Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5vcGVyYXRpb25hbGluc2lnaHRzL3dvcmtzcGFjZXMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5zZWN1cml0eWluc2lnaHRzL2Jvb2ttYXJrcy97fQ==/2022-06-01-preview.xml

<?xml version='1.0' encoding='utf-8'?> <CodeGen plane="mgmt-plane"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/bookmarks/{}" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvYm9va21hcmtzL3tib29rbWFya0lkfQ==/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <commandGroup name="sentinel bookmark"> <command name="show" version="2022-06-01-preview"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/bookmarks/{}" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvYm9va21hcmtzL3tib29rbWFya0lkfQ==/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <argGroup name=""> <arg type="string" var="$Path.bookmarkId" options="bookmark-id name n" required="True" stage="Experimental" idPart="child_name_1"> <help short="ID of bookmark."/> </arg> <arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True" idPart="resource_group"/> <arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True" idPart="subscription"/> <arg type="string" var="$Path.workspaceName" options="workspace-name w" required="True" stage="Experimental" idPart="name"> <help short="The name of the workspace."/> <format maxLength="90" minLength="1"/> </arg> </argGroup> <operation operationId="Bookmarks_Get"> <http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}"> <request method="get"> <path> <param type="string" name="bookmarkId" arg="$Path.bookmarkId" required="True"/> <param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True"> <format maxLength="90" minLength="1"/> </param> <param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"> <format minLength="1"/> </param> <param type="string" name="workspaceName" arg="$Path.workspaceName" required="True"> <format maxLength="90" minLength="1"/> </param> </path> <query> <const readOnly="True" const="True" type="string" name="api-version" required="True"> <default value=""2022-06-01-preview""/> <format minLength="1"/> </const> </query> </request> <response statusCode="200"> <body> <json var="$Instance"> <schema type="object"> <prop type="string" name="etag"/> <prop readOnly="True" type="ResourceId" name="id"> <format template="/subscriptions/{}/resourceGroups/{}/providers/Microsoft.OperationalInsights/workspaces/{}/providers/Microsoft.SecurityInsights/bookmarks/{}"/> </prop> <prop readOnly="True" type="string" name="name"/> <prop type="object" name="properties" clientFlatten="True"> <prop type="dateTime" name="created"/> <prop type="object" name="createdBy" cls="UserInfo_read"> <prop readOnly="True" type="string" name="email"/> <prop readOnly="True" type="string" name="name"/> <prop nullable="True" type="uuid" name="objectId"/> </prop> <prop type="string" name="displayName" required="True"/> <prop type="array<object>" name="entityMappings"> <item type="object"> <prop type="string" name="entityType"/> <prop type="array<object>" name="fieldMappings"> <item type="object"> <prop type="string" name="identifier"/> <prop type="string" name="value"/> </item> </prop> </item> </prop> <prop type="dateTime" name="eventTime"/> <prop type="object" name="incidentInfo"> <prop type="string" name="incidentId"/> <prop type="string" name="relationName"/> <prop type="string" name="severity"> <enum> <item value=""High""/> <item value=""Informational""/> <item value=""Low""/> <item value=""Medium""/> </enum> </prop> <prop type="string" name="title"/> </prop> <prop type="array<string>" name="labels"> <item type="string"/> </prop> <prop type="string" name="notes"/> <prop type="string" name="query" required="True"/> <prop type="dateTime" name="queryEndTime"/> <prop type="string" name="queryResult"/> <prop type="dateTime" name="queryStartTime"/> <prop type="array<string>" name="tactics"> <item type="string"> <enum> <item value=""Collection""/> <item value=""CommandAndControl""/> <item value=""CredentialAccess""/> <item value=""DefenseEvasion""/> <item value=""Discovery""/> <item value=""Execution""/> <item value=""Exfiltration""/> <item value=""Impact""/> <item value=""ImpairProcessControl""/> <item value=""InhibitResponseFunction""/> <item value=""InitialAccess""/> <item value=""LateralMovement""/> <item value=""Persistence""/> <item value=""PreAttack""/> <item value=""PrivilegeEscalation""/> <item value=""Reconnaissance""/> <item value=""ResourceDevelopment""/> </enum> </item> </prop> <prop type="array<string>" name="techniques"> <item type="string"/> </prop> <prop type="dateTime" name="updated"/> <prop