:
{
name: string ,
email: string ,
link: string ,
}
,
support:
{
tier: enum ,
name: string ,
email: string ,
link: string ,
}
,
dependencies:
{
contentId: string ,
kind: enum ,
version: string ,
name: string ,
operator: enum ,
criteria:
[
string ,
]
,
}
,
categories:
{
domains:
[
string ,
]
,
verticals:
[
string ,
]
,
}
,
providers:
[
string ,
]
,
firstPublishDate: string ,
lastPublishDate: string ,
customVersion: string ,
contentSchemaVersion: string ,
icon: string ,
threatAnalysisTactics:
[
string ,
]
,
threatAnalysisTechniques:
[
string ,
]
,
previewImages:
[
string ,
]
,
previewImagesDark:
[
string ,
]
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Metadata_Delete (new)
Description Delete a Metadata.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
metadataName: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Metadata_Create (new)
Description Create a Metadata.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
metadataName: string ,
metadata:
{
properties:
{
contentId: string ,
parentId: string ,
version: string ,
kind: string ,
source:
{
kind: enum ,
name: string ,
sourceId: string ,
}
,
author:
{
name: string ,
email: string ,
link: string ,
}
,
support:
{
tier: enum ,
name: string ,
email: string ,
link: string ,
}
,
dependencies:
{
contentId: string ,
kind: enum ,
version: string ,
name: string ,
operator: enum ,
criteria:
[
string ,
]
,
}
,
categories:
{
domains:
[
string ,
]
,
verticals:
[
string ,
]
,
}
,
providers:
[
string ,
]
,
firstPublishDate: string ,
lastPublishDate: string ,
customVersion: string ,
contentSchemaVersion: string ,
icon: string ,
threatAnalysisTactics:
[
string ,
]
,
threatAnalysisTechniques:
[
string ,
]
,
previewImages:
[
string ,
]
,
previewImagesDark:
[
string ,
]
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
contentId: string ,
parentId: string ,
version: string ,
kind: string ,
source:
{
kind: enum ,
name: string ,
sourceId: string ,
}
,
author:
{
name: string ,
email: string ,
link: string ,
}
,
support:
{
tier: enum ,
name: string ,
email: string ,
link: string ,
}
,
dependencies:
{
contentId: string ,
kind: enum ,
version: string ,
name: string ,
operator: enum ,
criteria:
[
string ,
]
,
}
,
categories:
{
domains:
[
string ,
]
,
verticals:
[
string ,
]
,
}
,
providers:
[
string ,
]
,
firstPublishDate: string ,
lastPublishDate: string ,
customVersion: string ,
contentSchemaVersion: string ,
icon: string ,
threatAnalysisTactics:
[
string ,
]
,
threatAnalysisTechniques:
[
string ,
]
,
previewImages:
[
string ,
]
,
previewImagesDark:
[
string ,
]
,
}
,
}

⚐ Response (201)

{
properties:
{
contentId: string ,
parentId: string ,
version: string ,
kind: string ,
source:
{
kind: enum ,
name: string ,
sourceId: string ,
}
,
author:
{
name: string ,
email: string ,
link: string ,
}
,
support:
{
tier: enum ,
name: string ,
email: string ,
link: string ,
}
,
dependencies:
{
contentId: string ,
kind: enum ,
version: string ,
name: string ,
operator: enum ,
criteria:
[
string ,
]
,
}
,
categories:
{
domains:
[
string ,
]
,
verticals:
[
string ,
]
,
}
,
providers:
[
string ,
]
,
firstPublishDate: string ,
lastPublishDate: string ,
customVersion: string ,
contentSchemaVersion: string ,
icon: string ,
threatAnalysisTactics:
[
string ,
]
,
threatAnalysisTechniques:
[
string ,
]
,
previewImages:
[
string ,
]
,
previewImagesDark:
[
string ,
]
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Metadata_Update (new)
Description Update an existing Metadata.
Reference Link ¶

