Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5vcGVyYXRpb25hbGluc2lnaHRzL3dvcmtzcGFjZXMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5zZWN1cml0eWluc2lnaHRzL2Jvb2ttYXJrcy97fS9leHBhbmQ=/2022-06-01-preview.xml

<?xml version='1.0' encoding='utf-8'?> <CodeGen plane="mgmt-plane"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/bookmarks/{}/expand" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvYm9va21hcmtzL3tib29rbWFya0lkfS9leHBhbmQ=/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <commandGroup name="sentinel bookmark"> <command name="expand" version="2022-06-01-preview"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/bookmarks/{}/expand" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvYm9va21hcmtzL3tib29rbWFya0lkfS9leHBhbmQ=/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <argGroup name=""> <arg type="string" var="$Path.bookmarkId" options="bookmark-id name n" required="True" stage="Experimental"> <help short="ID of bookmark."/> </arg> <arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True"/> <arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True"/> <arg type="string" var="$Path.workspaceName" options="workspace-name w" required="True" stage="Experimental"> <help short="The name of the workspace."/> <format maxLength="90" minLength="1"/> </arg> </argGroup> <argGroup name="Parameters"> <arg type="dateTime" var="$parameters.endTime" options="end-time" group="Parameters"> <help short="The end date filter, so the only expansion results returned are before this date."/> </arg> <arg type="uuid" var="$parameters.expansionId" options="expansion-id" group="Parameters"> <help short="The Id of the expansion to perform."/> </arg> <arg type="dateTime" var="$parameters.startTime" options="start-time" group="Parameters"> <help short="The start date filter, so the only expansion results returned are after this date."/> </arg> </argGroup> <operation operationId="Bookmark_Expand"> <http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/expand"> <request method="post"> <path> <param type="string" name="bookmarkId" arg="$Path.bookmarkId" required="True"/> <param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True"> <format maxLength="90" minLength="1"/> </param> <param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"> <format minLength="1"/> </param> <param type="string" name="workspaceName" arg="$Path.workspaceName" required="True"> <format maxLength="90" minLength="1"/> </param> </path> <query> <const readOnly="True" const="True" type="string" name="api-version" required="True"> <default value=""2022-06-01-preview""/> <format minLength="1"/> </const> </query> <body> <json> <schema type="object" name="parameters" required="True" clientFlatten="True"> <prop type="dateTime" name="endTime" arg="$parameters.endTime"/> <prop type="uuid" name="expansionId" arg="$parameters.expansionId"/> <prop type="dateTime" name="startTime" arg="$parameters.startTime"/> </schema> </json> </body> </request> <response statusCode="200"> <body> <json var="$Instance"> <schema type="object"> <prop type="object" name="metaData"> <prop type="array<object>" name="aggregations"> <item type="object"> <prop type="string" name="aggregationType"/> <prop type="integer32" name="count" required="True"/> <prop type="string" name="displayName"/> <prop type="string" name="entityKind" required="True"> <enum> <item value=""Account""/> <item value=""AzureResource""/> <item value=""Bookmark""/> <item value=""CloudApplication""/> <item value=""DnsResolution""/> <item value=""File""/> <item value=""FileHash""/> <item value=""Host""/> <item value=""IoTDevice""/> <item value=""Ip""/> <item value=""MailCluster""/> <item value=""MailMessage""/> <item value=""Mailbox""/> <item value=""Malware""/> <item value=""Process""/> <item value=""RegistryKey""/> <item value=""RegistryValue""/> <item value=""SecurityAlert""/> <item value=""SecurityGroup""/> <item value=""SubmissionMail""/> <item value=""Url""/> </enum> </prop> </item> </prop> </prop> <prop type="object" name="value"> <prop type="array<object>" name="edges"> <item type="object"> <prop type="string" name="targetEntityId"/> </item> </prop> <prop type="array<object>" name="entities"> <item type="object"> <prop readOnly="True" type="ResourceId" name="id"> <format template="/subscriptions/{}/resourceGroups/{}/providers/Microsoft.OperationalInsights/workspaces/{}/providers/Microsoft.SecurityInsights/entities/{}"/> </prop> <prop type="string" name="kind" required="True"> <enum> <item value=""Account""/> <item value=""AzureResource""/> <item value=""Bookmark""/> <item value=""CloudApplication""/> <item value=""DnsResolution""/> <item value=""File""/> <item value=""FileHash""/> <item value=""Host""/> <item value=""IoTDevice""/> <item value=""Ip""/> <item value=""MailCluster""/> <item value=""MailMessage""/> <item value=""Mailbox""/> <item value=""Malware""/> <item value=""Process""/> <item value=""RegistryKey""/> <item value=""RegistryValue""/> <item value=""SecurityAlert""/> <item value=""SecurityGroup""/> <item value=""SubmissionMail""/> <item value=""Url""/> </enum> </prop> <prop readOnly="True" type="string" name="name"/> <prop readOnly="True" type="object" name="systemData"> <prop readOnly="True" type="dateTime" name="createdAt"/> <prop readOnly="True" type="string" name="createdBy"/> <prop readOnly="True" type="string" name="createdByType"> <enum> <item value=""Application""/> <item value=""Key""/> <item value=""ManagedIdentity""/> <item value=""User""/> </enum> </prop> <prop