type="@UserInfo_read" name="updatedBy"/> </prop> <prop readOnly="True" type="object" name="systemData"> <prop readOnly="True" type="dateTime" name="createdAt"/> <prop readOnly="True" type="string" name="createdBy"/> <prop readOnly="True" type="string" name="createdByType"> <enum> <item value=""Application""/> <item value=""Key""/> <item value=""ManagedIdentity""/> <item value=""User""/> </enum> </prop> <prop readOnly="True" type="dateTime" name="lastModifiedAt"/> <prop readOnly="True" type="string" name="lastModifiedBy"/> <prop readOnly="True" type="string" name="lastModifiedByType"> <enum> <item value=""Application""/> <item value=""Key""/> <item value=""ManagedIdentity""/> <item value=""User""/> </enum> </prop> </prop> <prop readOnly="True" type="string" name="type"/> </schema> </json> </body> </response> <response isError="True"> <body> <json> <schema type="@ODataV4Format"/> </json> </body> </response> </http> </operation> <output type="object" ref="$Instance" clientFlatten="True"/> </command> <command name="delete" version="2022-06-01-preview" confirmation="Are you sure you want to perform this operation?"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/bookmarks/{}" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvYm9va21hcmtzL3tib29rbWFya0lkfQ==/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <argGroup name=""> <arg type="string" var="$Path.bookmarkId" options="bookmark-id name n" required="True" stage="Experimental" idPart="child_name_1"> <help short="ID of bookmark."/> </arg> <arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True" idPart="resource_group"/> <arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True" idPart="subscription"/> <arg type="string" var="$Path.workspaceName" options="workspace-name w" required="True" stage="Experimental" idPart="name"> <help short="The name of the workspace."/> <format maxLength="90" minLength="1"/> </arg> </argGroup> <operation operationId="Bookmarks_Delete"> <http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}"> <request method="delete"> <path> <param type="string" name="bookmarkId" arg="$Path.bookmarkId" required="True"/> <param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True"> <format maxLength="90" minLength="1"/> </param> <param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"> <format minLength="1"/> </param> <param type="string" name="workspaceName" arg="$Path.workspaceName" required="True"> <format maxLength="90" minLength="1"/> </param> </path> <query> <const readOnly="True" const="True" type="string" name="api-version" required="True"> <default value=""2022-06-01-preview""/> <format minLength="1"/> </const> </query> </request> <response statusCode="200"/> <response statusCode="204"/> <response isError="True"> <body> <json> <schema type="@ODataV4Format"/> </json> </body> </response> </http> </operation> </command> <command name="create" version="2022-06-01-preview"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/bookmarks/{}" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvYm9va21hcmtzL3tib29rbWFya0lkfQ==/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <argGroup name=""> <arg type="string" var="$Path.bookmarkId" options="bookmark-id name n" required="True" stage="Experimental" idPart="child_name_1"> <help short="ID of bookmark."/> </arg> <arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True" idPart="resource_group"/> <arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True" idPart="subscription"/> <arg type="string" var="$Path.workspaceName" options="workspace-name w" required="True" stage="Experimental" idPart="name"> <help short="The name of the workspace."/> <format maxLength="90" minLength="1"/> </arg> </argGroup> <argGroup name="Bookmark"> <arg type="string" var="$bookmark.etag" options="etag" group="Bookmark"> <help short="Etag of the azure resource"/> </arg> </argGroup> <argGroup name="Properties"> <arg type="dateTime" var="$bookmark.properties.created" options="created" group="Properties"> <help short="The time the bookmark was created"/> </arg> <arg type="object" var="$bookmark.properties.createdBy" options="created-by" group="Properties" cls="UserInfo_create"> <help short="Describes a user that created the bookmark"/> <arg nullable="True" type="uuid" var="@UserInfo_create.objectId" options="object-id"> <help short="The object id of the user."