⚼ Request

PATCH:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
metadataName: string ,
metadataPatch:
{
properties:
{
contentId: string ,
parentId: string ,
version: string ,
kind: string ,
source:
{
kind: enum ,
name: string ,
sourceId: string ,
}
,
author:
{
name: string ,
email: string ,
link: string ,
}
,
support:
{
tier: enum ,
name: string ,
email: string ,
link: string ,
}
,
dependencies:
{
contentId: string ,
kind: enum ,
version: string ,
name: string ,
operator: enum ,
criteria:
[
string ,
]
,
}
,
categories:
{
domains:
[
string ,
]
,
verticals:
[
string ,
]
,
}
,
providers:
[
string ,
]
,
firstPublishDate: string ,
lastPublishDate: string ,
customVersion: string ,
contentSchemaVersion: string ,
icon: string ,
threatAnalysisTactics:
[
string ,
]
,
threatAnalysisTechniques:
[
string ,
]
,
previewImages:
[
string ,
]
,
previewImagesDark:
[
string ,
]
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
contentId: string ,
parentId: string ,
version: string ,
kind: string ,
source:
{
kind: enum ,
name: string ,
sourceId: string ,
}
,
author:
{
name: string ,
email: string ,
link: string ,
}
,
support:
{
tier: enum ,
name: string ,
email: string ,
link: string ,
}
,
dependencies:
{
contentId: string ,
kind: enum ,
version: string ,
name: string ,
operator: enum ,
criteria:
[
string ,
]
,
}
,
categories:
{
domains:
[
string ,
]
,
verticals:
[
string ,
]
,
}
,
providers:
[
string ,
]
,
firstPublishDate: string ,
lastPublishDate: string ,
customVersion: string ,
contentSchemaVersion: string ,
icon: string ,
threatAnalysisTactics:
[
string ,
]
,
threatAnalysisTechniques:
[
string ,
]
,
previewImages:
[
string ,
]
,
previewImagesDark:
[
string ,
]
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
SentinelOnboardingStates_Get (new)
Description Get Sentinel onboarding state
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
sentinelOnboardingStateName: string ,
}

⚐ Response (200)

{
properties:
{
customerManagedKey: boolean ,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
SentinelOnboardingStates_Create (new)
Description Create Sentinel onboarding state
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
sentinelOnboardingStateName: string ,
sentinelOnboardingStateParameter:
{
properties:
{
customerManagedKey: boolean ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
customerManagedKey: boolean ,
}
,
}

⚐ Response (201)

{
properties:
{
customerManagedKey: boolean ,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
SentinelOnboardingStates_Delete (new)
Description Delete Sentinel onboarding state
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
sentinelOnboardingStateName: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
SentinelOnboardingStates_List (new)
Description Gets all Sentinel onboarding states
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
}

⚐ Response (200)

{
value:
[
{
properties:
{
customerManagedKey: boolean ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
SecurityMLAnalyticsSettings_List (new)
Description Gets all Security ML Analytics Settings.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
kind: enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
SecurityMLAnalyticsSettings_Get (new)
Description Gets the Security ML Analytics Settings.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
settingsResourceName: string ,
}

⚐ Response (200)

{
kind: enum ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
SecurityMLAnalyticsSettings_CreateOrUpdate (new)
Description Creates or updates the Security ML Analytics Settings.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
settingsResourceName: string ,
securityMLAnalyticsSetting:
{
kind: enum ,
}
,
}

⚐ Response (200)

{
kind: enum ,
}

⚐ Response (201)

