Microsoft.OperationalInsights (stable:2025-03-01)

2025/03/04 • 94 new methods

AlertRules_List (new)

Description	: Gets all alert rules.
Reference	: Link ¶

⚼ Request

GET: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

nextLink:

{

Description: URL to fetch the next set of alert rules. ,

Required: False ,

}

string ,

value:

{

Description: Array of alert rules. ,

Required: True ,

}

[

{

kind:

{

Description: The alert rule kind ,

Enum:

{

Scheduled: No description available. ,

MicrosoftSecurityIncidentCreation: No description available. ,

Fusion: No description available. ,

}

Required: True ,

}

enum ,

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

AlertRules_Get (new)

Description	: Gets the alert rule.
Reference	: Link ¶

⚼ Request

GET: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

ruleId:

{

Description: Alert rule ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

kind:

{

Description: The alert rule kind ,

Enum:

{

Scheduled: No description available. ,

MicrosoftSecurityIncidentCreation: No description available. ,

Fusion: No description available. ,

}

Required: True ,

}

enum ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

AlertRules_CreateOrUpdate (new)

Description	: Creates or updates the alert rule.
Reference	: Link ¶

⚼ Request

PUT: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

ruleId:

{

Description: Alert rule ID ,

Required: True ,

}

string ,

alertRule:

{

Description: The alert rule ,

Required: True ,

}

{

kind:

{

Description: The alert rule kind ,

Enum:

{

Scheduled: No description available. ,

MicrosoftSecurityIncidentCreation: No description available. ,

Fusion: No description available. ,

}

Required: True ,

}

enum ,

}

⚐ Response (200)

{

kind:

{

Description: The alert rule kind ,

Enum:

{

Scheduled: No description available. ,

MicrosoftSecurityIncidentCreation: No description available. ,

Fusion: No description available. ,

}

Required: True ,

}

enum ,

}

⚐ Response (201)

{

kind:

{

Description: The alert rule kind ,

Enum:

{

Scheduled: No description available. ,

MicrosoftSecurityIncidentCreation: No description available. ,

Fusion: No description available. ,

}

Required: True ,

}

enum ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

AlertRules_Delete (new)

Description	: Delete the alert rule.
Reference	: Link ¶

⚼ Request

DELETE: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

ruleId:

{

Description: Alert rule ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Actions_ListByAlertRule (new)

Description	: Gets all actions of alert rule.
Reference	: Link ¶

⚼ Request

GET: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

ruleId:

{

Description: Alert rule ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

nextLink:

{

Description: URL to fetch the next set of actions. ,

Required: False ,

}

string ,

value:

{

Description: Array of actions. ,

Required: True ,

}

[

{

etag:

{

Description: Etag of the action. ,

Required: False ,

}

string ,

properties:

{

Description: Action properties for get request ,

Required: False ,

}

{

workflowId:

{

Description: The name of the logic app's workflow. ,

Required: False ,

}

string ,

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Actions_Get (new)

Description	: Gets the action of alert rule.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

ruleId:

{

Description: Alert rule ID ,

Required: True ,

}

string ,

actionId:

{

Description: Action ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

etag:

{

Description: Etag of the action. ,

Required: False ,

}

string ,

properties:

{

Description: Action properties for get request ,

Required: False ,

}

{

workflowId:

{

Description: The name of the logic app's workflow. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Actions_CreateOrUpdate (new)

Description	: Creates or updates the action of alert rule.
Reference	: Link ¶

⚼ Request

PUT: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

ruleId:

{

Description: Alert rule ID ,

Required: True ,

}

string ,

actionId:

{

Description: Action ID ,

Required: True ,

}

string ,

action:

{

Description: The action ,

Required: True ,

}

{

properties:

{

Description: Action properties for put request ,

Required: False ,

}

{

triggerUri:

{

Description: Logic App Callback URL for this specific workflow. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

etag:

{

Description: Etag of the action. ,

Required: False ,

}

string ,

properties:

{

Description: Action properties for get request ,

Required: False ,

}

{

workflowId:

{

Description: The name of the logic app's workflow. ,

Required: False ,

}

string ,

}

⚐ Response (201)

{

etag:

{

Description: Etag of the action. ,

Required: False ,

}

string ,

properties:

{

Description: Action properties for get request ,

Required: False ,

}

{

workflowId:

{

Description: The name of the logic app's workflow. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Actions_Delete (new)

Description	: Delete the action of alert rule.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

ruleId:

{

Description: Alert rule ID ,

Required: True ,

}

string ,

actionId:

{

Description: Action ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

AlertRuleTemplates_List (new)

Description	: Gets all alert rule templates.
Reference	: Link ¶

⚼ Request

GET: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

nextLink:

{

Description: URL to fetch the next set of alert rule templates. ,

Required: False ,

}

string ,

value:

{

Description: Array of alert rule templates. ,

Required: True ,

}

[

{

kind:

{

Description: The alert rule kind ,

Enum:

{

Scheduled: No description available. ,

MicrosoftSecurityIncidentCreation: No description available. ,

Fusion: No description available. ,

}

Required: True ,

}

enum ,

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

AlertRuleTemplates_Get (new)

Description	: Gets the alert rule template.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

alertRuleTemplateId:

{

Description: Alert rule template ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

kind:

{

Description: The alert rule kind ,

Enum:

{

Scheduled: No description available. ,

MicrosoftSecurityIncidentCreation: No description available. ,

Fusion: No description available. ,

}

Required: True ,

}

enum ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

AutomationRules_Get (new)

Description	: Gets the automation rule.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

automationRuleId:

{

Description: Automation rule ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: Automation rule properties ,

Required: True ,

}

{

displayName:

{

Description: The display name of the automation rule. ,

Required: True ,

}

string ,

order:

{

Description: The order of execution of the automation rule. ,

Format: int32 ,

Required: True ,

}

integer ,

triggeringLogic:

{

Description: Describes automation rule triggering logic. ,

Required: True ,

}

{

isEnabled:

{

Description: Determines whether the automation rule is enabled or disabled. ,

Required: True ,

}

boolean ,

expirationTimeUtc:

{

Description: Determines when the automation rule should automatically expire and be disabled. ,

Format: date-time ,

Required: False ,

}

string ,

triggersOn:

{

Enum:

{

Incidents: Trigger on Incidents ,

Alerts: Trigger on Alerts ,

}

Required: True ,

}

enum ,

triggersWhen:

{

Enum:

{

Created: Trigger on created objects ,

Updated: Trigger on updated objects ,

}

Required: True ,

}

enum ,

conditions:

{

Description: The conditions to evaluate to determine if the automation rule should be triggered on a given object. ,

Required: False ,

}

[

{

conditionType:

{

Enum:

{

Property: Evaluate an object property value ,

PropertyArray: Evaluate an object array property value ,

PropertyChanged: Evaluate an object property changed value ,

PropertyArrayChanged: Evaluate an object array property changed value ,

Boolean: Apply a boolean operator (e.g AND, OR) to conditions ,

}

Required: True ,

}

enum ,

}

]

}

actions:

{

Description: The actions to execute when the automation rule is triggered. ,

Required: True ,

}

[

{

order:

{

Format: int32 ,

Required: True ,

}

integer ,

actionType:

{

Description: The type of the automation rule action. ,

Enum:

{

ModifyProperties: Modify an object's properties ,

RunPlaybook: Run a playbook on an object ,

AddIncidentTask: Add a task to an incident object ,

}

Required: True ,

}

enum ,

}

]

lastModifiedTimeUtc:

{

Description: The last time the automation rule was updated. ,

Format: date-time ,

Required: False ,

}

string ,

createdTimeUtc:

{

Description: The time the automation rule was created. ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

createdBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

AutomationRules_CreateOrUpdate (new)

Description	: Creates or updates the automation rule.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

automationRuleId:

{

Description: Automation rule ID ,

Required: True ,

}

string ,

automationRuleToUpsert:

{

Description: The automation rule ,

Required: False ,

}

{

properties:

{

Description: Automation rule properties ,

Required: True ,

}

{

displayName:

{

Description: The display name of the automation rule. ,

Required: True ,

}

string ,

order:

{

Description: The order of execution of the automation rule. ,

Format: int32 ,

Required: True ,

}

integer ,

triggeringLogic:

{

Description: Describes automation rule triggering logic. ,

Required: True ,

}

{

isEnabled:

{

Description: Determines whether the automation rule is enabled or disabled. ,

Required: True ,

}

boolean ,

expirationTimeUtc:

{

Description: Determines when the automation rule should automatically expire and be disabled. ,

Format: date-time ,

Required: False ,

}

string ,

triggersOn:

{

Enum:

{

Incidents: Trigger on Incidents ,

Alerts: Trigger on Alerts ,

}

Required: True ,

}

enum ,

triggersWhen:

{

Enum:

{

Created: Trigger on created objects ,

Updated: Trigger on updated objects ,

}

Required: True ,

}

enum ,

conditions:

{

Description: The conditions to evaluate to determine if the automation rule should be triggered on a given object. ,

Required: False ,

}

[

{

conditionType:

{

Enum:

{

Property: Evaluate an object property value ,

PropertyArray: Evaluate an object array property value ,

PropertyChanged: Evaluate an object property changed value ,

PropertyArrayChanged: Evaluate an object array property changed value ,

Boolean: Apply a boolean operator (e.g AND, OR) to conditions ,

}

Required: True ,

}

enum ,

}

]

}

actions:

{

Description: The actions to execute when the automation rule is triggered. ,

Required: True ,

}

[

{

order:

{

Format: int32 ,

Required: True ,

}

integer ,

actionType:

{

Description: The type of the automation rule action. ,

Enum:

{

ModifyProperties: Modify an object's properties ,

RunPlaybook: Run a playbook on an object ,

AddIncidentTask: Add a task to an incident object ,

}

Required: True ,

}

enum ,

}

]

lastModifiedTimeUtc:

{

Description: The last time the automation rule was updated. ,

Format: date-time ,

Required: False ,

}

string ,

createdTimeUtc:

{

Description: The time the automation rule was created. ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

createdBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: Automation rule properties ,

Required: True ,

}

{

displayName:

{

Description: The display name of the automation rule. ,

Required: True ,

}

string ,

order:

{

Description: The order of execution of the automation rule. ,

Format: int32 ,

Required: True ,

}

integer ,

triggeringLogic:

{

Description: Describes automation rule triggering logic. ,

Required: True ,

}

{

isEnabled:

{

Description: Determines whether the automation rule is enabled or disabled. ,

Required: True ,

}

boolean ,

expirationTimeUtc:

{

Description: Determines when the automation rule should automatically expire and be disabled. ,

Format: date-time ,

Required: False ,

}

string ,

triggersOn:

{

Enum:

{

Incidents: Trigger on Incidents ,

Alerts: Trigger on Alerts ,

}

Required: True ,

}

enum ,

triggersWhen:

{

Enum:

{

Created: Trigger on created objects ,

Updated: Trigger on updated objects ,

}

Required: True ,

}

enum ,

conditions:

{

Description: The conditions to evaluate to determine if the automation rule should be triggered on a given object. ,

Required: False ,

}

[

{

conditionType:

{

Enum:

{

Property: Evaluate an object property value ,

PropertyArray: Evaluate an object array property value ,

PropertyChanged: Evaluate an object property changed value ,

PropertyArrayChanged: Evaluate an object array property changed value ,

Boolean: Apply a boolean operator (e.g AND, OR) to conditions ,

}

Required: True ,

}

enum ,

}

]

}

actions:

{

Description: The actions to execute when the automation rule is triggered. ,

Required: True ,

}

[

{

order:

{

Format: int32 ,

Required: True ,

}

integer ,

actionType:

{

Description: The type of the automation rule action. ,

Enum:

{

ModifyProperties: Modify an object's properties ,

RunPlaybook: Run a playbook on an object ,

AddIncidentTask: Add a task to an incident object ,

}

Required: True ,

}

enum ,

}

]

lastModifiedTimeUtc:

{

Description: The last time the automation rule was updated. ,

Format: date-time ,

Required: False ,

}

string ,

createdTimeUtc:

{

Description: The time the automation rule was created. ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

createdBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

⚐ Response (201)

{

properties:

{

Description: Automation rule properties ,

Required: True ,

}

{

displayName:

{

Description: The display name of the automation rule. ,

Required: True ,

}

string ,

order:

{

Description: The order of execution of the automation rule. ,

Format: int32 ,

Required: True ,

}

integer ,

triggeringLogic:

{

Description: Describes automation rule triggering logic. ,

Required: True ,

}

{

isEnabled:

{

Description: Determines whether the automation rule is enabled or disabled. ,

Required: True ,

}

boolean ,

expirationTimeUtc:

{

Description: Determines when the automation rule should automatically expire and be disabled. ,

Format: date-time ,

Required: False ,

}

string ,

triggersOn:

{

Enum:

{

Incidents: Trigger on Incidents ,

Alerts: Trigger on Alerts ,

}

Required: True ,

}

enum ,

triggersWhen:

{

Enum:

{

Created: Trigger on created objects ,

Updated: Trigger on updated objects ,

}

Required: True ,

}

enum ,

conditions:

{

Description: The conditions to evaluate to determine if the automation rule should be triggered on a given object. ,

Required: False ,

}

[

{

conditionType:

{

Enum:

{

Property: Evaluate an object property value ,

PropertyArray: Evaluate an object array property value ,

PropertyChanged: Evaluate an object property changed value ,

PropertyArrayChanged: Evaluate an object array property changed value ,

Boolean: Apply a boolean operator (e.g AND, OR) to conditions ,

}

Required: True ,

}

enum ,

}

]

}

actions:

{

Description: The actions to execute when the automation rule is triggered. ,

Required: True ,

}

[

{

order:

{

Format: int32 ,

Required: True ,

}

integer ,

actionType:

{

Description: The type of the automation rule action. ,

Enum:

{

ModifyProperties: Modify an object's properties ,

RunPlaybook: Run a playbook on an object ,

AddIncidentTask: Add a task to an incident object ,

}

Required: True ,

}

enum ,

}

]

lastModifiedTimeUtc:

{

Description: The last time the automation rule was updated. ,

Format: date-time ,

Required: False ,

}

string ,

createdTimeUtc:

{

Description: The time the automation rule was created. ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

createdBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

AutomationRules_Delete (new)

Description	: Delete the automation rule.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

automationRuleId:

{

Description: Automation rule ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

$schema: object ,

}

⚐ Response (204)

{

$schema: object ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

AutomationRules_List (new)

Description	: Gets all automation rules.
Reference	: Link ¶

⚼ Request

GET: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

value:

{

Required: False ,

}

[

{

properties:

{

Description: Automation rule properties ,

Required: True ,

}

{

displayName:

{

Description: The display name of the automation rule. ,

Required: True ,

}

string ,

order:

{

Description: The order of execution of the automation rule. ,

Format: int32 ,

Required: True ,

}

integer ,

triggeringLogic:

{

Description: Describes automation rule triggering logic. ,

Required: True ,

}

{

isEnabled:

{

Description: Determines whether the automation rule is enabled or disabled. ,

Required: True ,

}

boolean ,

expirationTimeUtc:

{

Description: Determines when the automation rule should automatically expire and be disabled. ,

Format: date-time ,

Required: False ,

}

string ,

triggersOn:

{

Enum:

{

Incidents: Trigger on Incidents ,

Alerts: Trigger on Alerts ,

}

Required: True ,

}

enum ,

triggersWhen:

{

Enum:

{

Created: Trigger on created objects ,

Updated: Trigger on updated objects ,

}

Required: True ,

}

enum ,

conditions:

{

Description: The conditions to evaluate to determine if the automation rule should be triggered on a given object. ,

Required: False ,

}

[

{

conditionType:

{

Enum:

{

Property: Evaluate an object property value ,

PropertyArray: Evaluate an object array property value ,

PropertyChanged: Evaluate an object property changed value ,

PropertyArrayChanged: Evaluate an object array property changed value ,

Boolean: Apply a boolean operator (e.g AND, OR) to conditions ,

}

Required: True ,

}

enum ,

}

]

}

actions:

{

Description: The actions to execute when the automation rule is triggered. ,

Required: True ,

}

[

{

order:

{

Format: int32 ,

Required: True ,

}

integer ,

actionType:

{

Description: The type of the automation rule action. ,

Enum:

{

ModifyProperties: Modify an object's properties ,

RunPlaybook: Run a playbook on an object ,

AddIncidentTask: Add a task to an incident object ,

}

Required: True ,

}

enum ,

}

]

lastModifiedTimeUtc:

{

Description: The last time the automation rule was updated. ,

Format: date-time ,

Required: False ,

}

string ,

createdTimeUtc:

{

Description: The time the automation rule was created. ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

createdBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

]

nextLink:

{

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Entities_RunPlaybook (new)

Description	: Triggers playbook on a specific entity.
Reference	: Link ¶

⚼ Request

POST: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityIdentifier}/runPlaybook

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

entityIdentifier:

{

Description: Entity ID ,

Required: True ,

}

string ,

requestBody:

{

Description: Describes the request body for triggering a playbook on an entity. ,

Required: False ,

}

{

incidentArmId:

{

Description: The incident id to associate the entity with. ,

Format: arm-id ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenant id of the playbook resource. ,

Format: uuid ,

Required: False ,

}

string ,

logicAppsResourceId:

{

Description: The resource id of the playbook resource. ,

Format: arm-id ,

Required: True ,

}

string ,

}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Incidents_RunPlaybook (new)

Description	: Triggers playbook on a specific incident
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

incidentIdentifier:

{

Description: Incident ID ,

Required: True ,

}

string ,

requestBody:

{

Description: Describes the request body for triggering a playbook on an incident. ,

Required: False ,

}

{

tenantId:

{

Description: The tenant id of the playbook resource. ,

Format: uuid ,

Required: False ,

}

string ,

logicAppsResourceId:

{

Description: The resource id of the playbook resource. ,

Format: arm-id ,

Required: True ,

}

string ,

}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Bookmarks_List (new)

Description	: Gets all bookmarks.
Reference	: Link ¶

⚼ Request

GET: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

nextLink:

{

Description: URL to fetch the next set of cases. ,

Required: False ,

}

string ,

value:

{

Description: Array of bookmarks. ,

Required: True ,

}

[

{

properties:

{

Description: Bookmark properties ,

Required: False ,

}

{

created:

{

Description: The time the bookmark was created ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Describes a user that created the bookmark ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

displayName:

{

Description: The display name of the bookmark ,

Required: True ,

}

string ,

labels:

{

Description: List of labels relevant to this bookmark ,

Required: False ,

}

[

string ,

]

notes:

{

Description: The notes of the bookmark ,

Required: False ,

}

string ,

query:

{

Description: The query of the bookmark. ,

Required: True ,

}

string ,

queryResult:

{

Description: The query result of the bookmark. ,

Required: False ,

}

string ,

updated:

{

Description: The last time the bookmark was updated ,

Format: date-time ,

Required: False ,

}

string ,

updatedBy:

{

Description: Describes a user that updated the bookmark ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

eventTime:

{

Description: The bookmark event time ,

Format: date-time ,

Required: False ,

}

string ,

queryStartTime:

{

Description: The start time for the query ,

Format: date-time ,

Required: False ,

}

string ,

queryEndTime:

{

Description: The end time for the query ,

Format: date-time ,

Required: False ,

}

string ,

incidentInfo:

{

Description: Describes an incident that relates to bookmark ,

Required: False ,

}

{

incidentId:

{

Description: Incident Id ,

Required: False ,

}

string ,

severity:

{

Description: The severity of the incident ,

Enum:

{

High: High severity ,

Medium: Medium severity ,

Low: Low severity ,

Informational: Informational severity ,

}

Required: False ,

}

enum ,

title:

{

Description: The title of the incident ,

Required: False ,

}

string ,

relationName:

{

Description: Relation Name ,

Required: False ,

}

string ,

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Bookmarks_Get (new)

Description	: Gets a bookmark.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

bookmarkId:

{

Description: Bookmark ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: Bookmark properties ,

Required: False ,

}

{

created:

{

Description: The time the bookmark was created ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Describes a user that created the bookmark ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

displayName:

{

Description: The display name of the bookmark ,

Required: True ,

}

string ,

labels:

{

Description: List of labels relevant to this bookmark ,

Required: False ,

}

[

string ,

]

notes:

{

Description: The notes of the bookmark ,

Required: False ,

}

string ,

query:

{

Description: The query of the bookmark. ,

Required: True ,

}

string ,

queryResult:

{

Description: The query result of the bookmark. ,

Required: False ,

}

string ,

updated:

{

Description: The last time the bookmark was updated ,

Format: date-time ,

Required: False ,

}

string ,

updatedBy:

{

Description: Describes a user that updated the bookmark ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

eventTime:

{

Description: The bookmark event time ,

Format: date-time ,

Required: False ,

}

string ,

queryStartTime:

{

Description: The start time for the query ,

Format: date-time ,

Required: False ,

}

string ,

queryEndTime:

{

Description: The end time for the query ,

Format: date-time ,

Required: False ,

}

string ,

incidentInfo:

{

Description: Describes an incident that relates to bookmark ,

Required: False ,

}

{

incidentId:

{

Description: Incident Id ,

Required: False ,

}

string ,

severity:

{

Description: The severity of the incident ,

Enum:

{

High: High severity ,

Medium: Medium severity ,

Low: Low severity ,

Informational: Informational severity ,

}

Required: False ,

}

enum ,

title:

{

Description: The title of the incident ,

Required: False ,

}

string ,

relationName:

{

Description: Relation Name ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Bookmarks_CreateOrUpdate (new)

Description	: Creates or updates the bookmark.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

bookmarkId:

{

Description: Bookmark ID ,

Required: True ,

}

string ,

bookmark:

{

Description: The bookmark ,

Required: True ,

}

{

properties:

{

Description: Bookmark properties ,

Required: False ,

}

{

created:

{

Description: The time the bookmark was created ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Describes a user that created the bookmark ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

displayName:

{

Description: The display name of the bookmark ,

Required: True ,

}

string ,

labels:

{

Description: List of labels relevant to this bookmark ,

Required: False ,

}

[

string ,

]

notes:

{

Description: The notes of the bookmark ,

Required: False ,

}

string ,

query:

{

Description: The query of the bookmark. ,

Required: True ,

}

string ,

queryResult:

{

Description: The query result of the bookmark. ,

Required: False ,

}

string ,

updated:

{

Description: The last time the bookmark was updated ,

Format: date-time ,

Required: False ,

}

string ,

updatedBy:

{

Description: Describes a user that updated the bookmark ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

eventTime:

{

Description: The bookmark event time ,

Format: date-time ,

Required: False ,

}

string ,

queryStartTime:

{

Description: The start time for the query ,

Format: date-time ,

Required: False ,

}

string ,

queryEndTime:

{

Description: The end time for the query ,

Format: date-time ,

Required: False ,

}

string ,

incidentInfo:

{

Description: Describes an incident that relates to bookmark ,

Required: False ,

}

{

incidentId:

{

Description: Incident Id ,

Required: False ,

}

string ,

severity:

{

Description: The severity of the incident ,

Enum:

{

High: High severity ,

Medium: Medium severity ,

Low: Low severity ,

Informational: Informational severity ,

}

Required: False ,

}

enum ,

title:

{

Description: The title of the incident ,

Required: False ,

}

string ,

relationName:

{

Description: Relation Name ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: Bookmark properties ,

Required: False ,

}

{

created:

{

Description: The time the bookmark was created ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Describes a user that created the bookmark ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

displayName:

{

Description: The display name of the bookmark ,

Required: True ,

}

string ,

labels:

{

Description: List of labels relevant to this bookmark ,

Required: False ,

}

[

string ,

]

notes:

{

Description: The notes of the bookmark ,

Required: False ,

}

string ,

query:

{

Description: The query of the bookmark. ,

Required: True ,

}

string ,

queryResult:

{

Description: The query result of the bookmark. ,

Required: False ,

}

string ,

updated:

{

Description: The last time the bookmark was updated ,

Format: date-time ,

Required: False ,

}

string ,

updatedBy:

{

Description: Describes a user that updated the bookmark ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

eventTime:

{

Description: The bookmark event time ,

Format: date-time ,

Required: False ,

}

string ,

queryStartTime:

{

Description: The start time for the query ,

Format: date-time ,

Required: False ,

}

string ,

queryEndTime:

{

Description: The end time for the query ,

Format: date-time ,

Required: False ,

}

string ,

incidentInfo:

{

Description: Describes an incident that relates to bookmark ,

Required: False ,

}

{

incidentId:

{

Description: Incident Id ,

Required: False ,

}

string ,

severity:

{

Description: The severity of the incident ,

Enum:

{

High: High severity ,

Medium: Medium severity ,

Low: Low severity ,

Informational: Informational severity ,

}

Required: False ,

}

enum ,

title:

{

Description: The title of the incident ,

Required: False ,

}

string ,

relationName:

{

Description: Relation Name ,

Required: False ,

}

string ,

}

⚐ Response (201)

{

properties:

{

Description: Bookmark properties ,

Required: False ,

}

{

created:

{

Description: The time the bookmark was created ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Describes a user that created the bookmark ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

displayName:

{

Description: The display name of the bookmark ,

Required: True ,

}

string ,

labels:

{

Description: List of labels relevant to this bookmark ,

Required: False ,

}

[

string ,

]

notes:

{

Description: The notes of the bookmark ,

Required: False ,

}

string ,

query:

{

Description: The query of the bookmark. ,

Required: True ,

}

string ,

queryResult:

{

Description: The query result of the bookmark. ,

Required: False ,

}

string ,

updated:

{

Description: The last time the bookmark was updated ,

Format: date-time ,

Required: False ,

}

string ,

updatedBy:

{

Description: Describes a user that updated the bookmark ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

eventTime:

{

Description: The bookmark event time ,

Format: date-time ,

Required: False ,

}

string ,

queryStartTime:

{

Description: The start time for the query ,

Format: date-time ,

Required: False ,

}

string ,

queryEndTime:

{

Description: The end time for the query ,

Format: date-time ,

Required: False ,

}

string ,

incidentInfo:

{

Description: Describes an incident that relates to bookmark ,

Required: False ,

}

{

incidentId:

{

Description: Incident Id ,

Required: False ,

}

string ,

severity:

{

Description: The severity of the incident ,

Enum:

{

High: High severity ,

Medium: Medium severity ,

Low: Low severity ,

Informational: Informational severity ,

}

Required: False ,

}

enum ,

title:

{

Description: The title of the incident ,

Required: False ,

}

string ,

relationName:

{

Description: Relation Name ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Bookmarks_Delete (new)

Description	: Delete the bookmark.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

bookmarkId:

{

Description: Bookmark ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ContentPackages_List (new)

Description	: Gets all installed packages.
Reference	: Link ¶

⚼ Request

GET: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

$filter:

{

Description: Filters the results, based on a Boolean condition. Optional. ,

Required: False ,

}

string ,

$orderby:

{

Description: Sorts the results. Optional. ,

Required: False ,

}

string ,

$search:

{

Description: Searches for a substring in the response. Optional. ,

Required: False ,

}

string ,

$count:

{

Description: Instructs the server to return only object count without actual body. Optional. ,

Required: False ,

}

boolean ,

$top:

{

Description: Returns only the first n results. Optional. ,

Format: int32 ,

Required: False ,

}

integer ,

$skip:

{

Description: Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. ,

Format: int32 ,

Required: False ,

}

integer ,

$skipToken:

{

Description: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

nextLink:

{

Description: URL to fetch the next set of packages. ,

Required: False ,

}

string ,

value:

{

Description: Array of packages. ,

Required: True ,

}

[

{

properties:

{

Description: package properties ,

Required: False ,

}

object ,

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ContentPackages_Get (new)

Description	: Gets an installed packages by its id.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

packageId:

{

Description: package Id ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: package properties ,

Required: False ,

}

object ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ContentPackage_Install (new)

Description	: Install a package to the workspace.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

packageId:

{

Description: package Id ,

Required: True ,

}

string ,

packageInstallationProperties:

{

Description: Package installation properties ,

Required: True ,

}

{

properties:

{

Description: package properties ,

Required: False ,

}

object ,

}

⚐ Response (200)

{

properties:

{

Description: package properties ,

Required: False ,

}

object ,

}

⚐ Response (201)

{

properties:

{

Description: package properties ,

Required: False ,

}

object ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ContentPackage_Uninstall (new)

Description	: Uninstall a package from the workspace.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

packageId:

{

Description: package Id ,

Required: True ,

}

string ,

}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ProductPackages_List (new)

Description	: Gets all packages from the catalog. Expandable properties: - properties/installed - properties/packagedContent
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

$filter:

{

Description: Filters the results, based on a Boolean condition. Optional. ,

Required: False ,

}

string ,

$orderby:

{

Description: Sorts the results. Optional. ,

Required: False ,

}

string ,

$top:

{

Description: Returns only the first n results. Optional. ,

Format: int32 ,

Required: False ,

}

integer ,

$skipToken:

{

Required: False ,

}

string ,

$search:

{

Description: Searches for a substring in the response. Optional. ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

nextLink:

{

Description: URL to fetch the next set of packages. ,

Required: False ,

}

string ,

value:

{

Description: Array of packages. ,

Required: True ,

}

[

{

properties:

{

Description: package properties ,

Required: False ,

}

object ,

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ProductPackage_Get (new)

Description	: Gets a package by its identifier from the catalog.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

packageId:

{

Description: package Id ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: package properties ,

Required: False ,

}

object ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ProductTemplates_List (new)

Description	: Gets all templates in the catalog.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

$filter:

{

Description: Filters the results, based on a Boolean condition. Optional. ,

Required: False ,

}

string ,

$orderby:

{

Description: Sorts the results. Optional. ,

Required: False ,

}

string ,

$search:

{

Description: Searches for a substring in the response. Optional. ,

Required: False ,

}

string ,

$count:

{

Description: Instructs the server to return only object count without actual body. Optional. ,

Required: False ,

}

boolean ,

$top:

{

Description: Returns only the first n results. Optional. ,

Format: int32 ,

Required: False ,

}

integer ,

$skip:

{

Description: Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. ,

Format: int32 ,

Required: False ,

}

integer ,

$skipToken:

{

Required: False ,

}

string ,

}

⚐ Response (200)

{

value:

{

Description: Array of templates. ,

Required: True ,

}

[

{

properties:

{

Description: template properties ,

Required: False ,

}

string ,

}

]

nextLink:

{

Description: URL to fetch the next page of template. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ProductTemplate_Get (new)

Description	: Gets a template by its identifier.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

templateId:

{

Description: template Id ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: template properties ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ContentTemplates_List (new)

Description	: Gets all installed templates. Expandable properties: - properties/mainTemplate - properties/dependantTemplates
Reference	: Link ¶

⚼ Request

GET: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

$filter:

{

Description: Filters the results, based on a Boolean condition. Optional. ,

Required: False ,

}

string ,

$orderby:

{

Description: Sorts the results. Optional. ,

Required: False ,

}

string ,

$expand:

{

Description: Expands the object with optional fiends that are not included by default. Optional. ,

Required: False ,

}

string ,

$search:

{

Description: Searches for a substring in the response. Optional. ,

Required: False ,

}

string ,

$count:

{

Description: Instructs the server to return only object count without actual body. Optional. ,

Required: False ,

}

boolean ,

$top:

{

Description: Returns only the first n results. Optional. ,

Format: int32 ,

Required: False ,

}

integer ,

$skip:

{

Description: Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. ,

Format: int32 ,

Required: False ,

}

integer ,

$skipToken:

{

Required: False ,

}

string ,

}

⚐ Response (200)

{

value:

{

Description: Array of templates. ,

Required: True ,

}

[

{

properties:

{

Description: template properties ,

Required: False ,

}

object ,

}

]

nextLink:

{

Description: URL to fetch the next page of template. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ContentTemplate_Install (new)

Description	: Install a template.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

templateId:

{

Description: template Id ,

Required: True ,

}

string ,

templateInstallationProperties:

{

Description: Template installation properties ,

Required: True ,

}

{

properties:

{

Description: template properties ,

Required: False ,

}

object ,

}

⚐ Response (200)

{

properties:

{

Description: template properties ,

Required: False ,

}

object ,

}

⚐ Response (201)

{

properties:

{

Description: template properties ,

Required: False ,

}

object ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ContentTemplate_Get (new)

Description	: Gets a template byt its identifier. Expandable properties: - properties/mainTemplate - properties/dependantTemplates
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

templateId:

{

Description: template Id ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: template properties ,

Required: False ,

}

object ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ContentTemplate_Delete (new)

Description	: Delete an installed template.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

templateId:

{

Description: template Id ,

Required: True ,

}

string ,

}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

DataConnectors_List (new)

Description	: Gets all data connectors.
Reference	: Link ¶

⚼ Request

GET: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

nextLink:

{

Description: URL to fetch the next set of data connectors. ,

Required: False ,

}

string ,

value:

{

Description: Array of data connectors. ,

Required: True ,

}

[

{

kind:

{

Description: The data connector kind ,

Enum:

{

AzureActiveDirectory: No description available. ,

AzureSecurityCenter: No description available. ,

MicrosoftCloudAppSecurity: No description available. ,

ThreatIntelligence: No description available. ,

MicrosoftThreatIntelligence: No description available. ,

PremiumMicrosoftDefenderForThreatIntelligence: No description available. ,

Office365: No description available. ,

AmazonWebServicesCloudTrail: No description available. ,

AzureAdvancedThreatProtection: No description available. ,

MicrosoftDefenderAdvancedThreatProtection: No description available. ,

RestApiPoller: No description available. ,

}

Required: True ,

}

enum ,

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

DataConnectors_Get (new)

Description	: Gets a data connector.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

dataConnectorId:

{

Description: Connector ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

kind:

{

Description: The data connector kind ,

Enum:

{

AzureActiveDirectory: No description available. ,

AzureSecurityCenter: No description available. ,

MicrosoftCloudAppSecurity: No description available. ,

ThreatIntelligence: No description available. ,

MicrosoftThreatIntelligence: No description available. ,

PremiumMicrosoftDefenderForThreatIntelligence: No description available. ,

Office365: No description available. ,

AmazonWebServicesCloudTrail: No description available. ,

AzureAdvancedThreatProtection: No description available. ,

MicrosoftDefenderAdvancedThreatProtection: No description available. ,

RestApiPoller: No description available. ,

}

Required: True ,

}

enum ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

DataConnectors_CreateOrUpdate (new)

Description	: Creates or updates the data connector.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

dataConnectorId:

{

Description: Connector ID ,

Required: True ,

}

string ,

dataConnector:

{

Description: The data connector ,

Required: True ,

}

{

kind:

{

Description: The data connector kind ,

Enum:

{

AzureActiveDirectory: No description available. ,

AzureSecurityCenter: No description available. ,

MicrosoftCloudAppSecurity: No description available. ,

ThreatIntelligence: No description available. ,

MicrosoftThreatIntelligence: No description available. ,

PremiumMicrosoftDefenderForThreatIntelligence: No description available. ,

Office365: No description available. ,

AmazonWebServicesCloudTrail: No description available. ,

AzureAdvancedThreatProtection: No description available. ,

MicrosoftDefenderAdvancedThreatProtection: No description available. ,

RestApiPoller: No description available. ,

}

Required: True ,

}

enum ,

}

⚐ Response (200)

{

kind:

{

Description: The data connector kind ,

Enum:

{

AzureActiveDirectory: No description available. ,

AzureSecurityCenter: No description available. ,

MicrosoftCloudAppSecurity: No description available. ,

ThreatIntelligence: No description available. ,

MicrosoftThreatIntelligence: No description available. ,

PremiumMicrosoftDefenderForThreatIntelligence: No description available. ,

Office365: No description available. ,

AmazonWebServicesCloudTrail: No description available. ,

AzureAdvancedThreatProtection: No description available. ,

MicrosoftDefenderAdvancedThreatProtection: No description available. ,

RestApiPoller: No description available. ,

}

Required: True ,

}

enum ,

}

⚐ Response (201)

{

kind:

{

Description: The data connector kind ,

Enum:

{

AzureActiveDirectory: No description available. ,

AzureSecurityCenter: No description available. ,

MicrosoftCloudAppSecurity: No description available. ,

ThreatIntelligence: No description available. ,

MicrosoftThreatIntelligence: No description available. ,

PremiumMicrosoftDefenderForThreatIntelligence: No description available. ,

Office365: No description available. ,

AmazonWebServicesCloudTrail: No description available. ,

AzureAdvancedThreatProtection: No description available. ,

MicrosoftDefenderAdvancedThreatProtection: No description available. ,

RestApiPoller: No description available. ,

}

Required: True ,

}

enum ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

DataConnectors_Delete (new)

Description	: Delete the data connector.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

dataConnectorId:

{

Description: Connector ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Incidents_List (new)

Description	: Gets all incidents.
Reference	: Link ¶

⚼ Request

GET: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

$filter:

{

Description: Filters the results, based on a Boolean condition. Optional. ,

Required: False ,

}

string ,

$orderby:

{

Description: Sorts the results. Optional. ,

Required: False ,

}

string ,

$top:

{

Description: Returns only the first n results. Optional. ,

Format: int32 ,

Required: False ,

}

integer ,

$skipToken:

{

Required: False ,

}

string ,

}

⚐ Response (200)

{

nextLink:

{

Description: URL to fetch the next set of incidents. ,

Required: False ,

}

string ,

value:

{

Description: Array of incidents. ,

Required: True ,

}

[

{

properties:

{

Description: Incident properties ,

Required: False ,

}

{

additionalData:

{

Description: Additional data on the incident ,

Required: False ,

}

{

alertsCount:

{

Description: The number of alerts in the incident ,

Format: int32 ,

Required: False ,

}

integer ,

bookmarksCount:

{

Description: The number of bookmarks in the incident ,

Format: int32 ,

Required: False ,

}

integer ,

commentsCount:

{

Description: The number of comments in the incident ,

Format: int32 ,

Required: False ,

}

integer ,

alertProductNames:

{

Description: List of product names of alerts in the incident ,

Required: False ,

}

[

string ,

]

tactics:

{

Description: The tactics associated with incident ,

Required: False ,

}

[

string ,

]

providerIncidentUrl:

{

Description: The provider incident url to the incident in Microsoft 365 Defender portal ,

Required: False ,

}

string ,

}

classification:

{

Description: The reason the incident was closed ,

Enum:

{

Undetermined: Incident classification was undetermined ,

TruePositive: Incident was true positive ,

BenignPositive: Incident was benign positive ,

FalsePositive: Incident was false positive ,

}

Required: False ,

}

enum ,

classificationComment:

{

Description: Describes the reason the incident was closed ,

Required: False ,

}

string ,

classificationReason:

{

Description: The classification reason the incident was closed with ,

Enum:

{

SuspiciousActivity: Classification reason was suspicious activity ,

SuspiciousButExpected: Classification reason was suspicious but expected ,

IncorrectAlertLogic: Classification reason was incorrect alert logic ,

InaccurateData: Classification reason was inaccurate data ,

}

Required: False ,

}

enum ,

createdTimeUtc:

{

Description: The time the incident was created ,

Format: date-time ,

Required: False ,

}

string ,

description:

{

Description: The description of the incident ,

Required: False ,

}

string ,

firstActivityTimeUtc:

{

Description: The time of the first activity in the incident ,

Format: date-time ,

Required: False ,

}

string ,

incidentUrl:

{

Description: The deep-link url to the incident in Azure portal ,

Required: False ,

}

string ,

providerName:

{

Description: The name of the source provider that generated the incident ,

Required: False ,

}

string ,

providerIncidentId:

{

Description: The incident ID assigned by the incident provider ,

Required: False ,

}

string ,

incidentNumber:

{

Description: A sequential number ,

Format: int32 ,

Required: False ,

}

integer ,

labels:

{

Description: List of labels relevant to this incident ,

Required: False ,

}

[

{

labelName:

{

Description: The name of the label ,

Required: True ,

}

string ,

labelType:

{

Description: The type of the label ,

Enum:

{

User: Label manually created by a user ,

AutoAssigned: Label automatically created by the system ,

}

Required: False ,

}

enum ,

}

]

lastActivityTimeUtc:

{

Description: The time of the last activity in the incident ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedTimeUtc:

{

Description: The last time the incident was updated ,

Format: date-time ,

Required: False ,

}

string ,

owner:

{

Description: Describes a user that the incident is assigned to ,

Required: False ,

}

{

email:

{

Description: The email of the user the incident is assigned to. ,

Required: False ,

}

string ,

assignedTo:

{

Description: The name of the user the incident is assigned to. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user the incident is assigned to. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the user the incident is assigned to. ,

Required: False ,

}

string ,

ownerType:

{

Description: The type of the owner the incident is assigned to. ,

Enum:

{

Unknown: The incident owner type is unknown ,

User: The incident owner type is an AAD user ,

Group: The incident owner type is an AAD group ,

}

Required: False ,

}

enum ,

}

relatedAnalyticRuleIds:

{

Description: List of resource ids of Analytic rules related to the incident ,

Required: False ,

}

[

string ,

]

severity:

{

Description: The severity of the incident ,

Enum:

{

High: High severity ,

Medium: Medium severity ,

Low: Low severity ,

Informational: Informational severity ,

}

Required: True ,

}

enum ,

status:

{

Description: The status of the incident ,

Enum:

{

New: An active incident which isn't being handled currently ,

Active: An active incident which is being handled ,

Closed: A non-active incident ,

}

Required: True ,

}

enum ,

title:

{

Description: The title of the incident ,

Required: True ,

}

string ,

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Incidents_Get (new)

Description	: Gets a given incident.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

incidentId:

{

Description: Incident ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: Incident properties ,

Required: False ,

}

{

additionalData:

{

Description: Additional data on the incident ,

Required: False ,

}

{

alertsCount:

{

Description: The number of alerts in the incident ,

Format: int32 ,

Required: False ,

}

integer ,

bookmarksCount:

{

Description: The number of bookmarks in the incident ,

Format: int32 ,

Required: False ,

}

integer ,

commentsCount:

{

Description: The number of comments in the incident ,

Format: int32 ,

Required: False ,

}

integer ,

alertProductNames:

{

Description: List of product names of alerts in the incident ,

Required: False ,

}

[

string ,

]

tactics:

{

Description: The tactics associated with incident ,

Required: False ,

}

[

string ,

]

providerIncidentUrl:

{

Description: The provider incident url to the incident in Microsoft 365 Defender portal ,

Required: False ,

}

string ,

}

classification:

{

Description: The reason the incident was closed ,

Enum:

{

Undetermined: Incident classification was undetermined ,

TruePositive: Incident was true positive ,

BenignPositive: Incident was benign positive ,

FalsePositive: Incident was false positive ,

}

Required: False ,

}

enum ,

classificationComment:

{

Description: Describes the reason the incident was closed ,

Required: False ,

}

string ,

classificationReason:

{

Description: The classification reason the incident was closed with ,

Enum:

{

SuspiciousActivity: Classification reason was suspicious activity ,

SuspiciousButExpected: Classification reason was suspicious but expected ,

IncorrectAlertLogic: Classification reason was incorrect alert logic ,

InaccurateData: Classification reason was inaccurate data ,

}

Required: False ,

}

enum ,

createdTimeUtc:

{

Description: The time the incident was created ,

Format: date-time ,

Required: False ,

}

string ,

description:

{

Description: The description of the incident ,

Required: False ,

}

string ,

firstActivityTimeUtc:

{

Description: The time of the first activity in the incident ,

Format: date-time ,

Required: False ,

}

string ,

incidentUrl:

{

Description: The deep-link url to the incident in Azure portal ,

Required: False ,

}

string ,

providerName:

{

Description: The name of the source provider that generated the incident ,

Required: False ,

}

string ,

providerIncidentId:

{

Description: The incident ID assigned by the incident provider ,

Required: False ,

}

string ,

incidentNumber:

{

Description: A sequential number ,

Format: int32 ,

Required: False ,

}

integer ,

labels:

{

Description: List of labels relevant to this incident ,

Required: False ,

}

[

{

labelName:

{

Description: The name of the label ,

Required: True ,

}

string ,

labelType:

{

Description: The type of the label ,

Enum:

{

User: Label manually created by a user ,

AutoAssigned: Label automatically created by the system ,

}

Required: False ,

}

enum ,

}

]

lastActivityTimeUtc:

{

Description: The time of the last activity in the incident ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedTimeUtc:

{

Description: The last time the incident was updated ,

Format: date-time ,

Required: False ,

}

string ,

owner:

{

Description: Describes a user that the incident is assigned to ,

Required: False ,

}

{

email:

{

Description: The email of the user the incident is assigned to. ,

Required: False ,

}

string ,

assignedTo:

{

Description: The name of the user the incident is assigned to. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user the incident is assigned to. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the user the incident is assigned to. ,

Required: False ,

}

string ,

ownerType:

{

Description: The type of the owner the incident is assigned to. ,

Enum:

{

Unknown: The incident owner type is unknown ,

User: The incident owner type is an AAD user ,

Group: The incident owner type is an AAD group ,

}

Required: False ,

}

enum ,

}

relatedAnalyticRuleIds:

{

Description: List of resource ids of Analytic rules related to the incident ,

Required: False ,

}

[

string ,

]

severity:

{

Description: The severity of the incident ,

Enum:

{

High: High severity ,

Medium: Medium severity ,

Low: Low severity ,

Informational: Informational severity ,

}

Required: True ,

}

enum ,

status:

{

Description: The status of the incident ,

Enum:

{

New: An active incident which isn't being handled currently ,

Active: An active incident which is being handled ,

Closed: A non-active incident ,

}

Required: True ,

}

enum ,

title:

{

Description: The title of the incident ,

Required: True ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Incidents_CreateOrUpdate (new)

Description	: Creates or updates an incident.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

incidentId:

{

Description: Incident ID ,

Required: True ,

}

string ,

incident:

{

Description: The incident ,

Required: True ,

}

{

properties:

{

Description: Incident properties ,

Required: False ,

}

{

additionalData:

{

Description: Additional data on the incident ,

Required: False ,

}

{

alertsCount:

{

Description: The number of alerts in the incident ,

Format: int32 ,

Required: False ,

}

integer ,

bookmarksCount:

{

Description: The number of bookmarks in the incident ,

Format: int32 ,

Required: False ,

}

integer ,

commentsCount:

{

Description: The number of comments in the incident ,

Format: int32 ,

Required: False ,

}

integer ,

alertProductNames:

{

Description: List of product names of alerts in the incident ,

Required: False ,

}

[

string ,

]

tactics:

{

Description: The tactics associated with incident ,

Required: False ,

}

[

string ,

]

providerIncidentUrl:

{

Description: The provider incident url to the incident in Microsoft 365 Defender portal ,

Required: False ,

}

string ,

}

classification:

{

Description: The reason the incident was closed ,

Enum:

{

Undetermined: Incident classification was undetermined ,

TruePositive: Incident was true positive ,

BenignPositive: Incident was benign positive ,

FalsePositive: Incident was false positive ,

}

Required: False ,

}

enum ,

classificationComment:

{

Description: Describes the reason the incident was closed ,

Required: False ,

}

string ,

classificationReason:

{

Description: The classification reason the incident was closed with ,

Enum:

{

SuspiciousActivity: Classification reason was suspicious activity ,

SuspiciousButExpected: Classification reason was suspicious but expected ,

IncorrectAlertLogic: Classification reason was incorrect alert logic ,

InaccurateData: Classification reason was inaccurate data ,

}

Required: False ,

}

enum ,

createdTimeUtc:

{

Description: The time the incident was created ,

Format: date-time ,

Required: False ,

}

string ,

description:

{

Description: The description of the incident ,

Required: False ,

}

string ,

firstActivityTimeUtc:

{

Description: The time of the first activity in the incident ,

Format: date-time ,

Required: False ,

}

string ,

incidentUrl:

{

Description: The deep-link url to the incident in Azure portal ,

Required: False ,

}

string ,

providerName:

{

Description: The name of the source provider that generated the incident ,

Required: False ,

}

string ,

providerIncidentId:

{

Description: The incident ID assigned by the incident provider ,

Required: False ,

}

string ,

incidentNumber:

{

Description: A sequential number ,

Format: int32 ,

Required: False ,

}

integer ,

labels:

{

Description: List of labels relevant to this incident ,

Required: False ,

}

[

{

labelName:

{

Description: The name of the label ,

Required: True ,

}

string ,

labelType:

{

Description: The type of the label ,

Enum:

{

User: Label manually created by a user ,

AutoAssigned: Label automatically created by the system ,

}

Required: False ,

}

enum ,

}

]

lastActivityTimeUtc:

{

Description: The time of the last activity in the incident ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedTimeUtc:

{

Description: The last time the incident was updated ,

Format: date-time ,

Required: False ,

}

string ,

owner:

{

Description: Describes a user that the incident is assigned to ,

Required: False ,

}

{

email:

{

Description: The email of the user the incident is assigned to. ,

Required: False ,

}

string ,

assignedTo:

{

Description: The name of the user the incident is assigned to. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user the incident is assigned to. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the user the incident is assigned to. ,

Required: False ,

}

string ,

ownerType:

{

Description: The type of the owner the incident is assigned to. ,

Enum:

{

Unknown: The incident owner type is unknown ,

User: The incident owner type is an AAD user ,

Group: The incident owner type is an AAD group ,

}

Required: False ,

}

enum ,

}

relatedAnalyticRuleIds:

{

Description: List of resource ids of Analytic rules related to the incident ,

Required: False ,

}

[

string ,

]

severity:

{

Description: The severity of the incident ,

Enum:

{

High: High severity ,

Medium: Medium severity ,

Low: Low severity ,

Informational: Informational severity ,

}

Required: True ,

}

enum ,

status:

{

Description: The status of the incident ,

Enum:

{

New: An active incident which isn't being handled currently ,

Active: An active incident which is being handled ,

Closed: A non-active incident ,

}

Required: True ,

}

enum ,

title:

{

Description: The title of the incident ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: Incident properties ,

Required: False ,

}

{

additionalData:

{

Description: Additional data on the incident ,

Required: False ,

}

{

alertsCount:

{

Description: The number of alerts in the incident ,

Format: int32 ,

Required: False ,

}

integer ,

bookmarksCount:

{

Description: The number of bookmarks in the incident ,

Format: int32 ,

Required: False ,

}

integer ,

commentsCount:

{

Description: The number of comments in the incident ,

Format: int32 ,

Required: False ,

}

integer ,

alertProductNames:

{

Description: List of product names of alerts in the incident ,

Required: False ,

}

[

string ,

]

tactics:

{

Description: The tactics associated with incident ,

Required: False ,

}

[

string ,

]

providerIncidentUrl:

{

Description: The provider incident url to the incident in Microsoft 365 Defender portal ,

Required: False ,

}

string ,

}

classification:

{

Description: The reason the incident was closed ,

Enum:

{

Undetermined: Incident classification was undetermined ,

TruePositive: Incident was true positive ,

BenignPositive: Incident was benign positive ,

FalsePositive: Incident was false positive ,

}

Required: False ,

}

enum ,

classificationComment:

{

Description: Describes the reason the incident was closed ,

Required: False ,

}

string ,

classificationReason:

{

Description: The classification reason the incident was closed with ,

Enum:

{

SuspiciousActivity: Classification reason was suspicious activity ,

SuspiciousButExpected: Classification reason was suspicious but expected ,

IncorrectAlertLogic: Classification reason was incorrect alert logic ,

InaccurateData: Classification reason was inaccurate data ,

}

Required: False ,

}

enum ,

createdTimeUtc:

{

Description: The time the incident was created ,

Format: date-time ,

Required: False ,

}

string ,

description:

{

Description: The description of the incident ,

Required: False ,

}

string ,

firstActivityTimeUtc:

{

Description: The time of the first activity in the incident ,

Format: date-time ,

Required: False ,

}

string ,

incidentUrl:

{

Description: The deep-link url to the incident in Azure portal ,

Required: False ,

}

string ,

providerName:

{

Description: The name of the source provider that generated the incident ,

Required: False ,

}

string ,

providerIncidentId:

{

Description: The incident ID assigned by the incident provider ,

Required: False ,

}

string ,

incidentNumber:

{

Description: A sequential number ,

Format: int32 ,

Required: False ,

}

integer ,

labels:

{

Description: List of labels relevant to this incident ,

Required: False ,

}

[

{

labelName:

{

Description: The name of the label ,

Required: True ,

}

string ,

labelType:

{

Description: The type of the label ,

Enum:

{

User: Label manually created by a user ,

AutoAssigned: Label automatically created by the system ,

}

Required: False ,

}

enum ,

}

]

lastActivityTimeUtc:

{

Description: The time of the last activity in the incident ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedTimeUtc:

{

Description: The last time the incident was updated ,

Format: date-time ,

Required: False ,

}

string ,

owner:

{

Description: Describes a user that the incident is assigned to ,

Required: False ,

}

{

email:

{

Description: The email of the user the incident is assigned to. ,

Required: False ,

}

string ,

assignedTo:

{

Description: The name of the user the incident is assigned to. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user the incident is assigned to. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the user the incident is assigned to. ,

Required: False ,

}

string ,

ownerType:

{

Description: The type of the owner the incident is assigned to. ,

Enum:

{

Unknown: The incident owner type is unknown ,

User: The incident owner type is an AAD user ,

Group: The incident owner type is an AAD group ,

}

Required: False ,

}

enum ,

}

relatedAnalyticRuleIds:

{

Description: List of resource ids of Analytic rules related to the incident ,

Required: False ,

}

[

string ,

]

severity:

{

Description: The severity of the incident ,

Enum:

{

High: High severity ,

Medium: Medium severity ,

Low: Low severity ,

Informational: Informational severity ,

}

Required: True ,

}

enum ,

status:

{

Description: The status of the incident ,

Enum:

{

New: An active incident which isn't being handled currently ,

Active: An active incident which is being handled ,

Closed: A non-active incident ,

}

Required: True ,

}

enum ,

title:

{

Description: The title of the incident ,

Required: True ,

}

string ,

}

⚐ Response (201)

{

properties:

{

Description: Incident properties ,

Required: False ,

}

{

additionalData:

{

Description: Additional data on the incident ,

Required: False ,

}

{

alertsCount:

{

Description: The number of alerts in the incident ,

Format: int32 ,

Required: False ,

}

integer ,

bookmarksCount:

{

Description: The number of bookmarks in the incident ,

Format: int32 ,

Required: False ,

}

integer ,

commentsCount:

{

Description: The number of comments in the incident ,

Format: int32 ,

Required: False ,

}

integer ,

alertProductNames:

{

Description: List of product names of alerts in the incident ,

Required: False ,

}

[

string ,

]

tactics:

{

Description: The tactics associated with incident ,

Required: False ,

}

[

string ,

]

providerIncidentUrl:

{

Description: The provider incident url to the incident in Microsoft 365 Defender portal ,

Required: False ,

}

string ,

}

classification:

{

Description: The reason the incident was closed ,

Enum:

{

Undetermined: Incident classification was undetermined ,

TruePositive: Incident was true positive ,

BenignPositive: Incident was benign positive ,

FalsePositive: Incident was false positive ,

}

Required: False ,

}

enum ,

classificationComment:

{

Description: Describes the reason the incident was closed ,

Required: False ,

}

string ,

classificationReason:

{

Description: The classification reason the incident was closed with ,

Enum:

{

SuspiciousActivity: Classification reason was suspicious activity ,

SuspiciousButExpected: Classification reason was suspicious but expected ,

IncorrectAlertLogic: Classification reason was incorrect alert logic ,

InaccurateData: Classification reason was inaccurate data ,

}

Required: False ,

}

enum ,

createdTimeUtc:

{

Description: The time the incident was created ,

Format: date-time ,

Required: False ,

}

string ,

description:

{

Description: The description of the incident ,

Required: False ,

}

string ,

firstActivityTimeUtc:

{

Description: The time of the first activity in the incident ,

Format: date-time ,

Required: False ,

}

string ,

incidentUrl:

{

Description: The deep-link url to the incident in Azure portal ,

Required: False ,

}

string ,

providerName:

{

Description: The name of the source provider that generated the incident ,

Required: False ,

}

string ,

providerIncidentId:

{

Description: The incident ID assigned by the incident provider ,

Required: False ,

}

string ,

incidentNumber:

{

Description: A sequential number ,

Format: int32 ,

Required: False ,

}

integer ,

labels:

{

Description: List of labels relevant to this incident ,

Required: False ,

}

[

{

labelName:

{

Description: The name of the label ,

Required: True ,

}

string ,

labelType:

{

Description: The type of the label ,

Enum:

{

User: Label manually created by a user ,

AutoAssigned: Label automatically created by the system ,

}

Required: False ,

}

enum ,

}

]

lastActivityTimeUtc:

{

Description: The time of the last activity in the incident ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedTimeUtc:

{

Description: The last time the incident was updated ,

Format: date-time ,

Required: False ,

}

string ,

owner:

{

Description: Describes a user that the incident is assigned to ,

Required: False ,

}

{

email:

{

Description: The email of the user the incident is assigned to. ,

Required: False ,

}

string ,

assignedTo:

{

Description: The name of the user the incident is assigned to. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user the incident is assigned to. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the user the incident is assigned to. ,

Required: False ,

}

string ,

ownerType:

{

Description: The type of the owner the incident is assigned to. ,

Enum:

{

Unknown: The incident owner type is unknown ,

User: The incident owner type is an AAD user ,

Group: The incident owner type is an AAD group ,

}

Required: False ,

}

enum ,

}

relatedAnalyticRuleIds:

{

Description: List of resource ids of Analytic rules related to the incident ,

Required: False ,

}

[

string ,

]

severity:

{

Description: The severity of the incident ,

Enum:

{

High: High severity ,

Medium: Medium severity ,

Low: Low severity ,

Informational: Informational severity ,

}

Required: True ,

}

enum ,

status:

{

Description: The status of the incident ,

Enum:

{

New: An active incident which isn't being handled currently ,

Active: An active incident which is being handled ,

Closed: A non-active incident ,

}

Required: True ,

}

enum ,

title:

{

Description: The title of the incident ,

Required: True ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Incidents_Delete (new)

Description	: Deletes a given incident.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

incidentId:

{

Description: Incident ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Incidents_ListAlerts (new)

Description	: Gets all alerts for an incident.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

incidentId:

{

Description: Incident ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

value:

{

Description: Array of incident alerts. ,

Required: True ,

}

[

{

properties:

{

Description: SecurityAlert entity properties ,

Required: False ,

}

{

alertDisplayName:

{

Description: The display name of the alert. ,

Required: False ,

}

string ,

alertType:

{

Description: The type name of the alert. ,

Required: False ,

}

string ,

compromisedEntity:

{

Description: Display name of the main entity being reported on. ,

Required: False ,

}

string ,

confidenceLevel:

{

Description: The confidence level of this alert. ,

Enum:

{

Unknown: Unknown confidence, the is the default value ,

Low: Low confidence, meaning we have some doubts this is indeed malicious or part of an attack ,

High: High confidence that the alert is true positive malicious ,

}

Required: False ,

}

enum ,

confidenceReasons:

{

Description: The confidence reasons ,

Required: False ,

}

[

{

reason:

{

Description: The reason's description ,

Required: False ,

}

string ,

reasonType:

{

Description: The type (category) of the reason ,

Required: False ,

}

string ,

}

]

confidenceScore:

{

Description: The confidence score of the alert. ,

Format: double ,

Required: False ,

}

number ,

confidenceScoreStatus:

{

Description: The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. ,

Enum:

{

NotApplicable: Score will not be calculated for this alert as it is not supported by virtual analyst ,

InProcess: No score was set yet and calculation is in progress ,

NotFinal: Score is calculated and shown as part of the alert, but may be updated again at a later time following the processing of additional data ,

Final: Final score was calculated and available ,

}

Required: False ,

}

enum ,

description:

{

Description: Alert description. ,

Required: False ,

}

string ,

endTimeUtc:

{

Description: The impact end time of the alert (the time of the last event contributing to the alert). ,

Format: date-time ,

Required: False ,

}

string ,

intent:

{

Description: Holds the alert intent stage(s) mapping for this alert. ,

Enum:

{

Unknown: The default value. ,

Probing: Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in. ,

Exploitation: Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage. ,

Persistence: Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access. ,

PrivilegeEscalation: Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege. ,

DefenseEvasion: Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. ,

CredentialAccess: Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment. ,

Discovery: Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must orient themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase. ,

LateralMovement: Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect. ,

Execution: The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network. ,

Collection: Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate. ,

Exfiltration: Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate. ,

CommandAndControl: The command and control tactic represents how adversaries communicate with systems under their control within a target network. ,

Impact: The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others. ,

}

Required: False ,

}

enum ,

providerAlertId:

{

Description: The identifier of the alert inside the product which generated the alert. ,

Required: False ,

}

string ,

processingEndTime:

{

Description: The time the alert was made available for consumption. ,

Format: date-time ,

Required: False ,

}

string ,

productComponentName:

{

Description: The name of a component inside the product which generated the alert. ,

Required: False ,

}

string ,

productName:

{

Description: The name of the product which published this alert. ,

Required: False ,

}

string ,

productVersion:

{

Description: The version of the product generating the alert. ,

Required: False ,

}

string ,

remediationSteps:

{

Description: Manual action items to take to remediate the alert. ,

Required: False ,

}

[

string ,

]

severity:

{

Description: The severity of the alert ,

Enum:

{

High: High severity ,

Medium: Medium severity ,

Low: Low severity ,

Informational: Informational severity ,

}

Required: False ,

}

enum ,

startTimeUtc:

{

Description: The impact start time of the alert (the time of the first event contributing to the alert). ,

Format: date-time ,

Required: False ,

}

string ,

status:

{

Description: The lifecycle status of the alert. ,

Enum:

{

Unknown: Unknown value ,

New: New alert ,

Resolved: Alert closed after handling ,

Dismissed: Alert dismissed as false positive ,

InProgress: Alert is being handled ,

}

Required: False ,

}

enum ,

systemAlertId:

{

Description: Holds the product identifier of the alert for the product. ,

Required: False ,

}

string ,

tactics:

{

Description: The tactics of the alert ,

Required: False ,

}

[

string ,

]

timeGenerated:

{

Description: The time the alert was generated. ,

Format: date-time ,

Required: False ,

}

string ,

vendorName:

{

Description: The name of the vendor that raise the alert. ,

Required: False ,

}

string ,

alertLink:

{

Description: The uri link of the alert. ,

Required: False ,

}

string ,

resourceIdentifiers:

{

Description: The list of resource identifiers of the alert. ,

Required: False ,

}

[

object ,

]

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Incidents_ListBookmarks (new)

Description	: Gets all bookmarks for an incident.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

incidentId:

{

Description: Incident ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

value:

{

Description: Array of incident bookmarks. ,

Required: True ,

}

[

{

properties:

{

Description: HuntingBookmark entity properties ,

Required: False ,

}

{

created:

{

Description: The time the bookmark was created ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Describes a user that created the bookmark ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

displayName:

{

Description: The display name of the bookmark ,

Required: True ,

}

string ,

eventTime:

{

Description: The time of the event ,

Format: date-time ,

Required: False ,

}

string ,

labels:

{

Description: List of labels relevant to this bookmark ,

Required: False ,

}

[

string ,

]

notes:

{

Description: The notes of the bookmark ,

Required: False ,

}

string ,

query:

{

Description: The query of the bookmark. ,

Required: True ,

}

string ,

queryResult:

{

Description: The query result of the bookmark. ,

Required: False ,

}

string ,

updated:

{

Description: The last time the bookmark was updated ,

Format: date-time ,

Required: False ,

}

string ,

updatedBy:

{

Description: Describes a user that updated the bookmark ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

incidentInfo:

{

Description: Describes an incident that relates to bookmark ,

Required: False ,

}

{

incidentId:

{

Description: Incident Id ,

Required: False ,

}

string ,

severity:

{

Description: The severity of the incident ,

Enum:

{

High: High severity ,

Medium: Medium severity ,

Low: Low severity ,

Informational: Informational severity ,

}

Required: False ,

}

enum ,

title:

{

Description: The title of the incident ,

Required: False ,

}

string ,

relationName:

{

Description: Relation Name ,

Required: False ,

}

string ,

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

IncidentComments_List (new)

Description	: Gets all comments for a given incident.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

incidentId:

{

Description: Incident ID ,

Required: True ,

}

string ,

$filter:

{

Description: Filters the results, based on a Boolean condition. Optional. ,

Required: False ,

}

string ,

$orderby:

{

Description: Sorts the results. Optional. ,

Required: False ,

}

string ,

$top:

{

Description: Returns only the first n results. Optional. ,

Format: int32 ,

Required: False ,

}

integer ,

$skipToken:

{

Required: False ,

}

string ,

}

⚐ Response (200)

{

nextLink:

{

Description: URL to fetch the next set of comments. ,

Required: False ,

}

string ,

value:

{

Description: Array of comments. ,

Required: True ,

}

[

{

properties:

{

Description: Incident comment properties ,

Required: False ,

}

{

createdTimeUtc:

{

Description: The time the comment was created ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedTimeUtc:

{

Description: The time the comment was updated ,

Format: date-time ,

Required: False ,

}

string ,

message:

{

Description: The comment message ,

Required: True ,

}

string ,

author:

{

Description: Describes the client that created the comment ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

IncidentComments_Get (new)

Description	: Gets a comment for a given incident.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

incidentId:

{

Description: Incident ID ,

Required: True ,

}

string ,

incidentCommentId:

{

Description: Incident comment ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: Incident comment properties ,

Required: False ,

}

{

createdTimeUtc:

{

Description: The time the comment was created ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedTimeUtc:

{

Description: The time the comment was updated ,

Format: date-time ,

Required: False ,

}

string ,

message:

{

Description: The comment message ,

Required: True ,

}

string ,

author:

{

Description: Describes the client that created the comment ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

IncidentComments_CreateOrUpdate (new)

Description	: Creates or updates a comment for a given incident.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

incidentId:

{

Description: Incident ID ,

Required: True ,

}

string ,

incidentCommentId:

{

Description: Incident comment ID ,

Required: True ,

}

string ,

incidentComment:

{

Description: The incident comment ,

Required: True ,

}

{

properties:

{

Description: Incident comment properties ,

Required: False ,

}

{

createdTimeUtc:

{

Description: The time the comment was created ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedTimeUtc:

{

Description: The time the comment was updated ,

Format: date-time ,

Required: False ,

}

string ,

message:

{

Description: The comment message ,

Required: True ,

}

string ,

author:

{

Description: Describes the client that created the comment ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: Incident comment properties ,

Required: False ,

}

{

createdTimeUtc:

{

Description: The time the comment was created ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedTimeUtc:

{

Description: The time the comment was updated ,

Format: date-time ,

Required: False ,

}

string ,

message:

{

Description: The comment message ,

Required: True ,

}

string ,

author:

{

Description: Describes the client that created the comment ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

⚐ Response (201)

{

properties:

{

Description: Incident comment properties ,

Required: False ,

}

{

createdTimeUtc:

{

Description: The time the comment was created ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedTimeUtc:

{

Description: The time the comment was updated ,

Format: date-time ,

Required: False ,

}

string ,

message:

{

Description: The comment message ,

Required: True ,

}

string ,

author:

{

Description: Describes the client that created the comment ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

IncidentComments_Delete (new)

Description	: Deletes a comment for a given incident.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

incidentId:

{

Description: Incident ID ,

Required: True ,

}

string ,

incidentCommentId:

{

Description: Incident comment ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Incidents_ListEntities (new)

Description	: Gets all entities for an incident.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

incidentId:

{

Description: Incident ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

entities:

{

Description: Array of the incident related entities. ,

Required: False ,

}

[

{

kind:

{

Description: The kind of the entity. ,

Enum:

{

Account: Entity represents account in the system. ,

Host: Entity represents host in the system. ,

File: Entity represents file in the system. ,

AzureResource: Entity represents azure resource in the system. ,

CloudApplication: Entity represents cloud application in the system. ,

DnsResolution: Entity represents dns resolution in the system. ,

FileHash: Entity represents file hash in the system. ,

Ip: Entity represents ip in the system. ,

Malware: Entity represents malware in the system. ,

Process: Entity represents process in the system. ,

RegistryKey: Entity represents registry key in the system. ,

RegistryValue: Entity represents registry value in the system. ,

SecurityGroup: Entity represents security group in the system. ,

Url: Entity represents url in the system. ,

IoTDevice: Entity represents IoT device in the system. ,

SecurityAlert: Entity represents security alert in the system. ,

Bookmark: Entity represents bookmark in the system. ,

Mailbox: Entity represents mailbox in the system. ,

MailCluster: Entity represents mail cluster in the system. ,

MailMessage: Entity represents mail message in the system. ,

SubmissionMail: Entity represents submission mail in the system. ,

}

Required: True ,

}

enum ,

}

]

metaData:

{

Description: The metadata from the incident related entities results. ,

Required: False ,

}

[

{

count:

{

Description: Total number of aggregations of the given kind in the incident related entities result. ,

Format: int32 ,

Required: True ,

}

integer ,

entityKind:

{

Description: The kind of the aggregated entity. ,

Enum:

{

Account: Entity represents account in the system. ,

Host: Entity represents host in the system. ,

File: Entity represents file in the system. ,

AzureResource: Entity represents azure resource in the system. ,

CloudApplication: Entity represents cloud application in the system. ,

DnsResolution: Entity represents dns resolution in the system. ,

FileHash: Entity represents file hash in the system. ,

Ip: Entity represents ip in the system. ,

Malware: Entity represents malware in the system. ,

Process: Entity represents process in the system. ,

RegistryKey: Entity represents registry key in the system. ,

RegistryValue: Entity represents registry value in the system. ,

SecurityGroup: Entity represents security group in the system. ,

Url: Entity represents url in the system. ,

IoTDevice: Entity represents IoT device in the system. ,

SecurityAlert: Entity represents security alert in the system. ,

Bookmark: Entity represents bookmark in the system. ,

Mailbox: Entity represents mailbox in the system. ,

MailCluster: Entity represents mail cluster in the system. ,

MailMessage: Entity represents mail message in the system. ,

SubmissionMail: Entity represents submission mail in the system. ,

}

Required: True ,

}

enum ,

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

IncidentRelations_List (new)