/> </arg> </arg> <arg type="string" var="$bookmark.properties.displayName" options="display-name" group="Properties"> <help short="The display name of the bookmark"/> </arg> <arg type="array<object>" var="$bookmark.properties.entityMappings" options="entity-mappings" group="Properties"> <help short="Describes the entity mappings of the bookmark"/> <item type="object"> <arg type="string" var="$bookmark.properties.entityMappings[].entityType" options="entity-type"> <help short="The entity type"/> </arg> <arg type="array<object>" var="$bookmark.properties.entityMappings[].fieldMappings" options="field-mappings"> <help short="Array of fields mapping for that entity type"/> <item type="object"> <arg type="string" var="$bookmark.properties.entityMappings[].fieldMappings[].identifier" options="identifier"> <help short="Alert V3 identifier"/> </arg> <arg type="string" var="$bookmark.properties.entityMappings[].fieldMappings[].value" options="value"> <help short="The value of the identifier"/> </arg> </item> </arg> </item> </arg> <arg type="dateTime" var="$bookmark.properties.eventTime" options="event-time" group="Properties"> <help short="The bookmark event time"/> </arg> <arg type="object" var="$bookmark.properties.incidentInfo" options="incident-info" group="Properties"> <help short="Describes an incident that relates to bookmark"/> <arg type="string" var="$bookmark.properties.incidentInfo.incidentId" options="incident-id"> <help short="Incident Id"/> </arg> <arg type="string" var="$bookmark.properties.incidentInfo.relationName" options="relation-name"> <help short="Relation Name"/> </arg> <arg type="string" var="$bookmark.properties.incidentInfo.severity" options="severity"> <help short="The severity of the incident"/> <enum> <item name="High" value=""High""/> <item name="Informational" value=""Informational""/> <item name="Low" value=""Low""/> <item name="Medium" value=""Medium""/> </enum> </arg> <arg type="string" var="$bookmark.properties.incidentInfo.title" options="title"> <help short="The title of the incident"/> </arg> </arg> <arg type="array<string>" var="$bookmark.properties.labels" options="labels" group="Properties"> <help short="List of labels relevant to this bookmark"/> <item type="string"/> </arg> <arg type="string" var="$bookmark.properties.notes" options="notes" group="Properties"> <help short="The notes of the bookmark"/> </arg> <arg type="string" var="$bookmark.properties.query" options="query-content" stage="Experimental" group="Properties"> <help short="The query of the bookmark."/> </arg> <arg type="dateTime" var="$bookmark.properties.queryEndTime" options="query-end-time" group="Properties"> <help short="The end time for the query"/> </arg> <arg type="string" var="$bookmark.properties.queryResult" options="query-result" group="Properties"> <help short="The query result of the bookmark."/> </arg> <arg type="dateTime" var="$bookmark.properties.queryStartTime" options="query-start-time" group="Properties"> <help short="The start time for the query"/> </arg> <arg type="array<string>" var="$bookmark.properties.tactics" options="tactics" group="Properties"> <help short="A list of relevant mitre attacks"/> <item type="string"> <enum> <item name="Collection" value=""Collection""/> <item name="CommandAndControl" value=""CommandAndControl""/> <item name="CredentialAccess" value=""CredentialAccess""/> <item name="DefenseEvasion" value=""DefenseEvasion""/> <item name="Discovery" value=""Discovery""/> <item name="Execution" value=""Execution""/> <item name="Exfiltration" value=""Exfiltration""/> <item name="Impact" value=""Impact""/> <item name="ImpairProcessControl" value=""ImpairProcessControl""/> <item name="InhibitResponseFunction" value=""InhibitResponseFunction""/> <item name="InitialAccess" value=""InitialAccess""/> <item name="LateralMovement" value=""LateralMovement""/> <item name="Persistence" value=""Persistence""/> <item name="PreAttack" value=""PreAttack""/> <item name="PrivilegeEscalation" value=""PrivilegeEscalation""/> <item name="Reconnaissance" value=""Reconnaissance""/> <item name="ResourceDevelopment" value=""ResourceDevelopment""/> </enum> </item> </arg> <arg type="array<string>" var="$bookmark.properties.techniques" options="techniques" group="Properties"> <help short="A list of relevant mitre techniques"/> <item type="string"/> </arg> <arg type="dateTime" var="$bookmark.properties.updated" options="updated" group="Properties"> <help short="The last time the bookmark was updated"/> </arg> <arg type="@UserInfo_create" var="$bookmark.properties.updatedBy" options="updated-by" group="Properties"> <help short="Describes a user that updated the bookmark"/> </arg> </argGroup> <operation operationId="Bookmarks_CreateOrUpdate"> <http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}"> <request