{
kind: enum ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
SecurityMLAnalyticsSettings_Delete (new)
Description Delete the Security ML Analytics Settings.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
settingsResourceName: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
SourceControl_listRepositories (new)
Description Gets a list of repositories metadata.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
repositoryAccess:
{
properties:
{
repositoryAccess:
{
kind: enum ,
code: string ,
state: string ,
clientId: string ,
token: string ,
installationId: string ,
}
,
}
,
}
,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
url: string ,
fullName: string ,
installationId: integer ,
branches:
[
string ,
]
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
SourceControls_List (new)
Description Gets all source controls, without source control items.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
properties:
{
id: string ,
version: enum ,
displayName: string ,
description: string ,
repoType: enum ,
contentTypes:
[
string ,
]
,
repository:
{
url: string ,
branch: string ,
displayUrl: string ,
deploymentLogsUrl: string ,
}
,
servicePrincipal:
{
id: string ,
tenantId: string ,
appId: string ,
credentialsExpireOn: string ,
}
,
repositoryAccess:
{
kind: enum ,
code: string ,
state: string ,
clientId: string ,
token: string ,
installationId: string ,
}
,
repositoryResourceInfo:
{
webhook:
{
webhookId: string ,
webhookUrl: string ,
webhookSecretUpdateTime: string ,
rotateWebhookSecret: boolean ,
}
,
gitHubResourceInfo:
{
appInstallationId: string ,
}
,
azureDevOpsResourceInfo:
{
pipelineId: string ,
serviceConnectionId: string ,
}
,
}
,
lastDeploymentInfo:
{
deploymentFetchStatus: enum ,
deployment:
{
deploymentId: string ,
deploymentState: enum ,
deploymentResult: enum ,
deploymentTime: string ,
deploymentLogsUrl: string ,
}
,
message: string ,
}
,
pullRequest:
{
url: string ,
state: object ,
}
,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
SourceControls_Get (new)
Description Gets a source control byt its identifier.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
sourceControlId: string ,
}

⚐ Response (200)

{
properties:
{
id: string ,
version: enum ,
displayName: string ,
description: string ,
repoType: enum ,
contentTypes:
[
string ,
]
,
repository:
{
url: string ,
branch: string ,
displayUrl: string ,
deploymentLogsUrl: string ,
}
,
servicePrincipal:
{
id: string ,
tenantId: string ,
appId: string ,
credentialsExpireOn: string ,
}
,
repositoryAccess:
{
kind: enum ,
code: string ,
state: string ,
clientId: string ,
token: string ,
installationId: string ,
}
,
repositoryResourceInfo:
{
webhook:
{
webhookId: string ,
webhookUrl: string ,
webhookSecretUpdateTime: string ,
rotateWebhookSecret: boolean ,
}
,
gitHubResourceInfo:
{
appInstallationId: string ,
}
,
azureDevOpsResourceInfo:
{
pipelineId: string ,
serviceConnectionId: string ,
}
,
}
,
lastDeploymentInfo:
{
deploymentFetchStatus: enum ,
deployment:
{
deploymentId: string ,
deploymentState: enum ,
deploymentResult: enum ,
deploymentTime: string ,
deploymentLogsUrl: string ,
}
,
message: string ,
}
,
pullRequest:
{
url: string ,
state: object ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
SourceControls_Create (new)
Description Creates a source control.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
sourceControlId: string ,
sourceControl:
{
properties:
{
id: string ,
version: enum ,
displayName: string ,
description: string ,
repoType: enum ,
contentTypes:
[
string ,
]
,
repository:
{
url: string ,
branch: string ,
displayUrl: string ,
deploymentLogsUrl: string ,
}
,
servicePrincipal:
{
id: string ,
tenantId: string ,
appId: string ,
credentialsExpireOn: string ,
}
,
repositoryAccess:
{
kind: enum ,
code: string ,
state: string ,
clientId: string ,
token: string ,
installationId: string ,
}
,
repositoryResourceInfo:
{
webhook:
{
webhookId: string ,
webhookUrl: string ,
webhookSecretUpdateTime: string ,
rotateWebhookSecret: boolean ,
}
,
gitHubResourceInfo:
{
appInstallationId: string ,
}
,
azureDevOpsResourceInfo:
{
pipelineId: string ,
serviceConnectionId: string ,
}
,
}
,
lastDeploymentInfo:
{
deploymentFetchStatus: enum ,
deployment:
{
deploymentId: string ,
deploymentState: enum ,
deploymentResult: enum ,
deploymentTime: string ,
deploymentLogsUrl: string ,
}
,
message: string ,
}
,
pullRequest:
{
url: string ,
state: object ,
}
,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
id: string ,
version: enum ,
displayName: string ,
description: string ,
repoType: enum ,
contentTypes:
[
string ,
]
,
repository:
{
url: string ,
branch: string ,
displayUrl: string ,
deploymentLogsUrl: string ,
}
,
servicePrincipal:
{
id: string ,
tenantId: string ,
appId: string ,
credentialsExpireOn: string ,
}
,
repositoryAccess:
{
kind: enum ,
code: string ,
state: string ,
clientId: string ,
token: string ,
installationId: string ,
}
,
repositoryResourceInfo:
{
webhook:
{
webhookId: string ,
webhookUrl: string ,
webhookSecretUpdateTime: string ,
rotateWebhookSecret: boolean ,
}
,
gitHubResourceInfo:
{
appInstallationId: string ,
}
,
azureDevOpsResourceInfo:
{
pipelineId: string ,
serviceConnectionId: string ,
}
,
}
,
lastDeploymentInfo:
{
deploymentFetchStatus: enum ,
deployment:
{
deploymentId: string ,
deploymentState: enum ,
deploymentResult: enum ,
deploymentTime: string ,
deploymentLogsUrl: string ,
}
,
message: string ,
}
,
pullRequest:
{
url: string ,
state: object ,
}
,
}
,
}

