Creating new API version for Alerts API (#17877)

* update readme

* fix 3

* remove files

* delete externalSecuritySolutions

* add assessments.json

* Fix validation errors 1

* merge

* Fix validation errors 3

* Fix validation errors 5

* Fix validation errors 5

* Fix validation errors 5

* Fix validation errors 6

* Fix validation errors 7

* Fix validation errors 8

* fix validation errors 11

* fix validation errors 11

* ix validation errors 12

* Fix validation errors 15

* run prettier

* test

* SecuritySolution test

* 2

* org

* 1

* more changes

* [Hub Generated] Review request for Microsoft.Consumption to add version stable/2021-10-01 (#16900)

* Adding The new three properties to the latest API version for RI Transactions

* Error Fixes

* Fixing Type errors

* Changing billingMonth format

* Add new api (2022-01-01) version to alerts api

* update files from origin main

* get updates from origin main

* update readme file

* update readme

* fix readme

Co-authored-by: Arik Riklin <[email protected]>
Co-authored-by: ariklin <[email protected]>
Co-authored-by: Meha Kaushik <[email protected]>
Co-authored-by: Theertharaj <[email protected]>

Author: 5 people

specification/security/resource-manager/Microsoft.Security/stable/2022-01-01/alerts.json

@@ -0,0 +1,154 @@
+{
+  "parameters": {
+    "api-version": "2022-01-01",
+    "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+    "resourceGroupName": "myRg1",
+    "ascLocation": "westeurope",
+    "alertName": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA",
+        "name": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a",
+        "type": "Microsoft.Security/Locations/alerts",
+        "properties": {
+          "version": "2022-01-01",
+          "alertType": "VM_EICAR",
+          "systemAlertId": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a",
+          "productComponentName": "testName",
+          "alertDisplayName": "Azure Security Center test alert (not a threat)",
+          "description": "This is a test alert generated by Azure Security Center. No further action is needed.",
+          "severity": "High",
+          "intent": "Execution",
+          "startTimeUtc": "2020-02-22T00:00:00.0000000Z",
+          "endTimeUtc": "2020-02-22T00:00:00.0000000Z",
+          "resourceIdentifiers": [
+            {
+              "azureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
+              "type": "AzureResource"
+            },
+            {
+              "workspaceId": "f419f624-acad-4d89-b86d-f62fa387f019",
+              "workspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+              "workspaceResourceGroup": "myRg1",
+              "agentId": "75724a01-f021-4aa8-9ec2-329792373e6e",
+              "type": "LogAnalytics"
+            }
+          ],
+          "remediationSteps": [
+            "No further action is needed."
+          ],
+          "vendorName": "Microsoft",
+          "status": "Active",
+          "extendedLinks": [
+            {
+              "Category": "threat_reports",
+              "Label": "Report: RDP Brute Forcing",
+              "Href": "https://contoso.com/reports/DisplayReport",
+              "Type": "webLink"
+            }
+          ],
+          "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope",
+          "timeGeneratedUtc": "2020-02-23T13:47:58.0000000Z",
+          "productName": "Azure Security Center",
+          "processingEndTimeUtc": "2020-02-23T13:47:58.9205584Z",
+          "entities": [
+            {
+              "address": "192.0.2.1",
+              "location": {
+                "countryCode": "gb",
+                "state": "wokingham",
+                "city": "sonning",
+                "longitude": -0.909,
+                "latitude": 51.468,
+                "asn": 6584
+              },
+              "type": "ip"
+            }
+          ],
+          "isIncident": true,
+          "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=",
+          "extendedProperties": {
+            "Property1": "Property1 information"
+          },
+          "compromisedEntity": "vm1",
+          "techniques": [
+            "T1059",
+            "T1053",
+            "T1072"
+          ],
+          "subTechniques": [
+            "T1059.001",
+            "T1059.006",
+            "T1053.002"
+          ],
+          "supportingEvidence": {
+            "supportingEvidenceList": [
+              {
+                "evidenceElements": [
+                  {
+                    "text": {
+                      "arguments": {
+                        "sensitiveEnumerationTypes": {
+                          "type": "string[]",
+                          "value": [
+                            "UseDesKey"
+                          ]
+                        },
+                        "domainName": {
+                          "type": "string",
+                          "value": "domainName"
+                        }
+                      },
+                      "localizationKey": "AATP_ALERTS_LDAP_SENSITIVE_ATTRIBUTE_RECONNAISSANCE_SECURITY_ALERT_EVIDENCE_ENUMERATION_DETAIL_A7C00BD7",
+                      "fallback": "Actor enumerated UseDesKey on domain1.test.local"
+                    },
+                    "type": "evidenceElement",
+                    "innerElements": null
+                  }
+                ],
+                "type": "nestedList"
+              },
+              {
+                "type": "tabularEvidences",
+                "title": "Investigate activity test",
+                "columns": [
+                  "Date",
+                  "Activity",
+                  "User",
+                  "TestedText",
+                  "TestedValue"
+                ],
+                "rows": [
+                  [
+                    "2022-01-17T07:03:52.034Z",
+                    "Log on",
+                    "testUser",
+                    "false",
+                    false
+                  ],
+                  [
+                    "2022-01-17T07:03:52.034Z",
+                    "Log on",
+                    "testUser2",
+                    "false",
+                    false
+                  ],
+                  [
+                    "2022-01-17T07:03:52.034Z",
+                    "Log on",
+                    "testUser3",
+                    "true",
+                    true
+                  ]
+                ]
+              }
+            ],
+            "type": "supportingEvidenceList"
+          }
+        }
+      }
+    }
+  }
+}