method="put"> <path> <param type="string" name="bookmarkId" arg="$Path.bookmarkId" required="True"/> <param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True"> <format maxLength="90" minLength="1"/> </param> <param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"> <format minLength="1"/> </param> <param type="string" name="workspaceName" arg="$Path.workspaceName" required="True"> <format maxLength="90" minLength="1"/> </param> </path> <query> <const readOnly="True" const="True" type="string" name="api-version" required="True"> <default value=""2022-06-01-preview""/> <format minLength="1"/> </const> </query> <body> <json> <schema type="object" name="bookmark" required="True" clientFlatten="True"> <prop type="string" name="etag" arg="$bookmark.etag"/> <prop type="object" name="properties" clientFlatten="True"> <prop type="dateTime" name="created" arg="$bookmark.properties.created"/> <prop type="object" name="createdBy" arg="$bookmark.properties.createdBy" cls="UserInfo_create"> <prop nullable="True" type="uuid" name="objectId" arg="@UserInfo_create.objectId"/> </prop> <prop type="string" name="displayName" arg="$bookmark.properties.displayName" required="True"/> <prop type="array<object>" name="entityMappings" arg="$bookmark.properties.entityMappings"> <item type="object"> <prop type="string" name="entityType" arg="$bookmark.properties.entityMappings[].entityType"/> <prop type="array<object>" name="fieldMappings" arg="$bookmark.properties.entityMappings[].fieldMappings"> <item type="object"> <prop type="string" name="identifier" arg="$bookmark.properties.entityMappings[].fieldMappings[].identifier"/> <prop type="string" name="value" arg="$bookmark.properties.entityMappings[].fieldMappings[].value"/> </item> </prop> </item> </prop> <prop type="dateTime" name="eventTime" arg="$bookmark.properties.eventTime"/> <prop type="object" name="incidentInfo" arg="$bookmark.properties.incidentInfo"> <prop type="string" name="incidentId" arg="$bookmark.properties.incidentInfo.incidentId"/> <prop type="string" name="relationName" arg="$bookmark.properties.incidentInfo.relationName"/> <prop type="string" name="severity" arg="$bookmark.properties.incidentInfo.severity"> <enum> <item value=""High""/> <item value=""Informational""/> <item value=""Low""/> <item value=""Medium""/> </enum> </prop> <prop type="string" name="title" arg="$bookmark.properties.incidentInfo.title"/> </prop> <prop type="array<string>" name="labels" arg="$bookmark.properties.labels"> <item type="string"/> </prop> <prop type="string" name="notes" arg="$bookmark.properties.notes"/> <prop type="string" name="query" arg="$bookmark.properties.query" required="True"/> <prop type="dateTime" name="queryEndTime" arg="$bookmark.properties.queryEndTime"/> <prop type="string" name="queryResult" arg="$bookmark.properties.queryResult"/> <prop type="dateTime" name="queryStartTime" arg="$bookmark.properties.queryStartTime"/> <prop type="array<string>" name="tactics" arg="$bookmark.properties.tactics"> <item type="string"> <enum> <item value=""Collection""/> <item value=""CommandAndControl""/> <item value=""CredentialAccess""/> <item value=""DefenseEvasion""/> <item value=""Discovery""/> <item value=""Execution""/> <item value=""Exfiltration""/> <item value=""Impact""/> <item value=""ImpairProcessControl""/> <item value=""InhibitResponseFunction""/> <item value=""InitialAccess""/> <item value=""LateralMovement""/> <item value=""Persistence""/> <item value=""PreAttack""/> <item value=""PrivilegeEscalation""/> <item value=""Reconnaissance""/> <item value=""ResourceDevelopment""/> </enum> </item> </prop> <prop type="array<string>" name="techniques" arg="$bookmark.properties.techniques"> <item type="string"/> </prop> <prop type="dateTime" name="updated" arg="$bookmark.properties.updated"/> <prop type="@UserInfo_create" name="updatedBy" arg="$bookmark.properties.updatedBy"/> </prop> </schema> </json> </body> </request> <response statusCode="200 201"> <body> <json var="$Instance"> <schema type="object"> <prop type="string" name="etag"/> <prop readOnly="True" type="ResourceId" name="id"> <format template="/subscriptions/{}/resourceGroups/{}/providers/Microsoft.OperationalInsights/workspaces/{}/providers/Microsoft.SecurityInsights/bookmarks/{}"/> </prop> <prop readOnly="True" type="string" name="name"/> <prop type="object" name="properties" clientFlatten="True"> <prop type="dateTime" name="created"/> <prop type="object" name="createdBy" cls="UserInfo_read"> <prop readOnly="True" type="string" name="email"/> <prop readOnly="True" type="string" name="name"/> <prop