⚐ Response (201)

{
properties:
{
id: string ,
version: enum ,
displayName: string ,
description: string ,
repoType: enum ,
contentTypes:
[
string ,
]
,
repository:
{
url: string ,
branch: string ,
displayUrl: string ,
deploymentLogsUrl: string ,
}
,
servicePrincipal:
{
id: string ,
tenantId: string ,
appId: string ,
credentialsExpireOn: string ,
}
,
repositoryAccess:
{
kind: enum ,
code: string ,
state: string ,
clientId: string ,
token: string ,
installationId: string ,
}
,
repositoryResourceInfo:
{
webhook:
{
webhookId: string ,
webhookUrl: string ,
webhookSecretUpdateTime: string ,
rotateWebhookSecret: boolean ,
}
,
gitHubResourceInfo:
{
appInstallationId: string ,
}
,
azureDevOpsResourceInfo:
{
pipelineId: string ,
serviceConnectionId: string ,
}
,
}
,
lastDeploymentInfo:
{
deploymentFetchStatus: enum ,
deployment:
{
deploymentId: string ,
deploymentState: enum ,
deploymentResult: enum ,
deploymentTime: string ,
deploymentLogsUrl: string ,
}
,
message: string ,
}
,
pullRequest:
{
url: string ,
state: object ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
SourceControls_Delete (new)
Description Delete a source control.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}/delete
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
sourceControlId: string ,
repositoryAccess:
{
properties:
{
repositoryAccess:
{
kind: enum ,
code: string ,
state: string ,
clientId: string ,
token: string ,
installationId: string ,
}
,
}
,
}
,
}

⚐ Response (200)

{
warning:
{
code: object ,
message: string ,
details:
[
string ,
]
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ThreatIntelligenceIndicator_CreateIndicator (new)
Description Create a new threat intelligence indicator.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
ThreatIntelligenceProperties:
{
properties:
{
threatIntelligenceTags:
[
string ,
]
,
lastUpdatedTimeUtc: string ,
source: string ,
displayName: string ,
description: string ,
indicatorTypes:
[
string ,
]
,
pattern: string ,
patternType: string ,
patternVersion: string ,
killChainPhases:
[
{
killChainName: string ,
phaseName: string ,
}
,
]
,
parsedPattern:
[
{
patternTypeKey: string ,
patternTypeValues:
[
{
valueType: string ,
value: string ,
}
,
]
,
}
,
]
,
externalId: string ,
createdByRef: string ,
defanged: boolean ,
externalLastUpdatedTimeUtc: string ,
externalReferences:
[
{
description: string ,
externalId: string ,
sourceName: string ,
url: string ,
hashes: object ,
}
,
]
,
granularMarkings:
[
{
language: string ,
markingRef: integer ,
selectors:
[
string ,
]
,
}
,
]
,
labels:
[
string ,
]
,
revoked: boolean ,
confidence: integer ,
objectMarkingRefs:
[
string ,
]
,
language: string ,
threatTypes:
[
string ,
]
,
validFrom: string ,
validUntil: string ,
created: string ,
modified: string ,
extensions: object ,
}
,
}
,
}