specification/security/resource-manager/Microsoft.Security/stable/2022-01-01/examples/Alerts/GetAlertResourceGroupLocation_example.json

@@ -0,0 +1,123 @@
+{
+  "parameters": {
+    "api-version": "2022-01-01",
+    "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+    "ascLocation": "westeurope",
+    "alertName": "2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/alerts/2518770965529163669_F144EE95-A3E5-42DA-A279-967D115809AA",
+        "name": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a",
+        "type": "Microsoft.Security/Locations/alerts",
+        "properties": {
+          "version": "2022-01-01",
+          "alertType": "VM_EICAR",
+          "systemAlertId": "2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a",
+          "productComponentName": "testName",
+          "alertDisplayName": "Azure Security Center test alert (not a threat)",
+          "description": "This is a test alert generated by Azure Security Center. No further action is needed.",
+          "severity": "High",
+          "intent": "Execution",
+          "startTimeUtc": "2020-02-22T00:00:00.0000000Z",
+          "endTimeUtc": "2020-02-22T00:00:00.0000000Z",
+          "resourceIdentifiers": [
+            {
+              "azureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
+              "type": "AzureResource"
+            },
+            {
+              "workspaceId": "f419f624-acad-4d89-b86d-f62fa387f019",
+              "workspaceSubscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+              "workspaceResourceGroup": "myRg1",
+              "agentId": "75724a01-f021-4aa8-9ec2-329792373e6e",
+              "type": "LogAnalytics"
+            }
+          ],
+          "remediationSteps": [
+            "No further action is needed."
+          ],
+          "vendorName": "Microsoft",
+          "status": "Active",
+          "extendedLinks": [
+            {
+              "Category": "threat_reports",
+              "Label": "Report: RDP Brute Forcing",
+              "Href": "https://contoso.com/reports/DisplayReport",
+              "Type": "webLink"
+            }
+          ],
+          "alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518298467986649999_4d25bfef-2d77-4a08-adc0-3e35715cc92a/subscriptionId/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroup/myRg1/referencedFrom/alertDeepLink/location/westeurope",
+          "timeGeneratedUtc": "2020-02-23T13:47:58.0000000Z",
+          "productName": "Azure Security Center",
+          "processingEndTimeUtc": "2020-02-23T13:47:58.9205584Z",
+          "entities": [
+            {
+              "address": "192.0.2.1",
+              "location": {
+                "countryCode": "gb",
+                "state": "wokingham",
+                "city": "sonning",
+                "longitude": -0.909,
+                "latitude": 51.468,
+                "asn": 6584
+              },
+              "type": "ip"
+            }
+          ],
+          "isIncident": true,
+          "correlationKey": "kso0LFWxzCll5tqrk5hmrBJ+MY1BX806W6q6+0s9Lk=",
+          "extendedProperties": {
+            "Property1": "Property1 information"
+          },
+          "compromisedEntity": "vm1",
+          "techniques": [
+            "T1059",
+            "T1053",
+            "T1072"
+          ],
+          "subTechniques": [
+            "T1059.001",
+            "T1059.006",
+            "T1053.002"
+          ],
+          "supportingEvidence": {
+            "type": "tabularEvidences",
+            "title": "Investigate activity test",
+            "columns": [
+              "Date",
+              "Activity",
+              "User",
+              "TestedText",
+              "TestedValue"
+            ],
+            "rows": [
+              [
+                "2022-01-17T07:03:52.034Z",
+                "Log on",
+                "testUser",
+                "false",
+                false
+              ],
+              [
+                "2022-01-17T07:03:52.034Z",
+                "Log on",
+                "testUser2",
+                "false",
+                false
+              ],
+              [
+                "2022-01-17T07:03:52.034Z",
+                "Log on",
+                "testUser3",
+                "true",
+                true
+              ]
+            ]
+          }
+        }
+      }
+    }
+  }
+}