nullable="True" type="uuid" name="objectId"/> </prop> <prop type="string" name="displayName" required="True"/> <prop type="array<object>" name="entityMappings"> <item type="object"> <prop type="string" name="entityType"/> <prop type="array<object>" name="fieldMappings"> <item type="object"> <prop type="string" name="identifier"/> <prop type="string" name="value"/> </item> </prop> </item> </prop> <prop type="dateTime" name="eventTime"/> <prop type="object" name="incidentInfo"> <prop type="string" name="incidentId"/> <prop type="string" name="relationName"/> <prop type="string" name="severity"> <enum> <item value=""High""/> <item value=""Informational""/> <item value=""Low""/> <item value=""Medium""/> </enum> </prop> <prop type="string" name="title"/> </prop> <prop type="array<string>" name="labels"> <item type="string"/> </prop> <prop type="string" name="notes"/> <prop type="string" name="query" required="True"/> <prop type="dateTime" name="queryEndTime"/> <prop type="string" name="queryResult"/> <prop type="dateTime" name="queryStartTime"/> <prop type="array<string>" name="tactics"> <item type="string"> <enum> <item value=""Collection""/> <item value=""CommandAndControl""/> <item value=""CredentialAccess""/> <item value=""DefenseEvasion""/> <item value=""Discovery""/> <item value=""Execution""/> <item value=""Exfiltration""/> <item value=""Impact""/> <item value=""ImpairProcessControl""/> <item value=""InhibitResponseFunction""/> <item value=""InitialAccess""/> <item value=""LateralMovement""/> <item value=""Persistence""/> <item value=""PreAttack""/> <item value=""PrivilegeEscalation""/> <item value=""Reconnaissance""/> <item value=""ResourceDevelopment""/> </enum> </item> </prop> <prop type="array<string>" name="techniques"> <item type="string"/> </prop> <prop type="dateTime" name="updated"/> <prop type="@UserInfo_read" name="updatedBy"/> </prop> <prop readOnly="True" type="object" name="systemData"> <prop readOnly="True" type="dateTime" name="createdAt"/> <prop readOnly="True" type="string" name="createdBy"/> <prop readOnly="True" type="string" name="createdByType"> <enum> <item value=""Application""/> <item value=""Key""/> <item value=""ManagedIdentity""/> <item value=""User""/> </enum> </prop> <prop readOnly="True" type="dateTime" name="lastModifiedAt"/> <prop readOnly="True" type="string" name="lastModifiedBy"/> <prop readOnly="True" type="string" name="lastModifiedByType"> <enum> <item value=""Application""/> <item value=""Key""/> <item value=""ManagedIdentity""/> <item value=""User""/> </enum> </prop> </prop> <prop readOnly="True" type="string" name="type"/> </schema> </json> </body> </response> <response isError="True"> <body> <json> <schema type="@ODataV4Format"/> </json> </body> </response> </http> </operation> <output type="object" ref="$Instance" clientFlatten="True"/> </command> <command name="update" version="2022-06-01-preview"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/bookmarks/{}" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvYm9va21hcmtzL3tib29rbWFya0lkfQ==/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <argGroup name=""> <arg type="string" var="$Path.bookmarkId" options="bookmark-id name n" required="True" stage="Experimental" idPart="child_name_1"> <help short="ID of bookmark."/> </arg> <arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True" idPart="resource_group"/> <arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True" idPart="subscription"/> <arg type="string" var="$Path.workspaceName" options="workspace-name w" required="True" stage="Experimental" idPart="name"> <help short="The name of the workspace."/> <format maxLength="90" minLength="1"/> </arg> </argGroup> <argGroup name="Bookmark"> <arg nullable="True" type="string" var="$bookmark.etag" options="etag" group="Bookmark"> <help short="Etag of the azure resource"/> </arg> </argGroup> <argGroup name="Properties"> <arg nullable="True" type="dateTime" var="$bookmark.properties.created" options="created" group="Properties"> <help short="The time the bookmark was created"/> </arg> <arg nullable="True" type="object" var="$bookmark.properties.createdBy" options="created-by" group="Properties" cls="UserInfo_update"> <help short="Describes a user that created the bookmark"/> <arg nullable="True" type="uuid" var="@UserInfo_update.objectId" options="object-id"> <help short="The object id of the user."