Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5vcGVyYXRpb25hbGluc2lnaHRzL3dvcmtzcGFjZXMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5zZWN1cml0eWluc2lnaHRzL2F1dG9tYXRpb25ydWxlcw==/2022-06-01-preview.xml

<?xml version='1.0' encoding='utf-8'?> <CodeGen plane="mgmt-plane"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/automationrules" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvYXV0b21hdGlvblJ1bGVz/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <commandGroup name="sentinel automation-rule"> <command name="list" version="2022-06-01-preview"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/automationrules" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvYXV0b21hdGlvblJ1bGVz/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <argGroup name=""> <arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True"/> <arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True"/> <arg type="string" var="$Path.workspaceName" options="workspace-name w" required="True" stage="Experimental"> <help short="The name of the workspace."/> <format maxLength="90" minLength="1"/> </arg> </argGroup> <operation operationId="AutomationRules_List"> <http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules"> <request method="get"> <path> <param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True"> <format maxLength="90" minLength="1"/> </param> <param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"> <format minLength="1"/> </param> <param type="string" name="workspaceName" arg="$Path.workspaceName" required="True"> <format maxLength="90" minLength="1"/> </param> </path> <query> <const readOnly="True" const="True" type="string" name="api-version" required="True"> <default value=""2022-06-01-preview""/> <format minLength="1"/> </const> </query> </request> <response statusCode="200"> <body> <json var="$Instance"> <schema type="object"> <prop type="string" name="nextLink"/> <prop type="array<object>" name="value"> <item type="object"> <prop type="string" name="etag"/> <prop readOnly="True" type="ResourceId" name="id"> <format template="/subscriptions/{}/resourceGroups/{}/providers/Microsoft.OperationalInsights/workspaces/{}/providers/Microsoft.SecurityInsights/automationRules/{}"/> </prop> <prop readOnly="True" type="string" name="name"/> <prop type="object" name="properties" required="True" clientFlatten="True"> <prop type="array<object>" name="actions" required="True"> <item type="object"> <prop type="string" name="actionType" required="True"> <enum> <item value=""ModifyProperties""/> <item value=""RunPlaybook""/> </enum> </prop> <prop type="integer32" name="order" required="True"/> <discriminator property="actionType" value="ModifyProperties"> <prop type="object" name="actionConfiguration"> <prop type="string" name="classification"> <enum> <item value=""BenignPositive""/> <item value=""FalsePositive""/> <item value=""TruePositive""/> <item value=""Undetermined""/> </enum> </prop> <prop type="string" name="classificationComment"/> <prop type="string" name="classificationReason"> <enum> <item value=""InaccurateData""/> <item value=""IncorrectAlertLogic""/> <item value=""SuspiciousActivity""/> <item value=""SuspiciousButExpected""/> </enum> </prop> <prop type="array<object>" name="labels"> <item type="object"> <prop type="string" name="labelName" required="True"/> <prop readOnly="True" type="string" name="labelType"> <enum> <item value=""AutoAssigned""/> <item value=""User""/> </enum> </prop> </item> </prop> <prop type="object" name="owner"> <prop type="string" name="assignedTo"/> <prop type="string" name="email"/> <prop type="uuid" name="objectId"/> <prop type="string" name="ownerType"> <enum> <item value=""Group""/> <item value=""Unknown""/> <item value=""User""/> </enum> </prop> <prop type="string" name="userPrincipalName"/> </prop> <prop type="string" name="severity"> <enum> <item value=""High""/> <item value=""Informational""/> <item value=""Low""/> <item value=""Medium""/> </enum> </prop> <prop type="string" name="status"> <enum> <item value=""Active""/> <item value=""Closed""/> <item value=""New""/> </enum> </prop> </prop> </discriminator> <discriminator property="actionType" value="RunPlaybook"> <prop type="object" name="actionConfiguration"> <prop type="string" name="logicAppResourceId"/> <prop type="uuid" name="tenantId"/> </prop> </discriminator> </item> </prop> <prop readOnly="True" type="@ClientInfo_read" name="createdBy"/> <prop readOnly="True" type="dateTime" name="createdTimeUtc"/> <prop type="string" name="displayName" required="True"> <format maxLength="500"/> </prop> <prop readOnly="True" type="object" name="lastModifiedBy" cls="ClientInfo_read"> <prop readOnly="True" type="string" name="email"/> <prop readOnly="True" type="string" name="name"/> <prop readOnly="True" type="uuid" name="objectId"/> <prop readOnly="True" type="string" name="userPrincipalName"/> </prop> <prop readOnly="True" type="dateTime" name="lastModifiedTimeUtc"/> <prop type="integer32" name="order" required="True"> <format maximum="1000" minimum="1"/> </prop> <prop type="object" name="triggeringLogic" required="True"> <prop type="array<object>" name="conditions"> <item type="object"> <prop type="string" name="conditionType" required="True"> <enum> <item value=""Property""/> <item value=""PropertyArrayChanged""/> <item