diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json
index b350e297b473..4f18d368df9a 100644
--- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json
+++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json
@@ -6087,6 +6087,10 @@
             ]
           }
         },
+        "classificationComment": {
+          "description": "Describes the reason the incident was closed",
+          "type": "string"
+        },
         "classificationReason": {
           "description": "The classification reason the incident was closed with",
           "enum": [
@@ -6134,6 +6138,11 @@
           "format": "date-time",
           "type": "string"
         },
+        "incidentUrl": {
+          "description": "The deep-link url to the incident in Azure portal",
+          "readOnly": true,
+          "type": "string"
+        },
         "incidentNumber": {
           "description": "A sequential number",
           "readOnly": true,
@@ -6162,6 +6171,15 @@
           "description": "Describes a user that the incident is assigned to",
           "type": "object"
         },
+        "relatedAnalyticRuleIds": {
+          "description": "List of resource ids of Analytic rules related to the incident",
+          "items": {
+            "description": "Related Analytic rule resource id",
+            "type": "string"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
         "severity": {
           "description": "The severity of the incident",
           "enum": [
diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json
index 04bd0eff45d4..1082cb4fa706 100644
--- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json
+++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json
@@ -18,6 +18,7 @@
         },
         "severity": "High",
         "classification": "FalsePositive",
+        "classificationComment": "Not a malicious activity",
         "classificationReason": "IncorrectAlertLogic",
         "status": "Closed"
       }
@@ -45,10 +46,13 @@
           },
           "severity": "High",
           "classification": "FalsePositive",
+          "classificationComment": "Not a malicious activity",
           "classificationReason": "IncorrectAlertLogic",
           "status": "Closed",
+          "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
           "incidentNumber": 3177,
           "labels": [],
+          "relatedAnalyticRuleIds": [],
           "additionalData": {
             "alertsCount": 0,
             "bookmarksCount": 0,
@@ -80,10 +84,13 @@
           },
           "severity": "High",
           "classification": "FalsePositive",
+          "classificationComment": "Not a malicious activity",
           "classificationReason": "IncorrectAlertLogic",
           "status": "Closed",
+          "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
           "incidentNumber": 3177,
           "labels": [],
+          "relatedAnalyticRuleIds": [],
           "additionalData": {
             "alertsCount": 0,
             "bookmarksCount": 0,
diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidentById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidentById.json
index 8790d3c57762..9166c07241d9 100644
--- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidentById.json
+++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidentById.json
@@ -29,10 +29,15 @@
           },
           "severity": "High",
           "classification": "FalsePositive",
+          "classificationComment": "Not a malicious activity",
           "classificationReason": "InaccurateData",
           "status": "Closed",
+          "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
           "incidentNumber": 3177,
           "labels": [],
+          "relatedAnalyticRuleIds": [
+            "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"
+          ],
           "additionalData": {
             "alertsCount": 0,
             "bookmarksCount": 0,
diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidents.json
index 7c2900fd13d0..85e34cc818ae 100644
--- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidents.json
+++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidents.json
@@ -32,10 +32,16 @@
               },
               "severity": "High",
               "classification": "FalsePositive",
+              "classificationComment": "Not a malicious activity",
               "classificationReason": "IncorrectAlertLogic",
               "status": "Closed",
+              "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
               "incidentNumber": 3177,
               "labels": [],
+              "relatedAnalyticRuleIds": [
+                "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
+                "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a"
+              ],
               "additionalData": {
                 "alertsCount": 0,
                 "bookmarksCount": 0,