/> </arg> </arg> <arg type="string" var="$bookmark.properties.displayName" options="display-name" group="Properties"> <help short="The display name of the bookmark"/> </arg> <arg nullable="True" type="array<object>" var="$bookmark.properties.entityMappings" options="entity-mappings" group="Properties"> <help short="Describes the entity mappings of the bookmark"/> <item type="object"> <arg nullable="True" type="string" var="$bookmark.properties.entityMappings[].entityType" options="entity-type"> <help short="The entity type"/> </arg> <arg nullable="True" type="array<object>" var="$bookmark.properties.entityMappings[].fieldMappings" options="field-mappings"> <help short="Array of fields mapping for that entity type"/> <item type="object"> <arg nullable="True" type="string" var="$bookmark.properties.entityMappings[].fieldMappings[].identifier" options="identifier"> <help short="Alert V3 identifier"/> </arg> <arg nullable="True" type="string" var="$bookmark.properties.entityMappings[].fieldMappings[].value" options="value"> <help short="The value of the identifier"/> </arg> </item> </arg> </item> </arg> <arg nullable="True" type="dateTime" var="$bookmark.properties.eventTime" options="event-time" group="Properties"> <help short="The bookmark event time"/> </arg> <arg nullable="True" type="object" var="$bookmark.properties.incidentInfo" options="incident-info" group="Properties"> <help short="Describes an incident that relates to bookmark"/> <arg nullable="True" type="string" var="$bookmark.properties.incidentInfo.incidentId" options="incident-id"> <help short="Incident Id"/> </arg> <arg nullable="True" type="string" var="$bookmark.properties.incidentInfo.relationName" options="relation-name"> <help short="Relation Name"/> </arg> <arg nullable="True" type="string" var="$bookmark.properties.incidentInfo.severity" options="severity"> <help short="The severity of the incident"/> <enum> <item name="High" value=""High""/> <item name="Informational" value=""Informational""/> <item name="Low" value=""Low""/> <item name="Medium" value=""Medium""/> </enum> </arg> <arg nullable="True" type="string" var="$bookmark.properties.incidentInfo.title" options="title"> <help short="The title of the incident"/> </arg> </arg> <arg nullable="True" type="array<string>" var="$bookmark.properties.labels" options="labels" group="Properties"> <help short="List of labels relevant to this bookmark"/> <item type="string"/> </arg> <arg nullable="True" type="string" var="$bookmark.properties.notes" options="notes" group="Properties"> <help short="The notes of the bookmark"/> </arg> <arg type="string" var="$bookmark.properties.query" options="query-content" stage="Experimental" group="Properties"> <help short="The query of the bookmark."/> </arg> <arg nullable="True" type="dateTime" var="$bookmark.properties.queryEndTime" options="query-end-time" group="Properties"> <help short="The end time for the query"/> </arg> <arg nullable="True" type="string" var="$bookmark.properties.queryResult" options="query-result" group="Properties"> <help short="The query result of the bookmark."/> </arg> <arg nullable="True" type="dateTime" var="$bookmark.properties.queryStartTime" options="query-start-time" group="Properties"> <help short="The start time for the query"/> </arg> <arg nullable="True" type="array<string>" var="$bookmark.properties.tactics" options="tactics" group="Properties"> <help short="A list of relevant mitre attacks"/> <item type="string"> <enum> <item name="Collection" value=""Collection""/> <item name="CommandAndControl" value=""CommandAndControl""/> <item name="CredentialAccess" value=""CredentialAccess""/> <item name="DefenseEvasion" value=""DefenseEvasion""/> <item name="Discovery" value=""Discovery""/> <item name="Execution" value=""Execution""/> <item name="Exfiltration" value=""Exfiltration""/> <item name="Impact" value=""Impact""/> <item name="ImpairProcessControl" value=""ImpairProcessControl""/> <item name="InhibitResponseFunction" value=""InhibitResponseFunction""/> <item name="InitialAccess" value=""InitialAccess""/> <item name="LateralMovement" value=""LateralMovement""/> <item name="Persistence" value=""Persistence""/> <item name="PreAttack" value=""PreAttack""/> <item name="PrivilegeEscalation" value=""PrivilegeEscalation""/> <item name="Reconnaissance" value=""Reconnaissance""/> <item name="ResourceDevelopment" value=""ResourceDevelopment""/> </enum> </item> </arg> <arg nullable="True" type="array<string>" var="$bookmark.properties.techniques" options="techniques" group="Properties"> <help short="A list of relevant mitre techniques"/> <item type="string"/> </arg> <arg nullable="True" type="dateTime" var="$bookmark.properties.updated" options="updated" group="Properties"> <help short="The last time