⚐ Response (200)

{
kind: enum ,
}

⚐ Response (201)

{
kind: enum ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ThreatIntelligenceIndicators_List (new)
Description Get all threat intelligence indicators.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
$filter: string ,
$top: integer ,
$skipToken: string ,
$orderby: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
kind: enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ThreatIntelligenceIndicator_Get (new)
Description View a threat intelligence indicator by name.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
name: string ,
}

⚐ Response (200)

{
kind: enum ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ThreatIntelligenceIndicator_Create (new)
Description Update a threat Intelligence indicator.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
name: string ,
ThreatIntelligenceProperties:
{
properties:
{
threatIntelligenceTags:
[
string ,
]
,
lastUpdatedTimeUtc: string ,
source: string ,
displayName: string ,
description: string ,
indicatorTypes:
[
string ,
]
,
pattern: string ,
patternType: string ,
patternVersion: string ,
killChainPhases:
[
{
killChainName: string ,
phaseName: string ,
}
,
]
,
parsedPattern:
[
{
patternTypeKey: string ,
patternTypeValues:
[
{
valueType: string ,
value: string ,
}
,
]
,
}
,
]
,
externalId: string ,
createdByRef: string ,
defanged: boolean ,
externalLastUpdatedTimeUtc: string ,
externalReferences:
[
{
description: string ,
externalId: string ,
sourceName: string ,
url: string ,
hashes: object ,
}
,
]
,
granularMarkings:
[
{
language: string ,
markingRef: integer ,
selectors:
[
string ,
]
,
}
,
]
,
labels:
[
string ,
]
,
revoked: boolean ,
confidence: integer ,
objectMarkingRefs:
[
string ,
]
,
language: string ,
threatTypes:
[
string ,
]
,
validFrom: string ,
validUntil: string ,
created: string ,
modified: string ,
extensions: object ,
}
,
}
,
}

⚐ Response (200)

{
kind: enum ,
}

⚐ Response (201)

{
kind: enum ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ThreatIntelligenceIndicator_Delete (new)
Description Delete a threat intelligence indicator.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
name: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ThreatIntelligenceIndicator_QueryIndicators (new)
Description Query threat intelligence indicators as per filtering criteria.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
ThreatIntelligenceFilteringCriteria:
{
pageSize: integer ,
minConfidence: integer ,
maxConfidence: integer ,
minValidUntil: string ,
maxValidUntil: string ,
includeDisabled: boolean ,
sortBy:
[
{
itemKey: string ,
sortOrder: enum ,
}
,
]
,
sources:
[
string ,
]
,
patternTypes:
[
string ,
]
,
threatTypes:
[
string ,
]
,
ids:
[
string ,
]
,
keywords:
[
string ,
]
,
skipToken: string ,
}
,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
kind: enum ,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ThreatIntelligenceIndicatorMetrics_List (new)
Description Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source).
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
}

⚐ Response (200)

{
value:
[
{
properties:
{
lastUpdatedTimeUtc: string ,
threatTypeMetrics:
[
{
metricName: string ,
metricValue: integer ,
}
,
]
,
patternTypeMetrics:
[
{
metricName: string ,
metricValue: integer ,
}
,
]
,
sourceMetrics:
[
{
metricName: string ,
metricValue: integer ,
}
,
]
,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ThreatIntelligenceIndicator_AppendTags (new)
Description Append tags to a threat intelligence indicator.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
name: string ,
ThreatIntelligenceAppendTags:
{
threatIntelligenceTags:
[
string ,
]
,
}
,
}

⚐ Response (200)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
ThreatIntelligenceIndicator_ReplaceTags (new)
Description Replace tags added to a threat intelligence indicator.
Reference Link ¶

