Skip to content

Commit

Permalink
Add fields to Incident properties (#8593)
Browse files Browse the repository at this point in the history 
* Add fields to incident properties

* Fix example
  • Loading branch information
@ityankel
ityankel committed Apr 2, 2020
1 parent a85e519 commit 7acdc57
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 0 deletions.
18 changes: 18 additions & 0 deletions ...ource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6087,6 +6087,10 @@
]
}
},
"classificationComment": {
"description": "Describes the reason the incident was closed",
"type": "string"
},
"classificationReason": {
"description": "The classification reason the incident was closed with",
"enum": [
Expand Down Expand Up @@ -6134,6 +6138,11 @@
"format": "date-time",
"type": "string"
},
"incidentUrl": {
"description": "The deep-link url to the incident in Azure portal",
"readOnly": true,
"type": "string"
},
"incidentNumber": {
"description": "A sequential number",
"readOnly": true,
Expand Down Expand Up @@ -6162,6 +6171,15 @@
"description": "Describes a user that the incident is assigned to",
"type": "object"
},
"relatedAnalyticRuleIds": {
"description": "List of resource ids of Analytic rules related to the incident",
"items": {
"description": "Related Analytic rule resource id",
"type": "string"
},
"readOnly": true,
"type": "array"
},
"severity": {
"description": "The severity of the incident",
"enum": [
Expand Down
7 changes: 7 additions & 0 deletions ...rosoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
},
"severity": "High",
"classification": "FalsePositive",
"classificationComment": "Not a malicious activity",
"classificationReason": "IncorrectAlertLogic",
"status": "Closed"
}
Expand Down Expand Up @@ -45,10 +46,13 @@
},
"severity": "High",
"classification": "FalsePositive",
"classificationComment": "Not a malicious activity",
"classificationReason": "IncorrectAlertLogic",
"status": "Closed",
"incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"incidentNumber": 3177,
"labels": [],
"relatedAnalyticRuleIds": [],
"additionalData": {
"alertsCount": 0,
"bookmarksCount": 0,
Expand Down Expand Up @@ -80,10 +84,13 @@
},
"severity": "High",
"classification": "FalsePositive",
"classificationComment": "Not a malicious activity",
"classificationReason": "IncorrectAlertLogic",
"status": "Closed",
"incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"incidentNumber": 3177,
"labels": [],
"relatedAnalyticRuleIds": [],
"additionalData": {
"alertsCount": 0,
"bookmarksCount": 0,
Expand Down
5 changes: 5 additions & 0 deletions ...osoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidentById.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,15 @@
},
"severity": "High",
"classification": "FalsePositive",
"classificationComment": "Not a malicious activity",
"classificationReason": "InaccurateData",
"status": "Closed",
"incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"incidentNumber": 3177,
"labels": [],
"relatedAnalyticRuleIds": [
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"
],
"additionalData": {
"alertsCount": 0,
"bookmarksCount": 0,
Expand Down
6 changes: 6 additions & 0 deletions ...icrosoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidents.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,16 @@
},
"severity": "High",
"classification": "FalsePositive",
"classificationComment": "Not a malicious activity",
"classificationReason": "IncorrectAlertLogic",
"status": "Closed",
"incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"incidentNumber": 3177,
"labels": [],
"relatedAnalyticRuleIds": [
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a"
],
"additionalData": {
"alertsCount": 0,
"bookmarksCount": 0,
Expand Down

0 comments on commit 7acdc57

Please sign in to comment.