the bookmark was updated"/> </arg> <arg nullable="True" type="@UserInfo_update" var="$bookmark.properties.updatedBy" options="updated-by" group="Properties"> <help short="Describes a user that updated the bookmark"/> </arg> </argGroup> <operation operationId="Bookmarks_Get"> <http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}"> <request method="get"> <path> <param type="string" name="bookmarkId" arg="$Path.bookmarkId" required="True"/> <param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True"> <format maxLength="90" minLength="1"/> </param> <param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"> <format minLength="1"/> </param> <param type="string" name="workspaceName" arg="$Path.workspaceName" required="True"> <format maxLength="90" minLength="1"/> </param> </path> <query> <const readOnly="True" const="True" type="string" name="api-version" required="True"> <default value=""2022-06-01-preview""/> <format minLength="1"/> </const> </query> </request> <response statusCode="200"> <body> <json var="$Instance"> <schema type="object" cls="Bookmark_read"> <prop type="string" name="etag"/> <prop readOnly="True" type="ResourceId" name="id"> <format template="/subscriptions/{}/resourceGroups/{}/providers/Microsoft.OperationalInsights/workspaces/{}/providers/Microsoft.SecurityInsights/bookmarks/{}"/> </prop> <prop readOnly="True" type="string" name="name"/> <prop type="object" name="properties" clientFlatten="True"> <prop type="dateTime" name="created"/> <prop type="object" name="createdBy" cls="UserInfo_read"> <prop readOnly="True" type="string" name="email"/> <prop readOnly="True" type="string" name="name"/> <prop nullable="True" type="uuid" name="objectId"/> </prop> <prop type="string" name="displayName" required="True"/> <prop type="array<object>" name="entityMappings"> <item type="object"> <prop type="string" name="entityType"/> <prop type="array<object>" name="fieldMappings"> <item type="object"> <prop type="string" name="identifier"/> <prop type="string" name="value"/> </item> </prop> </item> </prop> <prop type="dateTime" name="eventTime"/> <prop type="object" name="incidentInfo"> <prop type="string" name="incidentId"/> <prop type="string" name="relationName"/> <prop type="string" name="severity"> <enum> <item value=""High""/> <item value=""Informational""/> <item value=""Low""/> <item value=""Medium""/> </enum> </prop> <prop type="string" name="title"/> </prop> <prop type="array<string>" name="labels"> <item type="string"/> </prop> <prop type="string" name="notes"/> <prop type="string" name="query" required="True"/> <prop type="dateTime" name="queryEndTime"/> <prop type="string" name="queryResult"/> <prop type="dateTime" name="queryStartTime"/> <prop type="array<string>" name="tactics"> <item type="string"> <enum> <item value=""Collection""/> <item value=""CommandAndControl""/> <item value=""CredentialAccess""/> <item value=""DefenseEvasion""/> <item value=""Discovery""/> <item value=""Execution""/> <item value=""Exfiltration""/> <item value=""Impact""/> <item value=""ImpairProcessControl""/> <item value=""InhibitResponseFunction""/> <item value=""InitialAccess""/> <item value=""LateralMovement""/> <item value=""Persistence""/> <item value=""PreAttack""/> <item value=""PrivilegeEscalation""/> <item value=""Reconnaissance""/> <item value=""ResourceDevelopment""/> </enum> </item> </prop> <prop type="array<string>" name="techniques"> <item type="string"/> </prop> <prop type="dateTime" name="updated"/> <prop type="@UserInfo_read" name="updatedBy"/> </prop> <prop readOnly="True" type="object" name="systemData"> <prop readOnly="True" type="dateTime" name="createdAt"/> <prop readOnly="True" type="string" name="createdBy"/> <prop readOnly="True" type="string" name="createdByType"> <enum> <item value=""Application""/> <item value=""Key""/> <item value=""ManagedIdentity""/> <item value=""User""/> </enum> </prop> <prop readOnly="True" type="dateTime" name="lastModifiedAt"/> <prop readOnly="True" type="string" name="lastModifiedBy"/> <prop readOnly="True" type="string" name="lastModifiedByType"> <enum> <item value=""Application""/> <item value=""Key""/> <item value=""ManagedIdentity""/> <item value=""User""/> </enum> </prop> </prop> <prop readOnly="True" type="string" name="type"/> </schema> </json> </body> </response> <response isError="True"> <body> <json> <schema type="@ODataV4Format"/> </json> </body> </response> </http> </operation> <operation> <instanceUpdate instance="$Instance"> <json> <schema type="object" name="bookmark" required="True" clientFlatten="True"> <prop