⚼ Request

POST:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
name: string ,
ThreatIntelligenceReplaceTags:
{
properties:
{
threatIntelligenceTags:
[
string ,
]
,
lastUpdatedTimeUtc: string ,
source: string ,
displayName: string ,
description: string ,
indicatorTypes:
[
string ,
]
,
pattern: string ,
patternType: string ,
patternVersion: string ,
killChainPhases:
[
{
killChainName: string ,
phaseName: string ,
}
,
]
,
parsedPattern:
[
{
patternTypeKey: string ,
patternTypeValues:
[
{
valueType: string ,
value: string ,
}
,
]
,
}
,
]
,
externalId: string ,
createdByRef: string ,
defanged: boolean ,
externalLastUpdatedTimeUtc: string ,
externalReferences:
[
{
description: string ,
externalId: string ,
sourceName: string ,
url: string ,
hashes: object ,
}
,
]
,
granularMarkings:
[
{
language: string ,
markingRef: integer ,
selectors:
[
string ,
]
,
}
,
]
,
labels:
[
string ,
]
,
revoked: boolean ,
confidence: integer ,
objectMarkingRefs:
[
string ,
]
,
language: string ,
threatTypes:
[
string ,
]
,
validFrom: string ,
validUntil: string ,
created: string ,
modified: string ,
extensions: object ,
}
,
}
,
}

⚐ Response (200)

{
kind: enum ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Watchlists_List (new)
Description Get all watchlists, without watchlist items.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
$skipToken: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
properties:
{
watchlistId: string ,
displayName: string ,
provider: string ,
source: string ,
sourceType: enum ,
created: string ,
updated: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
description: string ,
watchlistType: string ,
watchlistAlias: string ,
isDeleted: boolean ,
labels:
[
string ,
]
,
defaultDuration: string ,
tenantId: string ,
numberOfLinesToSkip: integer ,
rawContent: string ,
itemsSearchKey: string ,
contentType: string ,
uploadStatus: string ,
provisioningState: enum ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Watchlists_Get (new)
Description Get a watchlist, without its watchlist items.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
watchlistAlias: string ,
}

⚐ Response (200)

{
properties:
{
watchlistId: string ,
displayName: string ,
provider: string ,
source: string ,
sourceType: enum ,
created: string ,
updated: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
description: string ,
watchlistType: string ,
watchlistAlias: string ,
isDeleted: boolean ,
labels:
[
string ,
]
,
defaultDuration: string ,
tenantId: string ,
numberOfLinesToSkip: integer ,
rawContent: string ,
itemsSearchKey: string ,
contentType: string ,
uploadStatus: string ,
provisioningState: enum ,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
Watchlists_Delete (new)
Description Delete a watchlist.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
watchlistAlias: string ,
}

⚐ Response (202)

{
azure-asyncoperation: string ,
location: string ,
}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
target: string ,
details:
[
string ,
]
,
additionalInfo:
[
{
type: string ,
info: object ,
}
,
]
,
}
,
}
Watchlists_CreateOrUpdate (new)
Description Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint with rawContent and contentType properties.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
watchlistAlias: string ,
watchlist:
{
properties:
{
watchlistId: string ,
displayName: string ,
provider: string ,
source: string ,
sourceType: enum ,
created: string ,
updated: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
description: string ,
watchlistType: string ,
watchlistAlias: string ,
isDeleted: boolean ,
labels:
[
string ,
]
,
defaultDuration: string ,
tenantId: string ,
numberOfLinesToSkip: integer ,
rawContent: string ,
itemsSearchKey: string ,
contentType: string ,
uploadStatus: string ,
provisioningState: enum ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
watchlistId: string ,
displayName: string ,
provider: string ,
source: string ,
sourceType: enum ,
created: string ,
updated: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
description: string ,
watchlistType: string ,
watchlistAlias: string ,
isDeleted: boolean ,
labels:
[
string ,
]
,
defaultDuration: string ,
tenantId: string ,
numberOfLinesToSkip: integer ,
rawContent: string ,
itemsSearchKey: string ,
contentType: string ,
uploadStatus: string ,
provisioningState: enum ,
}
,
}