value=""PropertyChanged""/> </enum> </prop> <discriminator property="conditionType" value="Property"> <prop type="object" name="conditionProperties"> <prop type="string" name="operator"> <enum> <item value=""Contains""/> <item value=""EndsWith""/> <item value=""Equals""/> <item value=""NotContains""/> <item value=""NotEndsWith""/> <item value=""NotEquals""/> <item value=""NotStartsWith""/> <item value=""StartsWith""/> </enum> </prop> <prop type="string" name="propertyName"> <enum> <item value=""AccountAadTenantId""/> <item value=""AccountAadUserId""/> <item value=""AccountNTDomain""/> <item value=""AccountName""/> <item value=""AccountObjectGuid""/> <item value=""AccountPUID""/> <item value=""AccountSid""/> <item value=""AccountUPNSuffix""/> <item value=""AlertProductNames""/> <item value=""AzureResourceResourceId""/> <item value=""AzureResourceSubscriptionId""/> <item value=""CloudApplicationAppId""/> <item value=""CloudApplicationAppName""/> <item value=""DNSDomainName""/> <item value=""FileDirectory""/> <item value=""FileHashValue""/> <item value=""FileName""/> <item value=""HostAzureID""/> <item value=""HostNTDomain""/> <item value=""HostName""/> <item value=""HostNetBiosName""/> <item value=""HostOSVersion""/> <item value=""IPAddress""/> <item value=""IncidentDescription""/> <item value=""IncidentLabel""/> <item value=""IncidentProviderName""/> <item value=""IncidentRelatedAnalyticRuleIds""/> <item value=""IncidentSeverity""/> <item value=""IncidentStatus""/> <item value=""IncidentTactics""/> <item value=""IncidentTitle""/> <item value=""IoTDeviceId""/> <item value=""IoTDeviceModel""/> <item value=""IoTDeviceName""/> <item value=""IoTDeviceOperatingSystem""/> <item value=""IoTDeviceType""/> <item value=""IoTDeviceVendor""/> <item value=""MailMessageDeliveryAction""/> <item value=""MailMessageDeliveryLocation""/> <item value=""MailMessageP1Sender""/> <item value=""MailMessageP2Sender""/> <item value=""MailMessageRecipient""/> <item value=""MailMessageSenderIP""/> <item value=""MailMessageSubject""/> <item value=""MailboxDisplayName""/> <item value=""MailboxPrimaryAddress""/> <item value=""MailboxUPN""/> <item value=""MalwareCategory""/> <item value=""MalwareName""/> <item value=""ProcessCommandLine""/> <item value=""ProcessId""/> <item value=""RegistryKey""/> <item value=""RegistryValueData""/> <item value=""Url""/> </enum> </prop> <prop type="array<string>" name="propertyValues"> <item type="string"/> </prop> </prop> </discriminator> <discriminator property="conditionType" value="PropertyArrayChanged"> <prop type="object" name="conditionProperties"> <prop type="string" name="arrayType"> <enum> <item value=""Alerts""/> <item value=""Comments""/> <item value=""Labels""/> <item value=""Tactics""/> </enum> </prop> <prop type="string" name="changeType"> <enum> <item value=""Added""/> </enum> </prop> </prop> </discriminator> <discriminator property="conditionType" value="PropertyChanged"> <prop type="object" name="conditionProperties"> <prop type="string" name="changeType"> <enum> <item value=""ChangedFrom""/> <item value=""ChangedTo""/> </enum> </prop> <prop type="string" name="operator"> <enum> <item value=""Contains""/> <item value=""EndsWith""/> <item value=""Equals""/> <item value=""NotContains""/> <item value=""NotEndsWith""/> <item value=""NotEquals""/> <item value=""NotStartsWith""/> <item value=""StartsWith""/> </enum> </prop> <prop type="string" name="propertyName"> <enum> <item value=""IncidentOwner""/> <item value=""IncidentSeverity""/> <item value=""IncidentStatus""/> </enum> </prop> <prop type="array<string>" name="propertyValues"> <item type="string"/> </prop> </prop> </discriminator> </item> </prop> <prop type="dateTime" name="expirationTimeUtc"/> <prop type="boolean" name="isEnabled" required="True"/> <prop type="string" name="triggersOn" required="True"> <enum> <item value=""Incidents""/> </enum> </prop> <prop type="string" name="triggersWhen" required="True"> <enum> <item value=""Created""/> <item value=""Updated""/> </enum> </prop> </prop> </prop> <prop readOnly="True" type="object" name="systemData"> <prop readOnly="True" type="dateTime" name="createdAt"/> <prop readOnly="True" type="string" name="createdBy"/> <prop readOnly="True" type="string" name="createdByType"> <enum> <item value=""Application""/> <item value=""Key""/> <item value=""ManagedIdentity""/> <item value=""User""/> </enum> </prop> <prop readOnly="True" type="dateTime" name="lastModifiedAt"/> <prop readOnly="True" type="string" name="lastModifiedBy"/> <prop readOnly="True" type="string" name="lastModifiedByType"> <enum> <item value=""Application""/> <item value=""Key""/> <item value=""ManagedIdentity""/> <item value=""User""/> </enum> </prop> </prop> <prop readOnly="True" type="string" name="type"/> </item> </prop> </schema> </json> </body> </response> <response isError="True"> <body> <json> <schema type="@ODataV4Format"/> </json> </body> </response> </http> </operation> <output type="array" ref="$Instance.value" clientFlatten="True" nextLink="$Instance.nextLink"/> </command> </commandGroup> </CodeGen>

Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5vcGVyYXRpb25hbGluc2lnaHRzL3dvcmtzcGFjZXMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5zZWN1cml0eWluc2lnaHRzL2F1dG9tYXRpb25ydWxlcw==/2022-06-01-preview.xml (335 lines of code) (raw):