type="string" name="etag" arg="$bookmark.etag"/> <prop type="object" name="properties" clientFlatten="True"> <prop type="dateTime" name="created" arg="$bookmark.properties.created"/> <prop type="object" name="createdBy" arg="$bookmark.properties.createdBy" cls="UserInfo_update"> <prop nullable="True" type="uuid" name="objectId" arg="@UserInfo_update.objectId"/> </prop> <prop type="string" name="displayName" arg="$bookmark.properties.displayName" required="True"/> <prop type="array<object>" name="entityMappings" arg="$bookmark.properties.entityMappings"> <item type="object"> <prop type="string" name="entityType" arg="$bookmark.properties.entityMappings[].entityType"/> <prop type="array<object>" name="fieldMappings" arg="$bookmark.properties.entityMappings[].fieldMappings"> <item type="object"> <prop type="string" name="identifier" arg="$bookmark.properties.entityMappings[].fieldMappings[].identifier"/> <prop type="string" name="value" arg="$bookmark.properties.entityMappings[].fieldMappings[].value"/> </item> </prop> </item> </prop> <prop type="dateTime" name="eventTime" arg="$bookmark.properties.eventTime"/> <prop type="object" name="incidentInfo" arg="$bookmark.properties.incidentInfo"> <prop type="string" name="incidentId" arg="$bookmark.properties.incidentInfo.incidentId"/> <prop type="string" name="relationName" arg="$bookmark.properties.incidentInfo.relationName"/> <prop type="string" name="severity" arg="$bookmark.properties.incidentInfo.severity"> <enum> <item value=""High""/> <item value=""Informational""/> <item value=""Low""/> <item value=""Medium""/> </enum> </prop> <prop type="string" name="title" arg="$bookmark.properties.incidentInfo.title"/> </prop> <prop type="array<string>" name="labels" arg="$bookmark.properties.labels"> <item type="string"/> </prop> <prop type="string" name="notes" arg="$bookmark.properties.notes"/> <prop type="string" name="query" arg="$bookmark.properties.query" required="True"/> <prop type="dateTime" name="queryEndTime" arg="$bookmark.properties.queryEndTime"/> <prop type="string" name="queryResult" arg="$bookmark.properties.queryResult"/> <prop type="dateTime" name="queryStartTime" arg="$bookmark.properties.queryStartTime"/> <prop type="array<string>" name="tactics" arg="$bookmark.properties.tactics"> <item type="string"> <enum> <item value=""Collection""/> <item value=""CommandAndControl""/> <item value=""CredentialAccess""/> <item value=""DefenseEvasion""/> <item value=""Discovery""/> <item value=""Execution""/> <item value=""Exfiltration""/> <item value=""Impact""/> <item value=""ImpairProcessControl""/> <item value=""InhibitResponseFunction""/> <item value=""InitialAccess""/> <item value=""LateralMovement""/> <item value=""Persistence""/> <item value=""PreAttack""/> <item value=""PrivilegeEscalation""/> <item value=""Reconnaissance""/> <item value=""ResourceDevelopment""/> </enum> </item> </prop> <prop type="array<string>" name="techniques" arg="$bookmark.properties.techniques"> <item type="string"/> </prop> <prop type="dateTime" name="updated" arg="$bookmark.properties.updated"/> <prop type="@UserInfo_update" name="updatedBy" arg="$bookmark.properties.updatedBy"/> </prop> </schema> </json> </instanceUpdate> </operation> <operation operationId="Bookmarks_CreateOrUpdate"> <http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}"> <request method="put"> <path> <param type="string" name="bookmarkId" arg="$Path.bookmarkId" required="True"/> <param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True"> <format maxLength="90" minLength="1"/> </param> <param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"> <format minLength="1"/> </param> <param type="string" name="workspaceName" arg="$Path.workspaceName" required="True"> <format maxLength="90" minLength="1"/> </param> </path> <query> <const readOnly="True" const="True" type="string" name="api-version" required="True"> <default value=""2022-06-01-preview""/> <format minLength="1"/> </const> </query> <body> <json ref="$Instance"/> </body> </request> <response statusCode="200 201"> <body> <json var="$Instance"> <schema type="@Bookmark_read"/> </json> </body> </response> <response isError="True"> <body> <json> <schema type="@ODataV4Format"/> </json> </body> </response> </http> </operation> <output type="object" ref="$Instance" clientFlatten="True"/> </command> </commandGroup> </CodeGen>

Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5vcGVyYXRpb25hbGluc2lnaHRzL3dvcmtzcGFjZXMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5zZWN1cml0eWluc2lnaHRzL2Jvb2ttYXJrcy97fQ==/2022-06-01-preview.xml (932 lines of code) (raw):