⚐ Response (201)

{
$headers:
{
azure-asyncoperation: string ,
}
,
$schema:
{
properties:
{
watchlistId: string ,
displayName: string ,
provider: string ,
source: string ,
sourceType: enum ,
created: string ,
updated: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
description: string ,
watchlistType: string ,
watchlistAlias: string ,
isDeleted: boolean ,
labels:
[
string ,
]
,
defaultDuration: string ,
tenantId: string ,
numberOfLinesToSkip: integer ,
rawContent: string ,
itemsSearchKey: string ,
contentType: string ,
uploadStatus: string ,
provisioningState: enum ,
}
,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
target: string ,
details:
[
string ,
]
,
additionalInfo:
[
{
type: string ,
info: object ,
}
,
]
,
}
,
}
WatchlistItems_List (new)
Description Get all watchlist Items.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
watchlistAlias: string ,
$skipToken: string ,
}

⚐ Response (200)

{
nextLink: string ,
value:
[
{
properties:
{
watchlistItemType: string ,
watchlistItemId: string ,
tenantId: string ,
isDeleted: boolean ,
created: string ,
updated: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
itemsKeyValue: object ,
entityMapping: object ,
}
,
}
,
]
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
WatchlistItems_Get (new)
Description Get a watchlist item.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
watchlistAlias: string ,
watchlistItemId: string ,
}

⚐ Response (200)

{
properties:
{
watchlistItemType: string ,
watchlistItemId: string ,
tenantId: string ,
isDeleted: boolean ,
created: string ,
updated: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
itemsKeyValue: object ,
entityMapping: object ,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
WatchlistItems_Delete (new)
Description Delete a watchlist item.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
watchlistAlias: string ,
watchlistItemId: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
WatchlistItems_CreateOrUpdate (new)
Description Create or update a watchlist item.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}
{
api-version: string ,
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
watchlistAlias: string ,
watchlistItemId: string ,
watchlistItem:
{
properties:
{
watchlistItemType: string ,
watchlistItemId: string ,
tenantId: string ,
isDeleted: boolean ,
created: string ,
updated: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
itemsKeyValue: object ,
entityMapping: object ,
}
,
}
,
}

⚐ Response (200)

{
properties:
{
watchlistItemType: string ,
watchlistItemId: string ,
tenantId: string ,
isDeleted: boolean ,
created: string ,
updated: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
itemsKeyValue: object ,
entityMapping: object ,
}
,
}

⚐ Response (201)

{
properties:
{
watchlistItemType: string ,
watchlistItemId: string ,
tenantId: string ,
isDeleted: boolean ,
created: string ,
updated: string ,
createdBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
updatedBy:
{
email: string ,
name: string ,
objectId: string ,
}
,
itemsKeyValue: object ,
entityMapping: object ,
}
,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
DataConnectorDefinitions_List (new)
Description Gets all data connector definitions.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions
{
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
api-version: string ,
}

⚐ Response (200)

{
value:
[
{
kind: enum ,
}
,
]
,
nextLink: string ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
DataConnectorDefinitions_Get (new)
Description Gets a data connector definition.
Reference Link ¶

⚼ Request

GET:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}
{
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
dataConnectorDefinitionName: string ,
api-version: string ,
}

⚐ Response (200)

{
kind: enum ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
DataConnectorDefinitions_CreateOrUpdate (new)
Description Creates or updates the data connector definition.
Reference Link ¶

⚼ Request

PUT:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}
{
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
dataConnectorDefinitionName: string ,
api-version: string ,
connectorDefinitionInput:
{
kind: enum ,
}
,
}

⚐ Response (200)

{
kind: enum ,
}

⚐ Response (201)

{
kind: enum ,
}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}
DataConnectorDefinitions_Delete (new)
Description Delete the data connector definition.
Reference Link ¶

⚼ Request

DELETE:  /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}
{
subscriptionId: string ,
resourceGroupName: string ,
workspaceName: string ,
dataConnectorDefinitionName: string ,
api-version: string ,
}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{
error:
{
code: string ,
message: string ,
}
,
}