Description	: Gets all relations for a given incident.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

incidentId:

{

Description: Incident ID ,

Required: True ,

}

string ,

$filter:

{

Description: Filters the results, based on a Boolean condition. Optional. ,

Required: False ,

}

string ,

$orderby:

{

Description: Sorts the results. Optional. ,

Required: False ,

}

string ,

$top:

{

Description: Returns only the first n results. Optional. ,

Format: int32 ,

Required: False ,

}

integer ,

$skipToken:

{

Required: False ,

}

string ,

}

⚐ Response (200)

{

nextLink:

{

Description: URL to fetch the next set of relations. ,

Required: False ,

}

string ,

value:

{

Description: Array of relations. ,

Required: True ,

}

[

{

properties:

{

Description: Relation properties ,

Required: False ,

}

{

relatedResourceId:

{

Description: The resource ID of the related resource ,

Required: True ,

}

string ,

relatedResourceName:

{

Description: The name of the related resource ,

Required: False ,

}

string ,

relatedResourceType:

{

Description: The resource type of the related resource ,

Required: False ,

}

string ,

relatedResourceKind:

{

Description: The resource kind of the related resource ,

Required: False ,

}

string ,

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

IncidentRelations_Get (new)

Description	: Gets a relation for a given incident.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

incidentId:

{

Description: Incident ID ,

Required: True ,

}

string ,

relationName:

{

Description: Relation Name ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: Relation properties ,

Required: False ,

}

{

relatedResourceId:

{

Description: The resource ID of the related resource ,

Required: True ,

}

string ,

relatedResourceName:

{

Description: The name of the related resource ,

Required: False ,

}

string ,

relatedResourceType:

{

Description: The resource type of the related resource ,

Required: False ,

}

string ,

relatedResourceKind:

{

Description: The resource kind of the related resource ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

IncidentRelations_CreateOrUpdate (new)

Description	: Creates or updates a relation for a given incident.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

incidentId:

{

Description: Incident ID ,

Required: True ,

}

string ,

relationName:

{

Description: Relation Name ,

Required: True ,

}

string ,

relation:

{

Description: The relation model ,

Required: True ,

}

{

properties:

{

Description: Relation properties ,

Required: False ,

}

{

relatedResourceId:

{

Description: The resource ID of the related resource ,

Required: True ,

}

string ,

relatedResourceName:

{

Description: The name of the related resource ,

Required: False ,

}

string ,

relatedResourceType:

{

Description: The resource type of the related resource ,

Required: False ,

}

string ,

relatedResourceKind:

{

Description: The resource kind of the related resource ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: Relation properties ,

Required: False ,

}

{

relatedResourceId:

{

Description: The resource ID of the related resource ,

Required: True ,

}

string ,

relatedResourceName:

{

Description: The name of the related resource ,

Required: False ,

}

string ,

relatedResourceType:

{

Description: The resource type of the related resource ,

Required: False ,

}

string ,

relatedResourceKind:

{

Description: The resource kind of the related resource ,

Required: False ,

}

string ,

}

⚐ Response (201)

{

properties:

{

Description: Relation properties ,

Required: False ,

}

{

relatedResourceId:

{

Description: The resource ID of the related resource ,

Required: True ,

}

string ,

relatedResourceName:

{

Description: The name of the related resource ,

Required: False ,

}

string ,

relatedResourceType:

{

Description: The resource type of the related resource ,

Required: False ,

}

string ,

relatedResourceKind:

{

Description: The resource kind of the related resource ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

IncidentRelations_Delete (new)

Description	: Deletes a relation for a given incident.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

incidentId:

{

Description: Incident ID ,

Required: True ,

}

string ,

relationName:

{

Description: Relation Name ,

Required: True ,

}

string ,

}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

IncidentTasks_List (new)

Description	: Gets all incident tasks.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

incidentId:

{

Description: Incident ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

value:

{

Required: False ,

}

[

{

properties:

{

Description: Describes the properties of an incident task ,

Required: True ,

}

{

title:

{

Description: The title of the task ,

Required: True ,

}

string ,

description:

{

Description: The description of the task ,

Required: False ,

}

string ,

status:

{

Description: The status of the task ,

Enum:

{

New: A new task ,

Completed: A completed task ,

}

Required: True ,

}

enum ,

createdTimeUtc:

{

Description: The time the task was created ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedTimeUtc:

{

Description: The last time the task was updated ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

lastModifiedBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

]

nextLink:

{

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

IncidentTasks_Get (new)

Description	: Gets an incident task.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

incidentId:

{

Description: Incident ID ,

Required: True ,

}

string ,

incidentTaskId:

{

Description: Incident task ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: Describes the properties of an incident task ,

Required: True ,

}

{

title:

{

Description: The title of the task ,

Required: True ,

}

string ,

description:

{

Description: The description of the task ,

Required: False ,

}

string ,

status:

{

Description: The status of the task ,

Enum:

{

New: A new task ,

Completed: A completed task ,

}

Required: True ,

}

enum ,

createdTimeUtc:

{

Description: The time the task was created ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedTimeUtc:

{

Description: The last time the task was updated ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

lastModifiedBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

IncidentTasks_CreateOrUpdate (new)

Description	: Creates or updates the incident task.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

incidentId:

{

Description: Incident ID ,

Required: True ,

}

string ,

incidentTaskId:

{

Description: Incident task ID ,

Required: True ,

}

string ,

incidentTask:

{

Description: The incident task ,

Required: True ,

}

{

properties:

{

Description: Describes the properties of an incident task ,

Required: True ,

}

{

title:

{

Description: The title of the task ,

Required: True ,

}

string ,

description:

{

Description: The description of the task ,

Required: False ,

}

string ,

status:

{

Description: The status of the task ,

Enum:

{

New: A new task ,

Completed: A completed task ,

}

Required: True ,

}

enum ,

createdTimeUtc:

{

Description: The time the task was created ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedTimeUtc:

{

Description: The last time the task was updated ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

lastModifiedBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: Describes the properties of an incident task ,

Required: True ,

}

{

title:

{

Description: The title of the task ,

Required: True ,

}

string ,

description:

{

Description: The description of the task ,

Required: False ,

}

string ,

status:

{

Description: The status of the task ,

Enum:

{

New: A new task ,

Completed: A completed task ,

}

Required: True ,

}

enum ,

createdTimeUtc:

{

Description: The time the task was created ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedTimeUtc:

{

Description: The last time the task was updated ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

lastModifiedBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

⚐ Response (201)

{

properties:

{

Description: Describes the properties of an incident task ,

Required: True ,

}

{

title:

{

Description: The title of the task ,

Required: True ,

}

string ,

description:

{

Description: The description of the task ,

Required: False ,

}

string ,

status:

{

Description: The status of the task ,

Enum:

{

New: A new task ,

Completed: A completed task ,

}

Required: True ,

}

enum ,

createdTimeUtc:

{

Description: The time the task was created ,

Format: date-time ,

Required: False ,

}

string ,

lastModifiedTimeUtc:

{

Description: The last time the task was updated ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

lastModifiedBy:

{

Description: Information on the client (user or application) that made some action ,

Required: False ,

}

{

email:

{

Description: The email of the client. ,

Required: False ,

}

string ,

name:

{

Description: The name of the client. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the client. ,

Format: uuid ,

Required: False ,

}

string ,

userPrincipalName:

{

Description: The user principal name of the client. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

IncidentTasks_Delete (new)

Description	: Delete the incident task.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

incidentId:

{

Description: Incident ID ,

Required: True ,

}

string ,

incidentTaskId:

{

Description: Incident task ID ,

Required: True ,

}

string ,

}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Metadata_List (new)

Description	: List of all metadata
Reference	: Link ¶

⚼ Request

GET: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

$filter:

{

Description: Filters the results, based on a Boolean condition. Optional. ,

Required: False ,

}

string ,

$orderby:

{

Description: Sorts the results. Optional. ,

Required: False ,

}

string ,

$top:

{

Description: Returns only the first n results. Optional. ,

Format: int32 ,

Required: False ,

}

integer ,

$skip:

{

Description: Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. ,

Format: int32 ,

Required: False ,

}

integer ,

}

⚐ Response (200)

{

value:

{

Description: Array of metadata. ,

Required: True ,

}

[

{

properties:

{

Description: Metadata properties ,

Required: False ,

}

{

contentId:

{

Description: Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name ,

Required: False ,

}

string ,

parentId:

{

Description: Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) ,

Required: True ,

}

string ,

version:

{

Description: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks ,

Required: False ,

}

string ,

kind:

{

Description: The kind of content the metadata is for. ,

Required: True ,

}

string ,

source:

{

Description: Source of the content. This is where/how it was created. ,

Required: False ,

}

{

kind:

{

Description: Source type of the content ,

Enum:

{

LocalWorkspace: No description available. ,

Community: No description available. ,

Solution: No description available. ,

SourceRepository: No description available. ,

}

Required: True ,

}

enum ,

name:

{

Description: Name of the content source. The repo name, solution name, LA workspace name etc. ,

Required: False ,

}

string ,

sourceId:

{

Description: ID of the content source. The solution ID, workspace ID, etc ,

Required: False ,

}

string ,

}

author:

{

Description: The creator of the content item. ,

Required: False ,

}

{

name:

{

Description: Name of the author. Company or person. ,

Required: False ,

}

string ,

email:

{

Description: Email of author contact ,

Required: False ,

}

string ,

link:

{

Description: Link for author/vendor page ,

Required: False ,

}

string ,

}

support:

{

Description: Support information for the metadata - type, name, contact information ,

Required: False ,

}

{

tier:

{

Description: Type of support for content item ,

Enum:

{

Microsoft: No description available. ,

Partner: No description available. ,

Community: No description available. ,

}

Required: True ,

}

enum ,

name:

{

Description: Name of the support contact. Company or person. ,

Required: False ,

}

string ,

email:

{

Description: Email of support contact ,

Required: False ,

}

string ,

link:

{

Description: Link for support help, like to support page to open a ticket etc. ,

Required: False ,

}

string ,

}

dependencies:

{

Description: Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats. ,

Required: False ,

}

{

contentId:

{

Description: Id of the content item we depend on ,

Required: False ,

}

string ,

kind:

{

Description: Type of the content item we depend on ,

Enum:

{

DataConnector: No description available. ,

DataType: No description available. ,

Workbook: No description available. ,

WorkbookTemplate: No description available. ,

Playbook: No description available. ,

PlaybookTemplate: No description available. ,

AnalyticsRuleTemplate: No description available. ,

AnalyticsRule: No description available. ,

HuntingQuery: No description available. ,

InvestigationQuery: No description available. ,

Parser: No description available. ,

Watchlist: No description available. ,

WatchlistTemplate: No description available. ,

Solution: No description available. ,

AzureFunction: No description available. ,

LogicAppsCustomConnector: No description available. ,

AutomationRule: No description available. ,

ResourcesDataConnector: The Codeless Connector Platform (CCP) Connectors ,

Notebook: Jupyter Notebooks ,

Standalone: one-off / standalone content contributed by community contributors ,

SummaryRule: Summary rules perform batch processing directly in your Log Analytics workspace. ,

}

Required: False ,

}

enum ,

version:

{

Description: Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. ,

Required: False ,

}

string ,

name:

{

Description: Name of the content item ,

Required: False ,

}

string ,

operator:

{

Description: Operator used for list of dependencies in criteria array. ,

Enum:

{

AND: No description available. ,

OR: No description available. ,

}

Required: False ,

}

enum ,

criteria:

{

Description: This is the list of dependencies we must fulfill, according to the AND/OR operator ,

Required: False ,

}

[

string ,

]

}

categories:

{

Description: Categories for the solution content item ,

Required: False ,

}

{

domains:

{

Description: domain for the solution content item ,

Required: False ,

}

[

string ,

]

verticals:

{

Description: Industry verticals for the solution content item ,

Required: False ,

}

[

string ,

]

}

providers:

{

Description: Providers for the solution content item ,

Required: False ,

}

[

string ,

]

firstPublishDate:

{

Description: first publish date solution content item ,

Format: date ,

Required: False ,

}

string ,

lastPublishDate:

{

Description: last publish date for the solution content item ,

Format: date ,

Required: False ,

}

string ,

customVersion:

{

Description: The custom version of the content. A optional free text ,

Required: False ,

}

string ,

contentSchemaVersion:

{

Description: Schema version of the content. Can be used to distinguish between different flow based on the schema version ,

Required: False ,

}

string ,

icon:

{

Description: the icon identifier. this id can later be fetched from the solution template ,

Required: False ,

}

string ,

threatAnalysisTactics:

{

Description: the tactics the resource covers ,

Required: False ,

}

[

string ,

]

threatAnalysisTechniques:

{

Description: the techniques the resource covers, these have to be aligned with the tactics being used ,

Required: False ,

}

[

string ,

]

previewImages:

{

Description: preview image file names. These will be taken from the solution artifacts ,

Required: False ,

}

[

string ,

]

previewImagesDark:

{

Description: preview image file names. These will be taken from the solution artifacts. used for dark theme support ,

Required: False ,

}

[

string ,

]

}

]

nextLink:

{

Description: URL to fetch the next page of metadata. ,

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Metadata_Get (new)

Description	: Get a Metadata.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

metadataName:

{

Description: The Metadata name. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: Metadata properties ,

Required: False ,

}

{

contentId:

{

Required: False ,

}

string ,

parentId:

{

Description: Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) ,

Required: True ,

}

string ,

version:

{

Required: False ,

}

string ,

kind:

{

Description: The kind of content the metadata is for. ,

Required: True ,

}

string ,

source:

{

Description: Source of the content. This is where/how it was created. ,

Required: False ,

}

{

kind:

{

Description: Source type of the content ,

Enum:

{

LocalWorkspace: No description available. ,

Community: No description available. ,

Solution: No description available. ,

SourceRepository: No description available. ,

}

Required: True ,

}

enum ,

name:

{

Description: Name of the content source. The repo name, solution name, LA workspace name etc. ,

Required: False ,

}

string ,

sourceId:

{

Description: ID of the content source. The solution ID, workspace ID, etc ,

Required: False ,

}

string ,

}

author:

{

Description: The creator of the content item. ,

Required: False ,

}

{

name:

{

Description: Name of the author. Company or person. ,

Required: False ,

}

string ,

email:

{

Description: Email of author contact ,

Required: False ,

}

string ,

link:

{

Description: Link for author/vendor page ,

Required: False ,

}

string ,

}

support:

{

Description: Support information for the metadata - type, name, contact information ,

Required: False ,

}

{

tier:

{

Description: Type of support for content item ,

Enum:

{

Microsoft: No description available. ,

Partner: No description available. ,

Community: No description available. ,

}

Required: True ,

}

enum ,

name:

{

Description: Name of the support contact. Company or person. ,

Required: False ,

}

string ,

email:

{

Description: Email of support contact ,

Required: False ,

}

string ,

link:

{

Description: Link for support help, like to support page to open a ticket etc. ,

Required: False ,

}

string ,

}

dependencies:

{

Required: False ,

}

{

contentId:

{

Description: Id of the content item we depend on ,

Required: False ,

}

string ,

kind:

{

Description: Type of the content item we depend on ,

Enum:

{

DataConnector: No description available. ,

DataType: No description available. ,

Workbook: No description available. ,

WorkbookTemplate: No description available. ,

Playbook: No description available. ,

PlaybookTemplate: No description available. ,

AnalyticsRuleTemplate: No description available. ,

AnalyticsRule: No description available. ,

HuntingQuery: No description available. ,

InvestigationQuery: No description available. ,

Parser: No description available. ,

Watchlist: No description available. ,

WatchlistTemplate: No description available. ,

Solution: No description available. ,

AzureFunction: No description available. ,

LogicAppsCustomConnector: No description available. ,

AutomationRule: No description available. ,

ResourcesDataConnector: The Codeless Connector Platform (CCP) Connectors ,

Notebook: Jupyter Notebooks ,

Standalone: one-off / standalone content contributed by community contributors ,

SummaryRule: Summary rules perform batch processing directly in your Log Analytics workspace. ,

}

Required: False ,

}

enum ,

version:

{

Required: False ,

}

string ,

name:

{

Description: Name of the content item ,

Required: False ,

}

string ,

operator:

{

Description: Operator used for list of dependencies in criteria array. ,

Enum:

{

AND: No description available. ,

OR: No description available. ,

}

Required: False ,

}

enum ,

criteria:

{

Description: This is the list of dependencies we must fulfill, according to the AND/OR operator ,

Required: False ,

}

[

string ,

]

}

categories:

{

Description: Categories for the solution content item ,

Required: False ,

}

{

domains:

{

Description: domain for the solution content item ,

Required: False ,

}

[

string ,

]

verticals:

{

Description: Industry verticals for the solution content item ,

Required: False ,

}

[

string ,

]

}

providers:

{

Description: Providers for the solution content item ,

Required: False ,

}

[

string ,

]

firstPublishDate:

{

Description: first publish date solution content item ,

Format: date ,

Required: False ,

}

string ,

lastPublishDate:

{

Description: last publish date for the solution content item ,

Format: date ,

Required: False ,

}

string ,

customVersion:

{

Description: The custom version of the content. A optional free text ,

Required: False ,

}

string ,

contentSchemaVersion:

{

Description: Schema version of the content. Can be used to distinguish between different flow based on the schema version ,

Required: False ,

}

string ,

icon:

{

Description: the icon identifier. this id can later be fetched from the solution template ,

Required: False ,

}

string ,

threatAnalysisTactics:

{

Description: the tactics the resource covers ,

Required: False ,

}

[

string ,

]

threatAnalysisTechniques:

{

Description: the techniques the resource covers, these have to be aligned with the tactics being used ,

Required: False ,

}

[

string ,

]

previewImages:

{

Description: preview image file names. These will be taken from the solution artifacts ,

Required: False ,

}

[

string ,

]

previewImagesDark:

{

Description: preview image file names. These will be taken from the solution artifacts. used for dark theme support ,

Required: False ,

}

[

string ,

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Metadata_Delete (new)

Description	: Delete a Metadata.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

metadataName:

{

Description: The Metadata name. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Metadata_Create (new)

Description	: Create a Metadata.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

metadataName:

{

Description: The Metadata name. ,

Required: True ,

}

string ,

metadata:

{

Description: Metadata resource. ,

Required: True ,

}

{

properties:

{

Description: Metadata properties ,

Required: False ,

}

{

contentId:

{

Required: False ,

}

string ,

parentId:

{

Description: Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) ,

Required: True ,

}

string ,

version:

{

Required: False ,

}

string ,

kind:

{

Description: The kind of content the metadata is for. ,

Required: True ,

}

string ,

source:

{

Description: Source of the content. This is where/how it was created. ,

Required: False ,

}

{

kind:

{

Description: Source type of the content ,

Enum:

{

LocalWorkspace: No description available. ,

Community: No description available. ,

Solution: No description available. ,

SourceRepository: No description available. ,

}

Required: True ,

}

enum ,

name:

{

Description: Name of the content source. The repo name, solution name, LA workspace name etc. ,

Required: False ,

}

string ,

sourceId:

{

Description: ID of the content source. The solution ID, workspace ID, etc ,

Required: False ,

}

string ,

}

author:

{

Description: The creator of the content item. ,

Required: False ,

}

{

name:

{

Description: Name of the author. Company or person. ,

Required: False ,

}

string ,

email:

{

Description: Email of author contact ,

Required: False ,

}

string ,

link:

{

Description: Link for author/vendor page ,

Required: False ,

}

string ,

}

support:

{

Description: Support information for the metadata - type, name, contact information ,

Required: False ,

}

{

tier:

{

Description: Type of support for content item ,

Enum:

{

Microsoft: No description available. ,

Partner: No description available. ,

Community: No description available. ,

}

Required: True ,

}

enum ,

name:

{

Description: Name of the support contact. Company or person. ,

Required: False ,

}

string ,

email:

{

Description: Email of support contact ,

Required: False ,

}

string ,

link:

{

Description: Link for support help, like to support page to open a ticket etc. ,

Required: False ,

}

string ,

}

dependencies:

{

Required: False ,

}

{

contentId:

{

Description: Id of the content item we depend on ,

Required: False ,

}

string ,

kind:

{

Description: Type of the content item we depend on ,

Enum:

{

DataConnector: No description available. ,

DataType: No description available. ,

Workbook: No description available. ,

WorkbookTemplate: No description available. ,

Playbook: No description available. ,

PlaybookTemplate: No description available. ,

AnalyticsRuleTemplate: No description available. ,

AnalyticsRule: No description available. ,

HuntingQuery: No description available. ,

InvestigationQuery: No description available. ,

Parser: No description available. ,

Watchlist: No description available. ,

WatchlistTemplate: No description available. ,

Solution: No description available. ,

AzureFunction: No description available. ,

LogicAppsCustomConnector: No description available. ,

AutomationRule: No description available. ,

ResourcesDataConnector: The Codeless Connector Platform (CCP) Connectors ,

Notebook: Jupyter Notebooks ,

Standalone: one-off / standalone content contributed by community contributors ,

SummaryRule: Summary rules perform batch processing directly in your Log Analytics workspace. ,

}

Required: False ,

}

enum ,

version:

{

Required: False ,

}

string ,

name:

{

Description: Name of the content item ,

Required: False ,

}

string ,

operator:

{

Description: Operator used for list of dependencies in criteria array. ,

Enum:

{

AND: No description available. ,

OR: No description available. ,

}

Required: False ,

}

enum ,

criteria:

{

Description: This is the list of dependencies we must fulfill, according to the AND/OR operator ,

Required: False ,

}

[

string ,

]

}

categories:

{

Description: Categories for the solution content item ,

Required: False ,

}

{

domains:

{

Description: domain for the solution content item ,

Required: False ,

}

[

string ,

]

verticals:

{

Description: Industry verticals for the solution content item ,

Required: False ,

}

[

string ,

]

}

providers:

{

Description: Providers for the solution content item ,

Required: False ,

}

[

string ,

]

firstPublishDate:

{

Description: first publish date solution content item ,

Format: date ,

Required: False ,

}

string ,

lastPublishDate:

{

Description: last publish date for the solution content item ,

Format: date ,

Required: False ,

}

string ,

customVersion:

{

Description: The custom version of the content. A optional free text ,

Required: False ,

}

string ,

contentSchemaVersion:

{

Description: Schema version of the content. Can be used to distinguish between different flow based on the schema version ,

Required: False ,

}

string ,

icon:

{

Description: the icon identifier. this id can later be fetched from the solution template ,

Required: False ,

}

string ,

threatAnalysisTactics:

{

Description: the tactics the resource covers ,

Required: False ,

}

[

string ,

]

threatAnalysisTechniques:

{

Description: the techniques the resource covers, these have to be aligned with the tactics being used ,

Required: False ,

}

[

string ,

]

previewImages:

{

Description: preview image file names. These will be taken from the solution artifacts ,

Required: False ,

}

[

string ,

]

previewImagesDark:

{

Description: preview image file names. These will be taken from the solution artifacts. used for dark theme support ,

Required: False ,

}

[

string ,

]

}

⚐ Response (200)

{

properties:

{

Description: Metadata properties ,

Required: False ,

}

{

contentId:

{

Required: False ,

}

string ,

parentId:

{

Description: Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) ,

Required: True ,

}

string ,

version:

{

Required: False ,

}

string ,

kind:

{

Description: The kind of content the metadata is for. ,

Required: True ,

}

string ,

source:

{

Description: Source of the content. This is where/how it was created. ,

Required: False ,

}

{

kind:

{

Description: Source type of the content ,

Enum:

{

LocalWorkspace: No description available. ,

Community: No description available. ,

Solution: No description available. ,

SourceRepository: No description available. ,

}

Required: True ,

}

enum ,

name:

{

Description: Name of the content source. The repo name, solution name, LA workspace name etc. ,

Required: False ,

}

string ,

sourceId:

{

Description: ID of the content source. The solution ID, workspace ID, etc ,

Required: False ,

}

string ,

}

author:

{

Description: The creator of the content item. ,

Required: False ,

}

{

name:

{

Description: Name of the author. Company or person. ,

Required: False ,

}

string ,

email:

{

Description: Email of author contact ,

Required: False ,

}

string ,

link:

{

Description: Link for author/vendor page ,

Required: False ,

}

string ,

}

support:

{

Description: Support information for the metadata - type, name, contact information ,

Required: False ,

}

{

tier:

{

Description: Type of support for content item ,

Enum:

{

Microsoft: No description available. ,

Partner: No description available. ,

Community: No description available. ,

}

Required: True ,

}

enum ,

name:

{

Description: Name of the support contact. Company or person. ,

Required: False ,

}

string ,

email:

{

Description: Email of support contact ,

Required: False ,

}

string ,

link:

{

Description: Link for support help, like to support page to open a ticket etc. ,

Required: False ,

}

string ,

}

dependencies:

{

Required: False ,

}

{

contentId:

{

Description: Id of the content item we depend on ,

Required: False ,

}

string ,

kind:

{

Description: Type of the content item we depend on ,

Enum:

{

DataConnector: No description available. ,

DataType: No description available. ,

Workbook: No description available. ,

WorkbookTemplate: No description available. ,

Playbook: No description available. ,

PlaybookTemplate: No description available. ,

AnalyticsRuleTemplate: No description available. ,

AnalyticsRule: No description available. ,

HuntingQuery: No description available. ,

InvestigationQuery: No description available. ,

Parser: No description available. ,

Watchlist: No description available. ,

WatchlistTemplate: No description available. ,

Solution: No description available. ,

AzureFunction: No description available. ,

LogicAppsCustomConnector: No description available. ,

AutomationRule: No description available. ,

ResourcesDataConnector: The Codeless Connector Platform (CCP) Connectors ,

Notebook: Jupyter Notebooks ,

Standalone: one-off / standalone content contributed by community contributors ,

SummaryRule: Summary rules perform batch processing directly in your Log Analytics workspace. ,

}

Required: False ,

}

enum ,

version:

{

Required: False ,

}

string ,

name:

{

Description: Name of the content item ,

Required: False ,

}

string ,

operator:

{

Description: Operator used for list of dependencies in criteria array. ,

Enum:

{

AND: No description available. ,

OR: No description available. ,

}

Required: False ,

}

enum ,

criteria:

{

Description: This is the list of dependencies we must fulfill, according to the AND/OR operator ,

Required: False ,

}

[

string ,

]

}

categories:

{

Description: Categories for the solution content item ,

Required: False ,

}

{

domains:

{

Description: domain for the solution content item ,

Required: False ,

}

[

string ,

]

verticals:

{

Description: Industry verticals for the solution content item ,

Required: False ,

}

[

string ,

]

}

providers:

{

Description: Providers for the solution content item ,

Required: False ,

}

[

string ,

]

firstPublishDate:

{

Description: first publish date solution content item ,

Format: date ,

Required: False ,

}

string ,

lastPublishDate:

{

Description: last publish date for the solution content item ,

Format: date ,

Required: False ,

}

string ,

customVersion:

{

Description: The custom version of the content. A optional free text ,

Required: False ,

}

string ,

contentSchemaVersion:

{

Description: Schema version of the content. Can be used to distinguish between different flow based on the schema version ,

Required: False ,

}

string ,

icon:

{

Description: the icon identifier. this id can later be fetched from the solution template ,

Required: False ,

}

string ,

threatAnalysisTactics:

{

Description: the tactics the resource covers ,

Required: False ,

}

[

string ,

]

threatAnalysisTechniques:

{

Description: the techniques the resource covers, these have to be aligned with the tactics being used ,

Required: False ,

}

[

string ,

]

previewImages:

{

Description: preview image file names. These will be taken from the solution artifacts ,

Required: False ,

}

[

string ,

]

previewImagesDark:

{

Description: preview image file names. These will be taken from the solution artifacts. used for dark theme support ,

Required: False ,

}

[

string ,

]

}

⚐ Response (201)

{

properties:

{

Description: Metadata properties ,

Required: False ,

}

{

contentId:

{

Required: False ,

}

string ,

parentId:

{

Description: Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) ,

Required: True ,

}

string ,

version:

{

Required: False ,

}

string ,

kind:

{

Description: The kind of content the metadata is for. ,

Required: True ,

}

string ,

source:

{

Description: Source of the content. This is where/how it was created. ,

Required: False ,

}

{

kind:

{

Description: Source type of the content ,

Enum:

{

LocalWorkspace: No description available. ,

Community: No description available. ,

Solution: No description available. ,

SourceRepository: No description available. ,

}

Required: True ,

}

enum ,

name:

{

Description: Name of the content source. The repo name, solution name, LA workspace name etc. ,

Required: False ,

}

string ,

sourceId:

{

Description: ID of the content source. The solution ID, workspace ID, etc ,

Required: False ,

}

string ,

}

author:

{

Description: The creator of the content item. ,

Required: False ,

}

{

name:

{

Description: Name of the author. Company or person. ,

Required: False ,

}

string ,

email:

{

Description: Email of author contact ,

Required: False ,

}

string ,

link:

{

Description: Link for author/vendor page ,

Required: False ,

}

string ,

}

support:

{

Description: Support information for the metadata - type, name, contact information ,

Required: False ,

}

{

tier:

{

Description: Type of support for content item ,

Enum:

{

Microsoft: No description available. ,

Partner: No description available. ,

Community: No description available. ,

}

Required: True ,

}

enum ,

name:

{

Description: Name of the support contact. Company or person. ,

Required: False ,

}

string ,

email:

{

Description: Email of support contact ,

Required: False ,

}

string ,

link:

{

Description: Link for support help, like to support page to open a ticket etc. ,

Required: False ,

}

string ,

}

dependencies:

{

Required: False ,

}

{

contentId:

{

Description: Id of the content item we depend on ,

Required: False ,

}

string ,

kind:

{

Description: Type of the content item we depend on ,

Enum:

{

DataConnector: No description available. ,

DataType: No description available. ,

Workbook: No description available. ,

WorkbookTemplate: No description available. ,

Playbook: No description available. ,

PlaybookTemplate: No description available. ,

AnalyticsRuleTemplate: No description available. ,

AnalyticsRule: No description available. ,

HuntingQuery: No description available. ,

InvestigationQuery: No description available. ,

Parser: No description available. ,

Watchlist: No description available. ,

WatchlistTemplate: No description available. ,

Solution: No description available. ,

AzureFunction: No description available. ,

LogicAppsCustomConnector: No description available. ,

AutomationRule: No description available. ,

ResourcesDataConnector: The Codeless Connector Platform (CCP) Connectors ,

Notebook: Jupyter Notebooks ,

Standalone: one-off / standalone content contributed by community contributors ,

SummaryRule: Summary rules perform batch processing directly in your Log Analytics workspace. ,

}

Required: False ,

}

enum ,

version:

{

Required: False ,

}

string ,

name:

{

Description: Name of the content item ,

Required: False ,

}

string ,

operator:

{

Description: Operator used for list of dependencies in criteria array. ,

Enum:

{

AND: No description available. ,

OR: No description available. ,

}

Required: False ,

}

enum ,

criteria:

{

Description: This is the list of dependencies we must fulfill, according to the AND/OR operator ,

Required: False ,

}

[

string ,

]

}

categories:

{

Description: Categories for the solution content item ,

Required: False ,

}

{

domains:

{

Description: domain for the solution content item ,

Required: False ,

}

[

string ,

]

verticals:

{

Description: Industry verticals for the solution content item ,

Required: False ,

}

[

string ,

]

}

providers:

{

Description: Providers for the solution content item ,

Required: False ,

}

[

string ,

]

firstPublishDate:

{

Description: first publish date solution content item ,

Format: date ,

Required: False ,

}

string ,

lastPublishDate:

{

Description: last publish date for the solution content item ,

Format: date ,

Required: False ,

}

string ,

customVersion:

{

Description: The custom version of the content. A optional free text ,

Required: False ,

}

string ,

contentSchemaVersion:

{

Description: Schema version of the content. Can be used to distinguish between different flow based on the schema version ,

Required: False ,

}

string ,

icon:

{

Description: the icon identifier. this id can later be fetched from the solution template ,

Required: False ,

}

string ,

threatAnalysisTactics:

{

Description: the tactics the resource covers ,

Required: False ,

}

[

string ,

]

threatAnalysisTechniques:

{

Description: the techniques the resource covers, these have to be aligned with the tactics being used ,

Required: False ,

}

[

string ,

]

previewImages:

{

Description: preview image file names. These will be taken from the solution artifacts ,

Required: False ,

}

[

string ,

]

previewImagesDark:

{

Description: preview image file names. These will be taken from the solution artifacts. used for dark theme support ,

Required: False ,

}

[

string ,

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Metadata_Update (new)

Description	: Update an existing Metadata.
Reference	: Link ¶

⚼ Request

PATCH: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

metadataName:

{

Description: The Metadata name. ,

Required: True ,

}

string ,

metadataPatch:

{

Description: Partial metadata request. ,

Required: True ,

}

{

properties:

{

Description: Metadata patch request body ,

Required: False ,

}

{

contentId:

{

Required: False ,

}

string ,

parentId:

{

Description: Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) ,

Required: False ,

}

string ,

version:

{

Required: False ,

}

string ,

kind:

{

Description: The kind of content the metadata is for. ,

Required: False ,

}

string ,

source:

{

Description: Source of the content. This is where/how it was created. ,

Required: False ,

}

{

kind:

{

Description: Source type of the content ,

Enum:

{

LocalWorkspace: No description available. ,

Community: No description available. ,

Solution: No description available. ,

SourceRepository: No description available. ,

}

Required: True ,

}

enum ,

name:

{

Description: Name of the content source. The repo name, solution name, LA workspace name etc. ,

Required: False ,

}

string ,

sourceId:

{

Description: ID of the content source. The solution ID, workspace ID, etc ,

Required: False ,

}

string ,

}

author:

{

Description: The creator of the content item. ,

Required: False ,

}

{

name:

{

Description: Name of the author. Company or person. ,

Required: False ,

}

string ,

email:

{

Description: Email of author contact ,

Required: False ,

}

string ,

link:

{

Description: Link for author/vendor page ,

Required: False ,

}

string ,

}

support:

{

Description: Support information for the metadata - type, name, contact information ,

Required: False ,

}

{

tier:

{

Description: Type of support for content item ,

Enum:

{

Microsoft: No description available. ,

Partner: No description available. ,

Community: No description available. ,

}

Required: True ,

}

enum ,

name:

{

Description: Name of the support contact. Company or person. ,

Required: False ,

}

string ,

email:

{

Description: Email of support contact ,

Required: False ,

}

string ,

link:

{

Description: Link for support help, like to support page to open a ticket etc. ,

Required: False ,

}

string ,

}

dependencies:

{

Required: False ,

}

{

contentId:

{

Description: Id of the content item we depend on ,

Required: False ,

}

string ,

kind:

{

Description: Type of the content item we depend on ,

Enum:

{

DataConnector: No description available. ,

DataType: No description available. ,

Workbook: No description available. ,

WorkbookTemplate: No description available. ,

Playbook: No description available. ,

PlaybookTemplate: No description available. ,

AnalyticsRuleTemplate: No description available. ,

AnalyticsRule: No description available. ,

HuntingQuery: No description available. ,

InvestigationQuery: No description available. ,

Parser: No description available. ,

Watchlist: No description available. ,

WatchlistTemplate: No description available. ,

Solution: No description available. ,

AzureFunction: No description available. ,

LogicAppsCustomConnector: No description available. ,

AutomationRule: No description available. ,

ResourcesDataConnector: The Codeless Connector Platform (CCP) Connectors ,

Notebook: Jupyter Notebooks ,

Standalone: one-off / standalone content contributed by community contributors ,

SummaryRule: Summary rules perform batch processing directly in your Log Analytics workspace. ,

}

Required: False ,

}

enum ,

version:

{

Required: False ,

}

string ,

name:

{

Description: Name of the content item ,

Required: False ,

}

string ,

operator:

{

Description: Operator used for list of dependencies in criteria array. ,

Enum:

{

AND: No description available. ,

OR: No description available. ,

}

Required: False ,

}

enum ,

criteria:

{

Description: This is the list of dependencies we must fulfill, according to the AND/OR operator ,

Required: False ,

}

[

string ,

]

}

categories:

{

Description: Categories for the solution content item ,

Required: False ,

}

{

domains:

{

Description: domain for the solution content item ,

Required: False ,

}

[

string ,

]

verticals:

{

Description: Industry verticals for the solution content item ,

Required: False ,

}

[

string ,

]

}

providers:

{

Description: Providers for the solution content item ,

Required: False ,

}

[

string ,

]

firstPublishDate:

{

Description: first publish date solution content item ,

Format: date ,

Required: False ,

}

string ,

lastPublishDate:

{

Description: last publish date for the solution content item ,

Format: date ,

Required: False ,

}

string ,

customVersion:

{

Description: The custom version of the content. A optional free text ,

Required: False ,

}

string ,

contentSchemaVersion:

{

Description: Schema version of the content. Can be used to distinguish between different flow based on the schema version ,

Required: False ,

}

string ,

icon:

{

Description: the icon identifier. this id can later be fetched from the solution template ,

Required: False ,

}

string ,

threatAnalysisTactics:

{

Description: the tactics the resource covers ,

Required: False ,

}

[

string ,

]

threatAnalysisTechniques:

{

Description: the techniques the resource covers, these have to be aligned with the tactics being used ,

Required: False ,

}

[

string ,

]

previewImages:

{

Description: preview image file names. These will be taken from the solution artifacts ,

Required: False ,

}

[

string ,

]

previewImagesDark:

{

Description: preview image file names. These will be taken from the solution artifacts. used for dark theme support ,

Required: False ,

}

[

string ,

]

}

⚐ Response (200)

{

properties:

{

Description: Metadata properties ,

Required: False ,

}

{

contentId:

{

Required: False ,

}

string ,

parentId:

{

Description: Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) ,

Required: True ,

}

string ,

version:

{

Required: False ,

}

string ,

kind:

{

Description: The kind of content the metadata is for. ,

Required: True ,

}

string ,

source:

{

Description: Source of the content. This is where/how it was created. ,

Required: False ,

}

{

kind:

{

Description: Source type of the content ,

Enum:

{

LocalWorkspace: No description available. ,

Community: No description available. ,

Solution: No description available. ,

SourceRepository: No description available. ,

}

Required: True ,

}

enum ,

name:

{

Description: Name of the content source. The repo name, solution name, LA workspace name etc. ,

Required: False ,

}

string ,

sourceId:

{

Description: ID of the content source. The solution ID, workspace ID, etc ,

Required: False ,

}

string ,

}

author:

{

Description: The creator of the content item. ,

Required: False ,

}

{

name:

{

Description: Name of the author. Company or person. ,

Required: False ,

}

string ,

email:

{

Description: Email of author contact ,

Required: False ,

}

string ,

link:

{

Description: Link for author/vendor page ,

Required: False ,

}

string ,

}

support:

{

Description: Support information for the metadata - type, name, contact information ,

Required: False ,

}

{

tier:

{

Description: Type of support for content item ,

Enum:

{

Microsoft: No description available. ,

Partner: No description available. ,

Community: No description available. ,

}

Required: True ,

}

enum ,

name:

{

Description: Name of the support contact. Company or person. ,

Required: False ,

}

string ,

email:

{

Description: Email of support contact ,

Required: False ,

}

string ,

link:

{

Description: Link for support help, like to support page to open a ticket etc. ,

Required: False ,

}

string ,

}

dependencies:

{

Required: False ,

}

{

contentId:

{

Description: Id of the content item we depend on ,

Required: False ,

}

string ,

kind:

{

Description: Type of the content item we depend on ,

Enum:

{

DataConnector: No description available. ,

DataType: No description available. ,

Workbook: No description available. ,

WorkbookTemplate: No description available. ,

Playbook: No description available. ,

PlaybookTemplate: No description available. ,

AnalyticsRuleTemplate: No description available. ,

AnalyticsRule: No description available. ,

HuntingQuery: No description available. ,

InvestigationQuery: No description available. ,

Parser: No description available. ,

Watchlist: No description available. ,

WatchlistTemplate: No description available. ,

Solution: No description available. ,

AzureFunction: No description available. ,

LogicAppsCustomConnector: No description available. ,

AutomationRule: No description available. ,

ResourcesDataConnector: The Codeless Connector Platform (CCP) Connectors ,

Notebook: Jupyter Notebooks ,

Standalone: one-off / standalone content contributed by community contributors ,

SummaryRule: Summary rules perform batch processing directly in your Log Analytics workspace. ,

}

Required: False ,

}

enum ,

version:

{

Required: False ,

}

string ,

name:

{

Description: Name of the content item ,

Required: False ,

}

string ,

operator:

{

Description: Operator used for list of dependencies in criteria array. ,

Enum:

{

AND: No description available. ,

OR: No description available. ,

}

Required: False ,

}

enum ,

criteria:

{

Description: This is the list of dependencies we must fulfill, according to the AND/OR operator ,

Required: False ,

}

[

string ,

]

}

categories:

{

Description: Categories for the solution content item ,

Required: False ,

}

{

domains:

{

Description: domain for the solution content item ,

Required: False ,

}

[

string ,

]

verticals:

{

Description: Industry verticals for the solution content item ,

Required: False ,

}

[

string ,

]

}

providers:

{

Description: Providers for the solution content item ,

Required: False ,

}

[

string ,

]

firstPublishDate:

{

Description: first publish date solution content item ,

Format: date ,

Required: False ,

}

string ,

lastPublishDate:

{

Description: last publish date for the solution content item ,

Format: date ,

Required: False ,

}

string ,

customVersion:

{

Description: The custom version of the content. A optional free text ,

Required: False ,

}

string ,

contentSchemaVersion:

{

Description: Schema version of the content. Can be used to distinguish between different flow based on the schema version ,

Required: False ,

}

string ,

icon:

{

Description: the icon identifier. this id can later be fetched from the solution template ,

Required: False ,

}

string ,

threatAnalysisTactics:

{

Description: the tactics the resource covers ,

Required: False ,

}

[

string ,

]

threatAnalysisTechniques:

{

Description: the techniques the resource covers, these have to be aligned with the tactics being used ,

Required: False ,

}

[

string ,

]

previewImages:

{

Description: preview image file names. These will be taken from the solution artifacts ,

Required: False ,

}

[

string ,

]

previewImagesDark:

{

Description: preview image file names. These will be taken from the solution artifacts. used for dark theme support ,

Required: False ,

}

[

string ,

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

SentinelOnboardingStates_Get (new)

Description	: Get Sentinel onboarding state
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

sentinelOnboardingStateName:

{

Description: The Sentinel onboarding state name. Supports - default ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: The Sentinel onboarding state object ,

Required: False ,

}

{

customerManagedKey:

{

Description: Flag that indicates the status of the CMK setting ,

Required: False ,

}

boolean ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

SentinelOnboardingStates_Create (new)

Description	: Create Sentinel onboarding state
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

sentinelOnboardingStateName:

{

Description: The Sentinel onboarding state name. Supports - default ,

Required: True ,

}

string ,

sentinelOnboardingStateParameter:

{

Description: The Sentinel onboarding state parameter ,

Required: False ,

}

{

properties:

{

Description: The Sentinel onboarding state object ,

Required: False ,

}

{

customerManagedKey:

{

Description: Flag that indicates the status of the CMK setting ,

Required: False ,

}

boolean ,

}

⚐ Response (200)

{

properties:

{

Description: The Sentinel onboarding state object ,

Required: False ,

}

{

customerManagedKey:

{

Description: Flag that indicates the status of the CMK setting ,

Required: False ,

}

boolean ,

}

⚐ Response (201)

{

properties:

{

Description: The Sentinel onboarding state object ,

Required: False ,

}

{

customerManagedKey:

{

Description: Flag that indicates the status of the CMK setting ,

Required: False ,

}

boolean ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

SentinelOnboardingStates_Delete (new)

Description	: Delete Sentinel onboarding state
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

sentinelOnboardingStateName:

{

Description: The Sentinel onboarding state name. Supports - default ,

Required: True ,

}

string ,

}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

SentinelOnboardingStates_List (new)

Description	: Gets all Sentinel onboarding states
Reference	: Link ¶

⚼ Request

GET: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

value:

{

Description: Array of Sentinel onboarding states ,

Required: True ,

}

[

{

properties:

{

Description: The Sentinel onboarding state object ,

Required: False ,

}

{

customerManagedKey:

{

Description: Flag that indicates the status of the CMK setting ,

Required: False ,

}

boolean ,

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

SecurityMLAnalyticsSettings_List (new)

Description	: Gets all Security ML Analytics Settings.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

nextLink:

{

Description: URL to fetch the next set of SecurityMLAnalyticsSettings. ,

Required: False ,

}

string ,

value:

{

Description: Array of SecurityMLAnalyticsSettings ,

Required: True ,

}

[

{

kind:

{

Description: The kind of security ML Analytics Settings ,

Enum:

{

Anomaly: No description available. ,

}

Required: True ,

}

enum ,

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

SecurityMLAnalyticsSettings_Get (new)

Description	: Gets the Security ML Analytics Settings.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

settingsResourceName:

{

Description: Security ML Analytics Settings resource name ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

kind:

{

Description: The kind of security ML Analytics Settings ,

Enum:

{

Anomaly: No description available. ,

}

Required: True ,

}

enum ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

SecurityMLAnalyticsSettings_CreateOrUpdate (new)

Description	: Creates or updates the Security ML Analytics Settings.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

settingsResourceName:

{

Description: Security ML Analytics Settings resource name ,

Required: True ,

}

string ,

securityMLAnalyticsSetting:

{

Description: The security ML Analytics setting ,

Required: True ,

}

{

kind:

{

Description: The kind of security ML Analytics Settings ,

Enum:

{

Anomaly: No description available. ,

}

Required: True ,

}

enum ,

}

⚐ Response (200)

{

kind:

{

Description: The kind of security ML Analytics Settings ,

Enum:

{

Anomaly: No description available. ,

}

Required: True ,

}

enum ,

}

⚐ Response (201)

{

kind:

{

Description: The kind of security ML Analytics Settings ,

Enum:

{

Anomaly: No description available. ,

}

Required: True ,

}

enum ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

SecurityMLAnalyticsSettings_Delete (new)

Description	: Delete the Security ML Analytics Settings.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

settingsResourceName:

{

Description: Security ML Analytics Settings resource name ,

Required: True ,

}

string ,

}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

SourceControl_listRepositories (new)

Description	: Gets a list of repositories metadata.
Reference	: Link ¶

⚼ Request

POST: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

repositoryAccess:

{

Description: The repository access credentials. ,

Required: True ,

}

{

properties:

{

Description: RepositoryAccess properties ,

Required: False ,

}

{

repositoryAccess:

{

Description: RepositoryAccess properties ,

Required: True ,

}

{

kind:

{

Description: The kind of repository access credentials ,

Enum:

{

OAuth: No description available. ,

PAT: No description available. ,

App: No description available. ,

}

Required: True ,

}

enum ,

code:

{

Description: OAuth Code. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

state:

{

Description: OAuth State. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

clientId:

{

Description: OAuth ClientId. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

token:

{

Description: Personal Access Token. Required when `kind` is `PAT` ,

Required: False ,

}

string ,

installationId:

{

Description: Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only. ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

nextLink:

{

Description: URL to fetch the next set of repositories. ,

Required: False ,

}

string ,

value:

{

Description: Array of repositories. ,

Required: True ,

}

[

{

url:

{

Description: The url to access the repository. ,

Required: False ,

}

string ,

fullName:

{

Description: The name of the repository. ,

Required: False ,

}

string ,

installationId:

{

Description: The installation id of the repository. ,

Format: int64 ,

Required: False ,

}

integer ,

branches:

{

Description: Array of branches. ,

Required: False ,

}

[

string ,

]

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

SourceControls_List (new)

Description	: Gets all source controls, without source control items.
Reference	: Link ¶

⚼ Request

GET: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

nextLink:

{

Description: URL to fetch the next set of source controls. ,

Required: False ,

}

string ,

value:

{

Description: Array of source controls. ,

Required: True ,

}

[

{

properties:

{

Description: source control properties ,

Required: True ,

}

{

id:

{

Description: The id (a Guid) of the source control ,

Required: False ,

}

string ,

version:

{

Description: The version number associated with the source control ,

Enum:

{

V1: No description available. ,

V2: No description available. ,

}

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the source control ,

Required: True ,

}

string ,

description:

{

Description: A description of the source control ,

Required: False ,

}

string ,

repoType:

{

Description: The repository type of the source control ,

Enum:

{

Github: No description available. ,

AzureDevOps: No description available. ,

}

Required: True ,

}

enum ,

contentTypes:

{

Description: Array of source control content types. ,

Required: True ,

}

[

string ,

]

repository:

{

Description: Repository metadata. ,

Required: True ,

}

{

url:

{

Description: Url of repository. ,

Required: True ,

}

string ,

branch:

{

Description: Branch name of repository. ,

Required: True ,

}

string ,

displayUrl:

{

Description: Display url of repository. ,

Required: False ,

}

string ,

deploymentLogsUrl:

{

Description: Url to access repository action logs. ,

Required: False ,

}

string ,

}

servicePrincipal:

{

Description: Service principal metadata. ,

Required: False ,

}

{

id:

{

Description: Id of service principal. ,

Required: False ,

}

string ,

tenantId:

{

Description: Tenant id of service principal. ,

Required: False ,

}

string ,

appId:

{

Description: App id of service principal. ,

Required: False ,

}

string ,

credentialsExpireOn:

{

Description: Expiration time of service principal credentials. ,

Format: date-time ,

Required: False ,

}

string ,

}

repositoryAccess:

{

Description: Repository access credentials. This is write-only object and it never returns back to a user. ,

Required: False ,

}

{

kind:

{

Description: The kind of repository access credentials ,

Enum:

{

OAuth: No description available. ,

PAT: No description available. ,

App: No description available. ,

}

Required: True ,

}

enum ,

code:

{

Description: OAuth Code. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

state:

{

Description: OAuth State. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

clientId:

{

Description: OAuth ClientId. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

token:

{

Description: Personal Access Token. Required when `kind` is `PAT` ,

Required: False ,

}

string ,

installationId:

{

Description: Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only. ,

Required: False ,

}

string ,

}

repositoryResourceInfo:

{

Description: Information regarding the resources created in user's repository. ,

Required: False ,

}

{

webhook:

{

Description: The webhook object created for the source-control. ,

Required: False ,

}

{

webhookId:

{

Description: Unique identifier for the webhook. ,

Required: False ,

}

string ,

webhookUrl:

{

Description: URL that gets invoked by the webhook. ,

Required: False ,

}

string ,

webhookSecretUpdateTime:

{

Description: Time when the webhook secret was updated. ,

Format: date-time ,

Required: False ,

}

string ,

rotateWebhookSecret:

{

Description: A flag to instruct the backend service to rotate webhook secret. ,

Required: False ,

}

boolean ,

}

gitHubResourceInfo:

{

Description: Resources created in GitHub for this source-control. ,

Required: False ,

}

{

appInstallationId:

{

Description: GitHub application installation id. ,

Required: False ,

}

string ,

}

azureDevOpsResourceInfo:

{

Description: Resources created in Azure DevOps for this source-control. ,

Required: False ,

}

{

pipelineId:

{

Description: Id of the pipeline created for the source-control. ,

Required: False ,

}

string ,

serviceConnectionId:

{

Description: Id of the service-connection created for the source-control. ,

Required: False ,

}

string ,

}

lastDeploymentInfo:

{

Description: Information regarding the latest deployment for the source control. ,

Required: False ,

}

{

deploymentFetchStatus:

{

Description: Status while fetching the last deployment. ,

Enum:

{

Success: No description available. ,

Unauthorized: No description available. ,

NotFound: No description available. ,

}

Required: False ,

}

enum ,

deployment:

{

Description: Deployment information. ,

Required: False ,

}

{

deploymentId:

{

Description: Deployment identifier. ,

Required: False ,

}

string ,

deploymentState:

{

Description: Current status of the deployment. ,

Enum:

{

In_Progress: No description available. ,

Completed: No description available. ,

Queued: No description available. ,

Canceling: No description available. ,

}

Required: False ,

}

enum ,

deploymentResult:

{

Description: The outcome of the deployment. ,

Enum:

{

Success: No description available. ,

Canceled: No description available. ,

Failed: No description available. ,

}

Required: False ,

}

enum ,

deploymentTime:

{

Description: The time when the deployment finished. ,

Format: date-time ,

Required: False ,

}

string ,

deploymentLogsUrl:

{

Description: Url to access repository action logs. ,

Required: False ,

}

string ,

}

message:

{

Description: Additional details about the deployment that can be shown to the user. ,

Required: False ,

}

string ,

}

pullRequest:

{

Description: Information regarding the pull request of the source control. ,

Required: False ,

}

{

url:

{

Description: URL of pull request ,

Required: False ,

}

string ,

state:

{

Description: State of the pull request ,

Required: False ,

}

object ,

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

SourceControls_Get (new)

Description	: Gets a source control byt its identifier.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

sourceControlId:

{

Description: Source control Id ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: source control properties ,

Required: True ,

}

{

id:

{

Description: The id (a Guid) of the source control ,

Required: False ,

}

string ,

version:

{

Description: The version number associated with the source control ,

Enum:

{

V1: No description available. ,

V2: No description available. ,

}

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the source control ,

Required: True ,

}

string ,

description:

{

Description: A description of the source control ,

Required: False ,

}

string ,

repoType:

{

Description: The repository type of the source control ,

Enum:

{

Github: No description available. ,

AzureDevOps: No description available. ,

}

Required: True ,

}

enum ,

contentTypes:

{

Description: Array of source control content types. ,

Required: True ,

}

[

string ,

]

repository:

{

Description: Repository metadata. ,

Required: True ,

}

{

url:

{

Description: Url of repository. ,

Required: True ,

}

string ,

branch:

{

Description: Branch name of repository. ,

Required: True ,

}

string ,

displayUrl:

{

Description: Display url of repository. ,

Required: False ,

}

string ,

deploymentLogsUrl:

{

Description: Url to access repository action logs. ,

Required: False ,

}

string ,

}

servicePrincipal:

{

Description: Service principal metadata. ,

Required: False ,

}

{

id:

{

Description: Id of service principal. ,

Required: False ,

}

string ,

tenantId:

{

Description: Tenant id of service principal. ,

Required: False ,

}

string ,

appId:

{

Description: App id of service principal. ,

Required: False ,

}

string ,

credentialsExpireOn:

{

Description: Expiration time of service principal credentials. ,

Format: date-time ,

Required: False ,

}

string ,

}

repositoryAccess:

{

Description: Repository access credentials. This is write-only object and it never returns back to a user. ,

Required: False ,

}

{

kind:

{

Description: The kind of repository access credentials ,

Enum:

{

OAuth: No description available. ,

PAT: No description available. ,

App: No description available. ,

}

Required: True ,

}

enum ,

code:

{

Description: OAuth Code. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

state:

{

Description: OAuth State. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

clientId:

{

Description: OAuth ClientId. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

token:

{

Description: Personal Access Token. Required when `kind` is `PAT` ,

Required: False ,

}

string ,

installationId:

{

Description: Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only. ,

Required: False ,

}

string ,

}

repositoryResourceInfo:

{

Description: Information regarding the resources created in user's repository. ,

Required: False ,

}

{

webhook:

{

Description: The webhook object created for the source-control. ,

Required: False ,

}

{

webhookId:

{

Description: Unique identifier for the webhook. ,

Required: False ,

}

string ,

webhookUrl:

{

Description: URL that gets invoked by the webhook. ,

Required: False ,

}

string ,

webhookSecretUpdateTime:

{

Description: Time when the webhook secret was updated. ,

Format: date-time ,

Required: False ,

}

string ,

rotateWebhookSecret:

{

Description: A flag to instruct the backend service to rotate webhook secret. ,

Required: False ,

}

boolean ,

}

gitHubResourceInfo:

{

Description: Resources created in GitHub for this source-control. ,

Required: False ,

}

{

appInstallationId:

{

Description: GitHub application installation id. ,

Required: False ,

}

string ,

}

azureDevOpsResourceInfo:

{

Description: Resources created in Azure DevOps for this source-control. ,

Required: False ,

}

{

pipelineId:

{

Description: Id of the pipeline created for the source-control. ,

Required: False ,

}

string ,

serviceConnectionId:

{

Description: Id of the service-connection created for the source-control. ,

Required: False ,

}

string ,

}

lastDeploymentInfo:

{

Description: Information regarding the latest deployment for the source control. ,

Required: False ,

}

{

deploymentFetchStatus:

{

Description: Status while fetching the last deployment. ,

Enum:

{

Success: No description available. ,

Unauthorized: No description available. ,

NotFound: No description available. ,

}

Required: False ,

}

enum ,

deployment:

{

Description: Deployment information. ,

Required: False ,

}

{

deploymentId:

{

Description: Deployment identifier. ,

Required: False ,

}

string ,

deploymentState:

{

Description: Current status of the deployment. ,

Enum:

{

In_Progress: No description available. ,

Completed: No description available. ,

Queued: No description available. ,

Canceling: No description available. ,

}

Required: False ,

}

enum ,

deploymentResult:

{

Description: The outcome of the deployment. ,

Enum:

{

Success: No description available. ,

Canceled: No description available. ,

Failed: No description available. ,

}

Required: False ,

}

enum ,

deploymentTime:

{

Description: The time when the deployment finished. ,

Format: date-time ,

Required: False ,

}

string ,

deploymentLogsUrl:

{

Description: Url to access repository action logs. ,

Required: False ,

}

string ,

}

message:

{

Description: Additional details about the deployment that can be shown to the user. ,

Required: False ,

}

string ,

}

pullRequest:

{

Description: Information regarding the pull request of the source control. ,

Required: False ,

}

{

url:

{

Description: URL of pull request ,

Required: False ,

}

string ,

state:

{

Description: State of the pull request ,

Required: False ,

}

object ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

SourceControls_Create (new)

Description	: Creates a source control.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

sourceControlId:

{

Description: Source control Id ,

Required: True ,

}

string ,

sourceControl:

{

Description: The SourceControl ,

Required: True ,

}

{

properties:

{

Description: source control properties ,

Required: True ,

}

{

id:

{

Description: The id (a Guid) of the source control ,

Required: False ,

}

string ,

version:

{

Description: The version number associated with the source control ,

Enum:

{

V1: No description available. ,

V2: No description available. ,

}

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the source control ,

Required: True ,

}

string ,

description:

{

Description: A description of the source control ,

Required: False ,

}

string ,

repoType:

{

Description: The repository type of the source control ,

Enum:

{

Github: No description available. ,

AzureDevOps: No description available. ,

}

Required: True ,

}

enum ,

contentTypes:

{

Description: Array of source control content types. ,

Required: True ,

}

[

string ,

]

repository:

{

Description: Repository metadata. ,

Required: True ,

}

{

url:

{

Description: Url of repository. ,

Required: True ,

}

string ,

branch:

{

Description: Branch name of repository. ,

Required: True ,

}

string ,

displayUrl:

{

Description: Display url of repository. ,

Required: False ,

}

string ,

deploymentLogsUrl:

{

Description: Url to access repository action logs. ,

Required: False ,

}

string ,

}

servicePrincipal:

{

Description: Service principal metadata. ,

Required: False ,

}

{

id:

{

Description: Id of service principal. ,

Required: False ,

}

string ,

tenantId:

{

Description: Tenant id of service principal. ,

Required: False ,

}

string ,

appId:

{

Description: App id of service principal. ,

Required: False ,

}

string ,

credentialsExpireOn:

{

Description: Expiration time of service principal credentials. ,

Format: date-time ,

Required: False ,

}

string ,

}

repositoryAccess:

{

Description: Repository access credentials. This is write-only object and it never returns back to a user. ,

Required: False ,

}

{

kind:

{

Description: The kind of repository access credentials ,

Enum:

{

OAuth: No description available. ,

PAT: No description available. ,

App: No description available. ,

}

Required: True ,

}

enum ,

code:

{

Description: OAuth Code. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

state:

{

Description: OAuth State. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

clientId:

{

Description: OAuth ClientId. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

token:

{

Description: Personal Access Token. Required when `kind` is `PAT` ,

Required: False ,

}

string ,

installationId:

{

Description: Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only. ,

Required: False ,

}

string ,

}

repositoryResourceInfo:

{

Description: Information regarding the resources created in user's repository. ,

Required: False ,

}

{

webhook:

{

Description: The webhook object created for the source-control. ,

Required: False ,

}

{

webhookId:

{

Description: Unique identifier for the webhook. ,

Required: False ,

}

string ,

webhookUrl:

{

Description: URL that gets invoked by the webhook. ,

Required: False ,

}

string ,

webhookSecretUpdateTime:

{

Description: Time when the webhook secret was updated. ,

Format: date-time ,

Required: False ,

}

string ,

rotateWebhookSecret:

{

Description: A flag to instruct the backend service to rotate webhook secret. ,

Required: False ,

}

boolean ,

}

gitHubResourceInfo:

{

Description: Resources created in GitHub for this source-control. ,

Required: False ,

}

{

appInstallationId:

{

Description: GitHub application installation id. ,

Required: False ,

}

string ,

}

azureDevOpsResourceInfo:

{

Description: Resources created in Azure DevOps for this source-control. ,

Required: False ,

}

{

pipelineId:

{

Description: Id of the pipeline created for the source-control. ,

Required: False ,

}

string ,

serviceConnectionId:

{

Description: Id of the service-connection created for the source-control. ,

Required: False ,

}

string ,

}

lastDeploymentInfo:

{

Description: Information regarding the latest deployment for the source control. ,

Required: False ,

}

{

deploymentFetchStatus:

{

Description: Status while fetching the last deployment. ,

Enum:

{

Success: No description available. ,

Unauthorized: No description available. ,

NotFound: No description available. ,

}

Required: False ,

}

enum ,

deployment:

{

Description: Deployment information. ,

Required: False ,

}

{

deploymentId:

{

Description: Deployment identifier. ,

Required: False ,

}

string ,

deploymentState:

{

Description: Current status of the deployment. ,

Enum:

{

In_Progress: No description available. ,

Completed: No description available. ,

Queued: No description available. ,

Canceling: No description available. ,

}

Required: False ,

}

enum ,

deploymentResult:

{

Description: The outcome of the deployment. ,

Enum:

{

Success: No description available. ,

Canceled: No description available. ,

Failed: No description available. ,

}

Required: False ,

}

enum ,

deploymentTime:

{

Description: The time when the deployment finished. ,

Format: date-time ,

Required: False ,

}

string ,

deploymentLogsUrl:

{

Description: Url to access repository action logs. ,

Required: False ,

}

string ,

}

message:

{

Description: Additional details about the deployment that can be shown to the user. ,

Required: False ,

}

string ,

}

pullRequest:

{

Description: Information regarding the pull request of the source control. ,

Required: False ,

}

{

url:

{

Description: URL of pull request ,

Required: False ,

}

string ,

state:

{

Description: State of the pull request ,

Required: False ,

}

object ,

}

⚐ Response (200)

{

properties:

{

Description: source control properties ,

Required: True ,

}

{

id:

{

Description: The id (a Guid) of the source control ,

Required: False ,

}

string ,

version:

{

Description: The version number associated with the source control ,

Enum:

{

V1: No description available. ,

V2: No description available. ,

}

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the source control ,

Required: True ,

}

string ,

description:

{

Description: A description of the source control ,

Required: False ,

}

string ,

repoType:

{

Description: The repository type of the source control ,

Enum:

{

Github: No description available. ,

AzureDevOps: No description available. ,

}

Required: True ,

}

enum ,

contentTypes:

{

Description: Array of source control content types. ,

Required: True ,

}

[

string ,

]

repository:

{

Description: Repository metadata. ,

Required: True ,

}

{

url:

{

Description: Url of repository. ,

Required: True ,

}

string ,

branch:

{

Description: Branch name of repository. ,

Required: True ,

}

string ,

displayUrl:

{

Description: Display url of repository. ,

Required: False ,

}

string ,

deploymentLogsUrl:

{

Description: Url to access repository action logs. ,

Required: False ,

}

string ,

}

servicePrincipal:

{

Description: Service principal metadata. ,

Required: False ,

}

{

id:

{

Description: Id of service principal. ,

Required: False ,

}

string ,

tenantId:

{

Description: Tenant id of service principal. ,

Required: False ,

}

string ,

appId:

{

Description: App id of service principal. ,

Required: False ,

}

string ,

credentialsExpireOn:

{

Description: Expiration time of service principal credentials. ,

Format: date-time ,

Required: False ,

}

string ,

}

repositoryAccess:

{

Description: Repository access credentials. This is write-only object and it never returns back to a user. ,

Required: False ,

}

{

kind:

{

Description: The kind of repository access credentials ,

Enum:

{

OAuth: No description available. ,

PAT: No description available. ,

App: No description available. ,

}

Required: True ,

}

enum ,

code:

{

Description: OAuth Code. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

state:

{

Description: OAuth State. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

clientId:

{

Description: OAuth ClientId. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

token:

{

Description: Personal Access Token. Required when `kind` is `PAT` ,

Required: False ,

}

string ,

installationId:

{

Description: Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only. ,

Required: False ,

}

string ,

}

repositoryResourceInfo:

{

Description: Information regarding the resources created in user's repository. ,

Required: False ,

}

{

webhook:

{

Description: The webhook object created for the source-control. ,

Required: False ,

}

{

webhookId:

{

Description: Unique identifier for the webhook. ,

Required: False ,

}

string ,

webhookUrl:

{

Description: URL that gets invoked by the webhook. ,

Required: False ,

}

string ,

webhookSecretUpdateTime:

{

Description: Time when the webhook secret was updated. ,

Format: date-time ,

Required: False ,

}

string ,

rotateWebhookSecret:

{

Description: A flag to instruct the backend service to rotate webhook secret. ,

Required: False ,

}

boolean ,

}

gitHubResourceInfo:

{

Description: Resources created in GitHub for this source-control. ,

Required: False ,

}

{

appInstallationId:

{

Description: GitHub application installation id. ,

Required: False ,

}

string ,

}

azureDevOpsResourceInfo:

{

Description: Resources created in Azure DevOps for this source-control. ,

Required: False ,

}

{

pipelineId:

{

Description: Id of the pipeline created for the source-control. ,

Required: False ,

}

string ,

serviceConnectionId:

{

Description: Id of the service-connection created for the source-control. ,

Required: False ,

}

string ,

}

lastDeploymentInfo:

{

Description: Information regarding the latest deployment for the source control. ,

Required: False ,

}

{

deploymentFetchStatus:

{

Description: Status while fetching the last deployment. ,

Enum:

{

Success: No description available. ,

Unauthorized: No description available. ,

NotFound: No description available. ,

}

Required: False ,

}

enum ,

deployment:

{

Description: Deployment information. ,

Required: False ,

}

{

deploymentId:

{

Description: Deployment identifier. ,

Required: False ,

}

string ,

deploymentState:

{

Description: Current status of the deployment. ,

Enum:

{

In_Progress: No description available. ,

Completed: No description available. ,

Queued: No description available. ,

Canceling: No description available. ,

}

Required: False ,

}

enum ,

deploymentResult:

{

Description: The outcome of the deployment. ,

Enum:

{

Success: No description available. ,

Canceled: No description available. ,

Failed: No description available. ,

}

Required: False ,

}

enum ,

deploymentTime:

{

Description: The time when the deployment finished. ,

Format: date-time ,

Required: False ,

}

string ,

deploymentLogsUrl:

{

Description: Url to access repository action logs. ,

Required: False ,

}

string ,

}

message:

{

Description: Additional details about the deployment that can be shown to the user. ,

Required: False ,

}

string ,

}

pullRequest:

{

Description: Information regarding the pull request of the source control. ,

Required: False ,

}

{

url:

{

Description: URL of pull request ,

Required: False ,

}

string ,

state:

{

Description: State of the pull request ,

Required: False ,

}

object ,

}

⚐ Response (201)

{

properties:

{

Description: source control properties ,

Required: True ,

}

{

id:

{

Description: The id (a Guid) of the source control ,

Required: False ,

}

string ,

version:

{

Description: The version number associated with the source control ,

Enum:

{

V1: No description available. ,

V2: No description available. ,

}

Required: False ,

}

enum ,

displayName:

{

Description: The display name of the source control ,

Required: True ,

}

string ,

description:

{

Description: A description of the source control ,

Required: False ,

}

string ,

repoType:

{

Description: The repository type of the source control ,

Enum:

{

Github: No description available. ,

AzureDevOps: No description available. ,

}

Required: True ,

}

enum ,

contentTypes:

{

Description: Array of source control content types. ,

Required: True ,

}

[

string ,

]

repository:

{

Description: Repository metadata. ,

Required: True ,

}

{

url:

{

Description: Url of repository. ,

Required: True ,

}

string ,

branch:

{

Description: Branch name of repository. ,

Required: True ,

}

string ,

displayUrl:

{

Description: Display url of repository. ,

Required: False ,

}

string ,

deploymentLogsUrl:

{

Description: Url to access repository action logs. ,

Required: False ,

}

string ,

}

servicePrincipal:

{

Description: Service principal metadata. ,

Required: False ,

}

{

id:

{

Description: Id of service principal. ,

Required: False ,

}

string ,

tenantId:

{

Description: Tenant id of service principal. ,

Required: False ,

}

string ,

appId:

{

Description: App id of service principal. ,

Required: False ,

}

string ,

credentialsExpireOn:

{

Description: Expiration time of service principal credentials. ,

Format: date-time ,

Required: False ,

}

string ,

}

repositoryAccess:

{

Description: Repository access credentials. This is write-only object and it never returns back to a user. ,

Required: False ,

}

{

kind:

{

Description: The kind of repository access credentials ,

Enum:

{

OAuth: No description available. ,

PAT: No description available. ,

App: No description available. ,

}

Required: True ,

}

enum ,

code:

{

Description: OAuth Code. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

state:

{

Description: OAuth State. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

clientId:

{

Description: OAuth ClientId. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

token:

{

Description: Personal Access Token. Required when `kind` is `PAT` ,

Required: False ,

}

string ,

installationId:

{

Description: Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only. ,

Required: False ,

}

string ,

}

repositoryResourceInfo:

{

Description: Information regarding the resources created in user's repository. ,

Required: False ,

}

{

webhook:

{

Description: The webhook object created for the source-control. ,

Required: False ,

}

{

webhookId:

{

Description: Unique identifier for the webhook. ,

Required: False ,

}

string ,

webhookUrl:

{

Description: URL that gets invoked by the webhook. ,

Required: False ,

}

string ,

webhookSecretUpdateTime:

{

Description: Time when the webhook secret was updated. ,

Format: date-time ,

Required: False ,

}

string ,

rotateWebhookSecret:

{

Description: A flag to instruct the backend service to rotate webhook secret. ,

Required: False ,

}

boolean ,

}

gitHubResourceInfo:

{

Description: Resources created in GitHub for this source-control. ,

Required: False ,

}

{

appInstallationId:

{

Description: GitHub application installation id. ,

Required: False ,

}

string ,

}

azureDevOpsResourceInfo:

{

Description: Resources created in Azure DevOps for this source-control. ,

Required: False ,

}

{

pipelineId:

{

Description: Id of the pipeline created for the source-control. ,

Required: False ,

}

string ,

serviceConnectionId:

{

Description: Id of the service-connection created for the source-control. ,

Required: False ,

}

string ,

}

lastDeploymentInfo:

{

Description: Information regarding the latest deployment for the source control. ,

Required: False ,

}

{

deploymentFetchStatus:

{

Description: Status while fetching the last deployment. ,

Enum:

{

Success: No description available. ,

Unauthorized: No description available. ,

NotFound: No description available. ,

}

Required: False ,

}

enum ,

deployment:

{

Description: Deployment information. ,

Required: False ,

}

{

deploymentId:

{

Description: Deployment identifier. ,

Required: False ,

}

string ,

deploymentState:

{

Description: Current status of the deployment. ,

Enum:

{

In_Progress: No description available. ,

Completed: No description available. ,

Queued: No description available. ,

Canceling: No description available. ,

}

Required: False ,

}

enum ,

deploymentResult:

{

Description: The outcome of the deployment. ,

Enum:

{

Success: No description available. ,

Canceled: No description available. ,

Failed: No description available. ,

}

Required: False ,

}

enum ,

deploymentTime:

{

Description: The time when the deployment finished. ,

Format: date-time ,

Required: False ,

}

string ,

deploymentLogsUrl:

{

Description: Url to access repository action logs. ,

Required: False ,

}

string ,

}

message:

{

Description: Additional details about the deployment that can be shown to the user. ,

Required: False ,

}

string ,

}

pullRequest:

{

Description: Information regarding the pull request of the source control. ,

Required: False ,

}

{

url:

{

Description: URL of pull request ,

Required: False ,

}

string ,

state:

{

Description: State of the pull request ,

Required: False ,

}

object ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

SourceControls_Delete (new)

Description	: Delete a source control.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

sourceControlId:

{

Description: Source control Id ,

Required: True ,

}

string ,

repositoryAccess:

{

Description: The repository access credentials. ,

Required: True ,

}

{

properties:

{

Description: RepositoryAccess properties ,

Required: False ,

}

{

repositoryAccess:

{

Description: RepositoryAccess properties ,

Required: True ,

}

{

kind:

{

Description: The kind of repository access credentials ,

Enum:

{

OAuth: No description available. ,

PAT: No description available. ,

App: No description available. ,

}

Required: True ,

}

enum ,

code:

{

Description: OAuth Code. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

state:

{

Description: OAuth State. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

clientId:

{

Description: OAuth ClientId. Required when `kind` is `OAuth` ,

Required: False ,

}

string ,

token:

{

Description: Personal Access Token. Required when `kind` is `PAT` ,

Required: False ,

}

string ,

installationId:

{

Description: Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only. ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

warning:

{

Description: Warning data. ,

Required: False ,

}

{

code:

{

Description: An identifier for the warning. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

object ,

message:

{

Description: A message describing the warning, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

details:

{

Required: False ,

}

[

string ,

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ThreatIntelligenceIndicator_CreateIndicator (new)

Description	: Create a new threat intelligence indicator.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

ThreatIntelligenceProperties:

{

Description: Properties of threat intelligence indicators to create and update. ,

Required: True ,

}

{

properties:

{

Description: Threat Intelligence Entity properties ,

Required: False ,

}

{

threatIntelligenceTags:

{

Description: List of tags ,

Required: False ,

}

[

string ,

]

lastUpdatedTimeUtc:

{

Description: Last updated time in UTC ,

Required: False ,

}

string ,

source:

{

Description: Source of a threat intelligence entity ,

Required: False ,

}

string ,

displayName:

{

Description: Display name of a threat intelligence entity ,

Required: False ,

}

string ,

description:

{

Description: Description of a threat intelligence entity ,

Required: False ,

}

string ,

indicatorTypes:

{

Description: Indicator types of threat intelligence entities ,

Required: False ,

}

[

string ,

]

pattern:

{

Description: Pattern of a threat intelligence entity ,

Required: False ,

}

string ,

patternType:

{

Description: Pattern type of a threat intelligence entity ,

Required: False ,

}

string ,

patternVersion:

{

Description: Pattern version of a threat intelligence entity ,

Required: False ,

}

string ,

killChainPhases:

{

Description: Kill chain phases ,

Required: False ,

}

[

{

killChainName:

{

Description: Kill chainName name ,

Required: False ,

}

string ,

phaseName:

{

Description: Phase name ,

Required: False ,

}

string ,

}

]

parsedPattern:

{

Description: Parsed patterns ,

Required: False ,

}

[

{

patternTypeKey:

{

Description: Pattern type key ,

Required: False ,

}

string ,

patternTypeValues:

{

Description: Pattern type keys ,

Required: False ,

}

[

{

valueType:

{

Description: Type of the value ,

Required: False ,

}

string ,

value:

{

Description: Value of parsed pattern ,

Required: False ,

}

string ,

}

]

}

]

externalId:

{

Description: External ID of threat intelligence entity ,

Required: False ,

}

string ,

createdByRef:

{

Description: Created by reference of threat intelligence entity ,

Required: False ,

}

string ,

defanged:

{

Description: Is threat intelligence entity defanged ,

Required: False ,

}

boolean ,

externalLastUpdatedTimeUtc:

{

Description: External last updated time in UTC ,

Required: False ,

}

string ,

externalReferences:

{

Description: External References ,

Required: False ,

}

[

{

description:

{

Description: External reference description ,

Required: False ,

}

string ,

externalId:

{

Description: External reference ID ,

Required: False ,

}

string ,

sourceName:

{

Description: External reference source name ,

Required: False ,

}

string ,

url:

{

Description: External reference URL ,

Required: False ,

}

string ,

hashes:

{

Description: External reference hashes ,

Required: False ,

}

object ,

}

]

granularMarkings:

{

Description: Granular Markings ,

Required: False ,

}

[

{

language:

{

Description: Language granular marking model ,

Required: False ,

}

string ,

markingRef:

{

Description: marking reference granular marking model ,

Format: int32 ,

Required: False ,

}

integer ,

selectors:

{

Description: granular marking model selectors ,

Required: False ,

}

[

string ,

]

}

]

labels:

{

Description: Labels of threat intelligence entity ,

Required: False ,

}

[

string ,

]

revoked:

{

Description: Is threat intelligence entity revoked ,

Required: False ,

}

boolean ,

confidence:

{

Description: Confidence of threat intelligence entity ,

Format: int32 ,

Required: False ,

}

integer ,

objectMarkingRefs:

{

Description: Threat intelligence entity object marking references ,

Required: False ,

}

[

string ,

]

language:

{

Description: Language of threat intelligence entity ,

Required: False ,

}

string ,

threatTypes:

{

Description: Threat types ,

Required: False ,

}

[

string ,

]

validFrom:

{

Description: Valid from ,

Required: False ,

}

string ,

validUntil:

{

Description: Valid until ,

Required: False ,

}

string ,

created:

{

Description: Created by ,

Required: False ,

}

string ,

modified:

{

Description: Modified by ,

Required: False ,

}

string ,

extensions:

{

Description: Extensions map ,

Required: False ,

}

object ,

}

⚐ Response (200)

{

kind:

{

Description: The kind of the entity. ,

Enum:

{

indicator: Entity represents threat intelligence indicator in the system. ,

}

Required: True ,

}

enum ,

}

⚐ Response (201)

{

kind:

{

Description: The kind of the entity. ,

Enum:

{

indicator: Entity represents threat intelligence indicator in the system. ,

}

Required: True ,

}

enum ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ThreatIntelligenceIndicators_List (new)

Description	: Get all threat intelligence indicators.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

$filter:

{

Description: Filters the results, based on a Boolean condition. Optional. ,

Required: False ,

}

string ,

$top:

{

Description: Returns only the first n results. Optional. ,

Format: int32 ,

Required: False ,

}

integer ,

$skipToken:

{

Required: False ,

}

string ,

$orderby:

{

Description: Sorts the results. Optional. ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

nextLink:

{

Description: URL to fetch the next set of information objects. ,

Required: False ,

}

string ,

value:

{

Description: Array of threat intelligence information objects. ,

Required: True ,

}

[

{

kind:

{

Description: The kind of the entity. ,

Enum:

{

indicator: Entity represents threat intelligence indicator in the system. ,

}

Required: True ,

}

enum ,

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ThreatIntelligenceIndicator_Get (new)

Description	: View a threat intelligence indicator by name.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

name:

{

Description: Threat intelligence indicator name field. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

kind:

{

Description: The kind of the entity. ,

Enum:

{

indicator: Entity represents threat intelligence indicator in the system. ,

}

Required: True ,

}

enum ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ThreatIntelligenceIndicator_Create (new)

Description	: Update a threat Intelligence indicator.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

name:

{

Description: Threat intelligence indicator name field. ,

Required: True ,

}

string ,

ThreatIntelligenceProperties:

{

Description: Properties of threat intelligence indicators to create and update. ,

Required: True ,

}

{

properties:

{

Description: Threat Intelligence Entity properties ,

Required: False ,

}

{

threatIntelligenceTags:

{

Description: List of tags ,

Required: False ,

}

[

string ,

]

lastUpdatedTimeUtc:

{

Description: Last updated time in UTC ,

Required: False ,

}

string ,

source:

{

Description: Source of a threat intelligence entity ,

Required: False ,

}

string ,

displayName:

{

Description: Display name of a threat intelligence entity ,

Required: False ,

}

string ,

description:

{

Description: Description of a threat intelligence entity ,

Required: False ,

}

string ,

indicatorTypes:

{

Description: Indicator types of threat intelligence entities ,

Required: False ,

}

[

string ,

]

pattern:

{

Description: Pattern of a threat intelligence entity ,

Required: False ,

}

string ,

patternType:

{

Description: Pattern type of a threat intelligence entity ,

Required: False ,

}

string ,

patternVersion:

{

Description: Pattern version of a threat intelligence entity ,

Required: False ,

}

string ,

killChainPhases:

{

Description: Kill chain phases ,

Required: False ,

}

[

{

killChainName:

{

Description: Kill chainName name ,

Required: False ,

}

string ,

phaseName:

{

Description: Phase name ,

Required: False ,

}

string ,

}

]

parsedPattern:

{

Description: Parsed patterns ,

Required: False ,

}

[

{

patternTypeKey:

{

Description: Pattern type key ,

Required: False ,

}

string ,

patternTypeValues:

{

Description: Pattern type keys ,

Required: False ,

}

[

{

valueType:

{

Description: Type of the value ,

Required: False ,

}

string ,

value:

{

Description: Value of parsed pattern ,

Required: False ,

}

string ,

}

]

}

]

externalId:

{

Description: External ID of threat intelligence entity ,

Required: False ,

}

string ,

createdByRef:

{

Description: Created by reference of threat intelligence entity ,

Required: False ,

}

string ,

defanged:

{

Description: Is threat intelligence entity defanged ,

Required: False ,

}

boolean ,

externalLastUpdatedTimeUtc:

{

Description: External last updated time in UTC ,

Required: False ,

}

string ,

externalReferences:

{

Description: External References ,

Required: False ,

}

[

{

description:

{

Description: External reference description ,

Required: False ,

}

string ,

externalId:

{

Description: External reference ID ,

Required: False ,

}

string ,

sourceName:

{

Description: External reference source name ,

Required: False ,

}

string ,

url:

{

Description: External reference URL ,

Required: False ,

}

string ,

hashes:

{

Description: External reference hashes ,

Required: False ,

}

object ,

}

]

granularMarkings:

{

Description: Granular Markings ,

Required: False ,

}

[

{

language:

{

Description: Language granular marking model ,

Required: False ,

}

string ,

markingRef:

{

Description: marking reference granular marking model ,

Format: int32 ,

Required: False ,

}

integer ,

selectors:

{

Description: granular marking model selectors ,

Required: False ,

}

[

string ,

]

}

]

labels:

{

Description: Labels of threat intelligence entity ,

Required: False ,

}

[

string ,

]

revoked:

{

Description: Is threat intelligence entity revoked ,

Required: False ,

}

boolean ,

confidence:

{

Description: Confidence of threat intelligence entity ,

Format: int32 ,

Required: False ,

}

integer ,

objectMarkingRefs:

{

Description: Threat intelligence entity object marking references ,

Required: False ,

}

[

string ,

]

language:

{

Description: Language of threat intelligence entity ,

Required: False ,

}

string ,

threatTypes:

{

Description: Threat types ,

Required: False ,

}

[

string ,

]

validFrom:

{

Description: Valid from ,

Required: False ,

}

string ,

validUntil:

{

Description: Valid until ,

Required: False ,

}

string ,

created:

{

Description: Created by ,

Required: False ,

}

string ,

modified:

{

Description: Modified by ,

Required: False ,

}

string ,

extensions:

{

Description: Extensions map ,

Required: False ,

}

object ,

}

⚐ Response (200)

{

kind:

{

Description: The kind of the entity. ,

Enum:

{

indicator: Entity represents threat intelligence indicator in the system. ,

}

Required: True ,

}

enum ,

}

⚐ Response (201)

{

kind:

{

Description: The kind of the entity. ,

Enum:

{

indicator: Entity represents threat intelligence indicator in the system. ,

}

Required: True ,

}

enum ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ThreatIntelligenceIndicator_Delete (new)

Description	: Delete a threat intelligence indicator.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

name:

{

Description: Threat intelligence indicator name field. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ThreatIntelligenceIndicator_QueryIndicators (new)

Description	: Query threat intelligence indicators as per filtering criteria.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

ThreatIntelligenceFilteringCriteria:

{

Description: Filtering criteria for querying threat intelligence indicators. ,

Required: True ,

}

{

pageSize:

{

Description: Page size ,

Format: int32 ,

Required: False ,

}

integer ,

minConfidence:

{

Description: Minimum confidence. ,

Format: int32 ,

Required: False ,

}

integer ,

maxConfidence:

{

Description: Maximum confidence. ,

Format: int32 ,

Required: False ,

}

integer ,

minValidUntil:

{

Description: Start time for ValidUntil filter. ,

Required: False ,

}

string ,

maxValidUntil:

{

Description: End time for ValidUntil filter. ,

Required: False ,

}

string ,

includeDisabled:

{

Description: Parameter to include/exclude disabled indicators. ,

Required: False ,

}

boolean ,

sortBy:

{

Description: Columns to sort by and sorting order ,

Required: False ,

}

[

{

itemKey:

{

Description: Column name ,

Required: False ,

}

string ,

sortOrder:

{

Description: Sorting order (ascending/descending/unsorted). ,

Enum:

{

unsorted: No description available. ,

ascending: No description available. ,

descending: No description available. ,

}

Required: False ,

}

enum ,

}

]

sources:

{

Description: Sources of threat intelligence indicators ,

Required: False ,

}

[

string ,

]

patternTypes:

{

Description: Pattern types ,

Required: False ,

}

[

string ,

]

threatTypes:

{

Description: Threat types of threat intelligence indicators ,

Required: False ,

}

[

string ,

]

ids:

{

Description: Ids of threat intelligence indicators ,

Required: False ,

}

[

string ,

]

keywords:

{

Description: Keywords for searching threat intelligence indicators ,

Required: False ,

}

[

string ,

]

skipToken:

{

Description: Skip token. ,

Required: False ,

}

string ,

}

⚐ Response (200)

{

nextLink:

{

Description: URL to fetch the next set of information objects. ,

Required: False ,

}

string ,

value:

{

Description: Array of threat intelligence information objects. ,

Required: True ,

}

[

{

kind:

{

Description: The kind of the entity. ,

Enum:

{

indicator: Entity represents threat intelligence indicator in the system. ,

}

Required: True ,

}

enum ,

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ThreatIntelligenceIndicatorMetrics_List (new)

Description	: Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source).
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

value:

{

Description: Array of threat intelligence metric fields (type/threat type/source). ,

Required: True ,

}

[

{

properties:

{

Description: Threat intelligence metrics. ,

Required: False ,

}

{

lastUpdatedTimeUtc:

{

Description: Last updated indicator metric ,

Required: False ,

}

string ,

threatTypeMetrics:

{

Description: Threat type metrics ,

Required: False ,

}

[

{

metricName:

{

Description: Metric name ,

Required: False ,

}

string ,

metricValue:

{

Description: Metric value ,

Format: int32 ,

Required: False ,

}

integer ,

}

]

patternTypeMetrics:

{

Description: Pattern type metrics ,

Required: False ,

}

[

{

metricName:

{

Description: Metric name ,

Required: False ,

}

string ,

metricValue:

{

Description: Metric value ,

Format: int32 ,

Required: False ,

}

integer ,

}

]

sourceMetrics:

{

Description: Source metrics ,

Required: False ,

}

[

{

metricName:

{

Description: Metric name ,

Required: False ,

}

string ,

metricValue:

{

Description: Metric value ,

Format: int32 ,

Required: False ,

}

integer ,

}

]

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ThreatIntelligenceIndicator_AppendTags (new)

Description	: Append tags to a threat intelligence indicator.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

name:

{

Description: Threat intelligence indicator name field. ,

Required: True ,

}

string ,

ThreatIntelligenceAppendTags:

{

Description: The threat intelligence append tags request body ,

Required: True ,

}

{

threatIntelligenceTags:

{

Description: List of tags to be appended. ,

Required: False ,

}

[

string ,

]

}

⚐ Response (200)

{}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

ThreatIntelligenceIndicator_ReplaceTags (new)

Description	: Replace tags added to a threat intelligence indicator.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

name:

{

Description: Threat intelligence indicator name field. ,

Required: True ,

}

string ,

ThreatIntelligenceReplaceTags:

{

Description: Tags in the threat intelligence indicator to be replaced. ,

Required: True ,

}

{

properties:

{

Description: Threat Intelligence Entity properties ,

Required: False ,

}

{

threatIntelligenceTags:

{

Description: List of tags ,

Required: False ,

}

[

string ,

]

lastUpdatedTimeUtc:

{

Description: Last updated time in UTC ,

Required: False ,

}

string ,

source:

{

Description: Source of a threat intelligence entity ,

Required: False ,

}

string ,

displayName:

{

Description: Display name of a threat intelligence entity ,

Required: False ,

}

string ,

description:

{

Description: Description of a threat intelligence entity ,

Required: False ,

}

string ,

indicatorTypes:

{

Description: Indicator types of threat intelligence entities ,

Required: False ,

}

[

string ,

]

pattern:

{

Description: Pattern of a threat intelligence entity ,

Required: False ,

}

string ,

patternType:

{

Description: Pattern type of a threat intelligence entity ,

Required: False ,

}

string ,

patternVersion:

{

Description: Pattern version of a threat intelligence entity ,

Required: False ,

}

string ,

killChainPhases:

{

Description: Kill chain phases ,

Required: False ,

}

[

{

killChainName:

{

Description: Kill chainName name ,

Required: False ,

}

string ,

phaseName:

{

Description: Phase name ,

Required: False ,

}

string ,

}

]

parsedPattern:

{

Description: Parsed patterns ,

Required: False ,

}

[

{

patternTypeKey:

{

Description: Pattern type key ,

Required: False ,

}

string ,

patternTypeValues:

{

Description: Pattern type keys ,

Required: False ,

}

[

{

valueType:

{

Description: Type of the value ,

Required: False ,

}

string ,

value:

{

Description: Value of parsed pattern ,

Required: False ,

}

string ,

}

]

}

]

externalId:

{

Description: External ID of threat intelligence entity ,

Required: False ,

}

string ,

createdByRef:

{

Description: Created by reference of threat intelligence entity ,

Required: False ,

}

string ,

defanged:

{

Description: Is threat intelligence entity defanged ,

Required: False ,

}

boolean ,

externalLastUpdatedTimeUtc:

{

Description: External last updated time in UTC ,

Required: False ,

}

string ,

externalReferences:

{

Description: External References ,

Required: False ,

}

[

{

description:

{

Description: External reference description ,

Required: False ,

}

string ,

externalId:

{

Description: External reference ID ,

Required: False ,

}

string ,

sourceName:

{

Description: External reference source name ,

Required: False ,

}

string ,

url:

{

Description: External reference URL ,

Required: False ,

}

string ,

hashes:

{

Description: External reference hashes ,

Required: False ,

}

object ,

}

]

granularMarkings:

{

Description: Granular Markings ,

Required: False ,

}

[

{

language:

{

Description: Language granular marking model ,

Required: False ,

}

string ,

markingRef:

{

Description: marking reference granular marking model ,

Format: int32 ,

Required: False ,

}

integer ,

selectors:

{

Description: granular marking model selectors ,

Required: False ,

}

[

string ,

]

}

]

labels:

{

Description: Labels of threat intelligence entity ,

Required: False ,

}

[

string ,

]

revoked:

{

Description: Is threat intelligence entity revoked ,

Required: False ,

}

boolean ,

confidence:

{

Description: Confidence of threat intelligence entity ,

Format: int32 ,

Required: False ,

}

integer ,

objectMarkingRefs:

{

Description: Threat intelligence entity object marking references ,

Required: False ,

}

[

string ,

]

language:

{

Description: Language of threat intelligence entity ,

Required: False ,

}

string ,

threatTypes:

{

Description: Threat types ,

Required: False ,

}

[

string ,

]

validFrom:

{

Description: Valid from ,

Required: False ,

}

string ,

validUntil:

{

Description: Valid until ,

Required: False ,

}

string ,

created:

{

Description: Created by ,

Required: False ,

}

string ,

modified:

{

Description: Modified by ,

Required: False ,

}

string ,

extensions:

{

Description: Extensions map ,

Required: False ,

}

object ,

}

⚐ Response (200)

{

kind:

{

Description: The kind of the entity. ,

Enum:

{

indicator: Entity represents threat intelligence indicator in the system. ,

}

Required: True ,

}

enum ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Watchlists_List (new)

Description	: Get all watchlists, without watchlist items.
Reference	: Link ¶

⚼ Request

GET: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

$skipToken:

{

Required: False ,

}

string ,

}

⚐ Response (200)

{

nextLink:

{

Description: URL to fetch the next set of watchlists. ,

Required: False ,

}

string ,

value:

{

Description: Array of watchlist. ,

Required: True ,

}

[

{

properties:

{

Description: Watchlist properties ,

Required: False ,

}

{

watchlistId:

{

Description: The id (a Guid) of the watchlist ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the watchlist ,

Required: True ,

}

string ,

provider:

{

Description: The provider of the watchlist ,

Required: True ,

}

string ,

source:

{

Description: The filename of the watchlist, called 'source' ,

Required: False ,

}

string ,

sourceType:

{

Description: The sourceType of the watchlist ,

Enum:

{

Local file: The source from local file. ,

Remote storage: The source from remote storage. ,

}

Required: False ,

}

enum ,

created:

{

Description: The time the watchlist was created ,

Format: date-time ,

Required: False ,

}

string ,

updated:

{

Description: The last time the watchlist was updated ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Describes a user that created the watchlist ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

updatedBy:

{

Description: Describes a user that updated the watchlist ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

description:

{

Description: A description of the watchlist ,

Required: False ,

}

string ,

watchlistType:

{

Description: The type of the watchlist ,

Required: False ,

}

string ,

watchlistAlias:

{

Description: The alias of the watchlist ,

Required: False ,

}

string ,

isDeleted:

{

Description: A flag that indicates if the watchlist is deleted or not ,

Required: False ,

}

boolean ,

labels:

{

Description: List of labels relevant to this watchlist ,

Required: False ,

}

[

string ,

]

defaultDuration:

{

Description: The default duration of a watchlist (in ISO 8601 duration format) ,

Format: duration ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenantId where the watchlist belongs to ,

Required: False ,

}

string ,

numberOfLinesToSkip:

{

Description: The number of lines in a csv/tsv content to skip before the header ,

Format: int32 ,

Required: False ,

}

integer ,

rawContent:

{

Description: The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint ,

Required: False ,

}

string ,

itemsSearchKey:

{

Description: The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address. ,

Required: True ,

}

string ,

contentType:

{

Description: The content type of the raw content. Example : text/csv or text/tsv ,

Required: False ,

}

string ,

uploadStatus:

{

Description: The status of the Watchlist upload : New, InProgress or Complete. **Note** : When a Watchlist upload status is InProgress, the Watchlist cannot be deleted ,

Required: False ,

}

string ,

provisioningState:

{

Description: Describes provisioning state ,

Enum:

{

New: The New provisioning state. ,

InProgress: The InProgress provisioning state. ,

Uploading: The Uploading provisioning state. ,

Deleting: The Deleting provisioning state. ,

Succeeded: The Succeeded provisioning state. ,

Failed: The Failed provisioning state. ,

Canceled: The Canceled provisioning state. ,

}

Required: False ,

}

enum ,

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Watchlists_Get (new)

Description	: Get a watchlist, without its watchlist items.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

watchlistAlias:

{

Description: The watchlist alias ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: Watchlist properties ,

Required: False ,

}

{

watchlistId:

{

Description: The id (a Guid) of the watchlist ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the watchlist ,

Required: True ,

}

string ,

provider:

{

Description: The provider of the watchlist ,

Required: True ,

}

string ,

source:

{

Description: The filename of the watchlist, called 'source' ,

Required: False ,

}

string ,

sourceType:

{

Description: The sourceType of the watchlist ,

Enum:

{

Local file: The source from local file. ,

Remote storage: The source from remote storage. ,

}

Required: False ,

}

enum ,

created:

{

Description: The time the watchlist was created ,

Format: date-time ,

Required: False ,

}

string ,

updated:

{

Description: The last time the watchlist was updated ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Describes a user that created the watchlist ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

updatedBy:

{

Description: Describes a user that updated the watchlist ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

description:

{

Description: A description of the watchlist ,

Required: False ,

}

string ,

watchlistType:

{

Description: The type of the watchlist ,

Required: False ,

}

string ,

watchlistAlias:

{

Description: The alias of the watchlist ,

Required: False ,

}

string ,

isDeleted:

{

Description: A flag that indicates if the watchlist is deleted or not ,

Required: False ,

}

boolean ,

labels:

{

Description: List of labels relevant to this watchlist ,

Required: False ,

}

[

string ,

]

defaultDuration:

{

Description: The default duration of a watchlist (in ISO 8601 duration format) ,

Format: duration ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenantId where the watchlist belongs to ,

Required: False ,

}

string ,

numberOfLinesToSkip:

{

Description: The number of lines in a csv/tsv content to skip before the header ,

Format: int32 ,

Required: False ,

}

integer ,

rawContent:

{

Description: The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint ,

Required: False ,

}

string ,

itemsSearchKey:

{

Required: True ,

}

string ,

contentType:

{

Description: The content type of the raw content. Example : text/csv or text/tsv ,

Required: False ,

}

string ,

uploadStatus:

{

Description: The status of the Watchlist upload : New, InProgress or Complete. **Note** : When a Watchlist upload status is InProgress, the Watchlist cannot be deleted ,

Required: False ,

}

string ,

provisioningState:

{

Description: Describes provisioning state ,

Enum:

{

New: The New provisioning state. ,

InProgress: The InProgress provisioning state. ,

Uploading: The Uploading provisioning state. ,

Deleting: The Deleting provisioning state. ,

Succeeded: The Succeeded provisioning state. ,

Failed: The Failed provisioning state. ,

Canceled: The Canceled provisioning state. ,

}

Required: False ,

}

enum ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

Watchlists_Delete (new)

Description	: Delete a watchlist.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

watchlistAlias:

{

Description: The watchlist alias ,

Required: True ,

}

string ,

}

⚐ Response (202)

{

azure-asyncoperation:

{

Description: Contains the status URL on which clients are expected to poll the status of the delete operation. ,

}

string ,

location:

{

Description: Location URL to poll for result. ,

}

string ,

}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

Watchlists_CreateOrUpdate (new)

Description	: Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint with rawContent and contentType properties.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

watchlistAlias:

{

Description: The watchlist alias ,

Required: True ,

}

string ,

watchlist:

{

Description: The watchlist ,

Required: True ,

}

{

properties:

{

Description: Watchlist properties ,

Required: False ,

}

{

watchlistId:

{

Description: The id (a Guid) of the watchlist ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the watchlist ,

Required: True ,

}

string ,

provider:

{

Description: The provider of the watchlist ,

Required: True ,

}

string ,

source:

{

Description: The filename of the watchlist, called 'source' ,

Required: False ,

}

string ,

sourceType:

{

Description: The sourceType of the watchlist ,

Enum:

{

Local file: The source from local file. ,

Remote storage: The source from remote storage. ,

}

Required: False ,

}

enum ,

created:

{

Description: The time the watchlist was created ,

Format: date-time ,

Required: False ,

}

string ,

updated:

{

Description: The last time the watchlist was updated ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Describes a user that created the watchlist ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

updatedBy:

{

Description: Describes a user that updated the watchlist ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

description:

{

Description: A description of the watchlist ,

Required: False ,

}

string ,

watchlistType:

{

Description: The type of the watchlist ,

Required: False ,

}

string ,

watchlistAlias:

{

Description: The alias of the watchlist ,

Required: False ,

}

string ,

isDeleted:

{

Description: A flag that indicates if the watchlist is deleted or not ,

Required: False ,

}

boolean ,

labels:

{

Description: List of labels relevant to this watchlist ,

Required: False ,

}

[

string ,

]

defaultDuration:

{

Description: The default duration of a watchlist (in ISO 8601 duration format) ,

Format: duration ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenantId where the watchlist belongs to ,

Required: False ,

}

string ,

numberOfLinesToSkip:

{

Description: The number of lines in a csv/tsv content to skip before the header ,

Format: int32 ,

Required: False ,

}

integer ,

rawContent:

{

Description: The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint ,

Required: False ,

}

string ,

itemsSearchKey:

{

Required: True ,

}

string ,

contentType:

{

Description: The content type of the raw content. Example : text/csv or text/tsv ,

Required: False ,

}

string ,

uploadStatus:

{

Description: The status of the Watchlist upload : New, InProgress or Complete. **Note** : When a Watchlist upload status is InProgress, the Watchlist cannot be deleted ,

Required: False ,

}

string ,

provisioningState:

{

Description: Describes provisioning state ,

Enum:

{

New: The New provisioning state. ,

InProgress: The InProgress provisioning state. ,

Uploading: The Uploading provisioning state. ,

Deleting: The Deleting provisioning state. ,

Succeeded: The Succeeded provisioning state. ,

Failed: The Failed provisioning state. ,

Canceled: The Canceled provisioning state. ,

}

Required: False ,

}

enum ,

}

⚐ Response (200)

{

properties:

{

Description: Watchlist properties ,

Required: False ,

}

{

watchlistId:

{

Description: The id (a Guid) of the watchlist ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the watchlist ,

Required: True ,

}

string ,

provider:

{

Description: The provider of the watchlist ,

Required: True ,

}

string ,

source:

{

Description: The filename of the watchlist, called 'source' ,

Required: False ,

}

string ,

sourceType:

{

Description: The sourceType of the watchlist ,

Enum:

{

Local file: The source from local file. ,

Remote storage: The source from remote storage. ,

}

Required: False ,

}

enum ,

created:

{

Description: The time the watchlist was created ,

Format: date-time ,

Required: False ,

}

string ,

updated:

{

Description: The last time the watchlist was updated ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Describes a user that created the watchlist ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

updatedBy:

{

Description: Describes a user that updated the watchlist ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

description:

{

Description: A description of the watchlist ,

Required: False ,

}

string ,

watchlistType:

{

Description: The type of the watchlist ,

Required: False ,

}

string ,

watchlistAlias:

{

Description: The alias of the watchlist ,

Required: False ,

}

string ,

isDeleted:

{

Description: A flag that indicates if the watchlist is deleted or not ,

Required: False ,

}

boolean ,

labels:

{

Description: List of labels relevant to this watchlist ,

Required: False ,

}

[

string ,

]

defaultDuration:

{

Description: The default duration of a watchlist (in ISO 8601 duration format) ,

Format: duration ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenantId where the watchlist belongs to ,

Required: False ,

}

string ,

numberOfLinesToSkip:

{

Description: The number of lines in a csv/tsv content to skip before the header ,

Format: int32 ,

Required: False ,

}

integer ,

rawContent:

{

Description: The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint ,

Required: False ,

}

string ,

itemsSearchKey:

{

Required: True ,

}

string ,

contentType:

{

Description: The content type of the raw content. Example : text/csv or text/tsv ,

Required: False ,

}

string ,

uploadStatus:

{

Description: The status of the Watchlist upload : New, InProgress or Complete. **Note** : When a Watchlist upload status is InProgress, the Watchlist cannot be deleted ,

Required: False ,

}

string ,

provisioningState:

{

Description: Describes provisioning state ,

Enum:

{

New: The New provisioning state. ,

InProgress: The InProgress provisioning state. ,

Uploading: The Uploading provisioning state. ,

Deleting: The Deleting provisioning state. ,

Succeeded: The Succeeded provisioning state. ,

Failed: The Failed provisioning state. ,

Canceled: The Canceled provisioning state. ,

}

Required: False ,

}

enum ,

}

⚐ Response (201)

{

$headers:

{

azure-asyncoperation:

{

Description: Contains the status URL on which clients are expected to poll the status of the operation. ,

}

string ,

}

$schema:

{

Description: Represents a Watchlist in Azure Security Insights. ,

}

{

properties:

{

Description: Watchlist properties ,

Required: False ,

}

{

watchlistId:

{

Description: The id (a Guid) of the watchlist ,

Required: False ,

}

string ,

displayName:

{

Description: The display name of the watchlist ,

Required: True ,

}

string ,

provider:

{

Description: The provider of the watchlist ,

Required: True ,

}

string ,

source:

{

Description: The filename of the watchlist, called 'source' ,

Required: False ,

}

string ,

sourceType:

{

Description: The sourceType of the watchlist ,

Enum:

{

Local file: The source from local file. ,

Remote storage: The source from remote storage. ,

}

Required: False ,

}

enum ,

created:

{

Description: The time the watchlist was created ,

Format: date-time ,

Required: False ,

}

string ,

updated:

{

Description: The last time the watchlist was updated ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Describes a user that created the watchlist ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

updatedBy:

{

Description: Describes a user that updated the watchlist ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

description:

{

Description: A description of the watchlist ,

Required: False ,

}

string ,

watchlistType:

{

Description: The type of the watchlist ,

Required: False ,

}

string ,

watchlistAlias:

{

Description: The alias of the watchlist ,

Required: False ,

}

string ,

isDeleted:

{

Description: A flag that indicates if the watchlist is deleted or not ,

Required: False ,

}

boolean ,

labels:

{

Description: List of labels relevant to this watchlist ,

Required: False ,

}

[

string ,

]

defaultDuration:

{

Description: The default duration of a watchlist (in ISO 8601 duration format) ,

Format: duration ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenantId where the watchlist belongs to ,

Required: False ,

}

string ,

numberOfLinesToSkip:

{

Description: The number of lines in a csv/tsv content to skip before the header ,

Format: int32 ,

Required: False ,

}

integer ,

rawContent:

{

Description: The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint ,

Required: False ,

}

string ,

itemsSearchKey:

{

Required: True ,

}

string ,

contentType:

{

Description: The content type of the raw content. Example : text/csv or text/tsv ,

Required: False ,

}

string ,

uploadStatus:

{

Description: The status of the Watchlist upload : New, InProgress or Complete. **Note** : When a Watchlist upload status is InProgress, the Watchlist cannot be deleted ,

Required: False ,

}

string ,

provisioningState:

{

Description: Describes provisioning state ,

Enum:

{

New: The New provisioning state. ,

InProgress: The InProgress provisioning state. ,

Uploading: The Uploading provisioning state. ,

Deleting: The Deleting provisioning state. ,

Succeeded: The Succeeded provisioning state. ,

Failed: The Failed provisioning state. ,

Canceled: The Canceled provisioning state. ,

}

Required: False ,

}

enum ,

}

⚐ Response (default)

{

error:

{

Description: The error object. ,

Required: False ,

}

{

code:

{

Description: The error code. ,

Required: False ,

}

string ,

message:

{

Description: The error message. ,

Required: False ,

}

string ,

target:

{

Description: The error target. ,

Required: False ,

}

string ,

details:

{

Description: The error details. ,

Required: False ,

}

[

string ,

]

additionalInfo:

{

Description: The error additional info. ,

Required: False ,

}

[

{

type:

{

Description: The additional info type. ,

Required: False ,

}

string ,

info:

{

Description: The additional info. ,

Required: False ,

}

object ,

}

]

}

WatchlistItems_List (new)

Description	: Get all watchlist Items.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

watchlistAlias:

{

Description: The watchlist alias ,

Required: True ,

}

string ,

$skipToken:

{

Required: False ,

}

string ,

}

⚐ Response (200)

{

nextLink:

{

Description: URL to fetch the next set of watchlist items. ,

Required: False ,

}

string ,

value:

{

Description: Array of watchlist items. ,

Required: True ,

}

[

{

properties:

{

Description: Watchlist Item properties ,

Required: False ,

}

{

watchlistItemType:

{

Description: The type of the watchlist item ,

Required: False ,

}

string ,

watchlistItemId:

{

Description: The id (a Guid) of the watchlist item ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenantId to which the watchlist item belongs to ,

Required: False ,

}

string ,

isDeleted:

{

Description: A flag that indicates if the watchlist item is deleted or not ,

Required: False ,

}

boolean ,

created:

{

Description: The time the watchlist item was created ,

Format: date-time ,

Required: False ,

}

string ,

updated:

{

Description: The last time the watchlist item was updated ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Describes a user that created the watchlist item ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

updatedBy:

{

Description: Describes a user that updated the watchlist item ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

itemsKeyValue:

{

Description: key-value pairs for a watchlist item ,

Required: True ,

}

object ,

entityMapping:

{

Description: key-value pairs for a watchlist item entity mapping ,

Required: False ,

}

object ,

}

]

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

WatchlistItems_Get (new)

Description	: Get a watchlist item.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

watchlistAlias:

{

Description: The watchlist alias ,

Required: True ,

}

string ,

watchlistItemId:

{

Description: The watchlist item id (GUID) ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

properties:

{

Description: Watchlist Item properties ,

Required: False ,

}

{

watchlistItemType:

{

Description: The type of the watchlist item ,

Required: False ,

}

string ,

watchlistItemId:

{

Description: The id (a Guid) of the watchlist item ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenantId to which the watchlist item belongs to ,

Required: False ,

}

string ,

isDeleted:

{

Description: A flag that indicates if the watchlist item is deleted or not ,

Required: False ,

}

boolean ,

created:

{

Description: The time the watchlist item was created ,

Format: date-time ,

Required: False ,

}

string ,

updated:

{

Description: The last time the watchlist item was updated ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Describes a user that created the watchlist item ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

updatedBy:

{

Description: Describes a user that updated the watchlist item ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

itemsKeyValue:

{

Description: key-value pairs for a watchlist item ,

Required: True ,

}

object ,

entityMapping:

{

Description: key-value pairs for a watchlist item entity mapping ,

Required: False ,

}

object ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

WatchlistItems_Delete (new)

Description	: Delete a watchlist item.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

watchlistAlias:

{

Description: The watchlist alias ,

Required: True ,

}

string ,

watchlistItemId:

{

Description: The watchlist item id (GUID) ,

Required: True ,

}

string ,

}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

WatchlistItems_CreateOrUpdate (new)

Description	: Create or update a watchlist item.
Reference	: Link ¶

⚼ Request

{

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

watchlistAlias:

{

Description: The watchlist alias ,

Required: True ,

}

string ,

watchlistItemId:

{

Description: The watchlist item id (GUID) ,

Required: True ,

}

string ,

watchlistItem:

{

Description: The watchlist item ,

Required: True ,

}

{

properties:

{

Description: Watchlist Item properties ,

Required: False ,

}

{

watchlistItemType:

{

Description: The type of the watchlist item ,

Required: False ,

}

string ,

watchlistItemId:

{

Description: The id (a Guid) of the watchlist item ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenantId to which the watchlist item belongs to ,

Required: False ,

}

string ,

isDeleted:

{

Description: A flag that indicates if the watchlist item is deleted or not ,

Required: False ,

}

boolean ,

created:

{

Description: The time the watchlist item was created ,

Format: date-time ,

Required: False ,

}

string ,

updated:

{

Description: The last time the watchlist item was updated ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Describes a user that created the watchlist item ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

updatedBy:

{

Description: Describes a user that updated the watchlist item ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

itemsKeyValue:

{

Description: key-value pairs for a watchlist item ,

Required: True ,

}

object ,

entityMapping:

{

Description: key-value pairs for a watchlist item entity mapping ,

Required: False ,

}

object ,

}

⚐ Response (200)

{

properties:

{

Description: Watchlist Item properties ,

Required: False ,

}

{

watchlistItemType:

{

Description: The type of the watchlist item ,

Required: False ,

}

string ,

watchlistItemId:

{

Description: The id (a Guid) of the watchlist item ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenantId to which the watchlist item belongs to ,

Required: False ,

}

string ,

isDeleted:

{

Description: A flag that indicates if the watchlist item is deleted or not ,

Required: False ,

}

boolean ,

created:

{

Description: The time the watchlist item was created ,

Format: date-time ,

Required: False ,

}

string ,

updated:

{

Description: The last time the watchlist item was updated ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Describes a user that created the watchlist item ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

updatedBy:

{

Description: Describes a user that updated the watchlist item ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

itemsKeyValue:

{

Description: key-value pairs for a watchlist item ,

Required: True ,

}

object ,

entityMapping:

{

Description: key-value pairs for a watchlist item entity mapping ,

Required: False ,

}

object ,

}

⚐ Response (201)

{

properties:

{

Description: Watchlist Item properties ,

Required: False ,

}

{

watchlistItemType:

{

Description: The type of the watchlist item ,

Required: False ,

}

string ,

watchlistItemId:

{

Description: The id (a Guid) of the watchlist item ,

Required: False ,

}

string ,

tenantId:

{

Description: The tenantId to which the watchlist item belongs to ,

Required: False ,

}

string ,

isDeleted:

{

Description: A flag that indicates if the watchlist item is deleted or not ,

Required: False ,

}

boolean ,

created:

{

Description: The time the watchlist item was created ,

Format: date-time ,

Required: False ,

}

string ,

updated:

{

Description: The last time the watchlist item was updated ,

Format: date-time ,

Required: False ,

}

string ,

createdBy:

{

Description: Describes a user that created the watchlist item ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

updatedBy:

{

Description: Describes a user that updated the watchlist item ,

Required: False ,

}

{

email:

{

Description: The email of the user. ,

Required: False ,

}

string ,

name:

{

Description: The name of the user. ,

Required: False ,

}

string ,

objectId:

{

Description: The object id of the user. ,

Format: uuid ,

Required: False ,

}

string ,

}

itemsKeyValue:

{

Description: key-value pairs for a watchlist item ,

Required: True ,

}

object ,

entityMapping:

{

Description: key-value pairs for a watchlist item entity mapping ,

Required: False ,

}

object ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

DataConnectorDefinitions_List (new)

Description	: Gets all data connector definitions.
Reference	: Link ¶

⚼ Request

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

value:

{

Required: False ,

}

[

{

kind:

{

Description: The data connector kind ,

Enum:

{

Customizable: No description available. ,

}

Required: True ,

}

enum ,

}

]

nextLink:

{

Required: False ,

}

string ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

DataConnectorDefinitions_Get (new)

Description	: Gets a data connector definition.
Reference	: Link ¶

⚼ Request

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

dataConnectorDefinitionName:

{

Description: The data connector definition name. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{

kind:

{

Description: The data connector kind ,

Enum:

{

Customizable: No description available. ,

}

Required: True ,

}

enum ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

DataConnectorDefinitions_CreateOrUpdate (new)

Description	: Creates or updates the data connector definition.
Reference	: Link ¶

⚼ Request

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

dataConnectorDefinitionName:

{

Description: The data connector definition name. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

connectorDefinitionInput:

{

Description: The data connector definition ,

Required: True ,

}

{

kind:

{

Description: The data connector kind ,

Enum:

{

Customizable: No description available. ,

}

Required: True ,

}

enum ,

}

⚐ Response (200)

{

kind:

{

Description: The data connector kind ,

Enum:

{

Customizable: No description available. ,

}

Required: True ,

}

enum ,

}

⚐ Response (201)

{

kind:

{

Description: The data connector kind ,

Enum:

{

Customizable: No description available. ,

}

Required: True ,

}

enum ,

}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}

DataConnectorDefinitions_Delete (new)

Description	: Delete the data connector definition.
Reference	: Link ¶

⚼ Request

{

subscriptionId:

{

Description: The ID of the target subscription. The value must be an UUID. ,

Format: uuid ,

Required: True ,

}

string ,

resourceGroupName:

{

Description: The name of the resource group. The name is case insensitive. ,

Required: True ,

}

string ,

workspaceName:

{

Description: The name of the workspace. ,

Required: True ,

}

string ,

dataConnectorDefinitionName:

{

Description: The data connector definition name. ,

Required: True ,

}

string ,

api-version:

{

Description: The API version to use for this operation. ,

Required: True ,

}

string ,

}

⚐ Response (200)

{}

⚐ Response (204)

{}

⚐ Response (default)

{

error:

{

Description: Error data ,

Required: False ,

}

{

code:

{

Description: An identifier for the error. Codes are invariant and are intended to be consumed programmatically. ,

Required: False ,

}

string ,

message:

{

Description: A message describing the error, intended to be suitable for display in a user interface. ,

Required: False ,

}

string ,

}