readOnly="True" type="dateTime" name="lastModifiedAt"/> <prop readOnly="True" type="string" name="lastModifiedBy"/> <prop readOnly="True" type="string" name="lastModifiedByType"> <enum> <item value=""Application""/> <item value=""Key""/> <item value=""ManagedIdentity""/> <item value=""User""/> </enum> </prop> </prop> <prop readOnly="True" type="string" name="type"/> <discriminator property="kind" value="Account"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="string" name="aadTenantId"/> <prop readOnly="True" type="string" name="aadUserId"/> <prop readOnly="True" type="string" name="accountName"/> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop readOnly="True" type="string" name="displayName"/> <prop readOnly="True" type="string" name="dnsDomain"/> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="string" name="hostEntityId"/> <prop readOnly="True" type="boolean" name="isDomainJoined"/> <prop readOnly="True" type="string" name="ntDomain"/> <prop readOnly="True" type="uuid" name="objectGuid"/> <prop readOnly="True" type="string" name="puid"/> <prop readOnly="True" type="string" name="sid"/> <prop readOnly="True" type="string" name="upnSuffix"/> </prop> </discriminator> <discriminator property="kind" value="AzureResource"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="string" name="resourceId"/> <prop readOnly="True" type="string" name="subscriptionId"/> </prop> </discriminator> <discriminator property="kind" value="Bookmark"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop type="dateTime" name="created"/> <prop type="object" name="createdBy" cls="UserInfo_read"> <prop readOnly="True" type="string" name="email"/> <prop readOnly="True" type="string" name="name"/> <prop nullable="True" type="uuid" name="objectId"/> </prop> <prop type="string" name="displayName" required="True"/> <prop type="dateTime" name="eventTime"/> <prop readOnly="True" type="string" name="friendlyName"/> <prop type="object" name="incidentInfo"> <prop type="string" name="incidentId"/> <prop type="string" name="relationName"/> <prop type="string" name="severity"> <enum> <item value=""High""/> <item value=""Informational""/> <item value=""Low""/> <item value=""Medium""/> </enum> </prop> <prop type="string" name="title"/> </prop> <prop type="array<string>" name="labels"> <item type="string"/> </prop> <prop type="string" name="notes"/> <prop type="string" name="query" required="True"/> <prop type="string" name="queryResult"/> <prop type="dateTime" name="updated"/> <prop type="@UserInfo_read" name="updatedBy"/> </prop> </discriminator> <discriminator property="kind" value="CloudApplication"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop readOnly="True" type="integer32" name="appId"/> <prop readOnly="True" type="string" name="appName"/> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="string" name="instanceName"/> </prop> </discriminator> <discriminator property="kind" value="DnsResolution"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop readOnly="True" type="string" name="dnsServerIpEntityId"/> <prop readOnly="True" type="string" name="domainName"/> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="string" name="hostIpAddressEntityId"/> <prop readOnly="True" type="array<string>" name="ipAddressEntityIds"> <item readOnly="True" type="string"/> </prop> </prop> </discriminator> <discriminator property="kind" value="File"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop readOnly="True" type="string" name="directory"/> <prop readOnly="True" type="array<string>" name="fileHashEntityIds"> <item readOnly="True" type="string"/> </prop> <prop readOnly="True" type="string" name="fileName"/> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="string" name="hostEntityId"/> </prop> </discriminator> <discriminator property="kind" value="FileHash"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop readOnly="True" type="string" name="algorithm"> <enum> <item value=""MD5""/> <item value=""SHA1""/> <item value=""SHA256""/> <item value=""SHA256AC""/> <item value=""Unknown""/> </enum> </prop> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="string" name="hashValue"/> </prop> </discriminator> <discriminator property="kind" value="Host"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop readOnly="True" type="string" name="azureID"/> <prop readOnly="True" type="string" name="dnsDomain"/> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="string" name="hostName"/> <prop readOnly="True" type="boolean" name="isDomainJoined"/> <prop readOnly="True" type="string" name="netBiosName"/> <prop readOnly="True" type="string" name="ntDomain"/> <prop readOnly="True" type="string" name="omsAgentID"/> <prop type="string" name="osFamily"> <enum> <item value=""Android""/> <item value=""IOS""/> <item value=""Linux""/> <item value=""Unknown""/> <item value=""Windows""/> </enum> </prop> <prop readOnly="True" type="string" name="osVersion"/> </prop> </discriminator> <discriminator property="kind" value="IoTDevice"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop readOnly="True" type="string" name="deviceId"/> <prop readOnly="True" type="string" name="deviceName"/> <prop readOnly="True" type="string" name="deviceType"/> <prop readOnly="True" type="string" name="edgeId"/> <prop readOnly="True" type="string" name="firmwareVersion"/> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="string" name="hostEntityId"/> <prop readOnly="True" type="string" name="iotHubEntityId"/> <prop readOnly="True" type="uuid" name="iotSecurityAgentId"/> <prop readOnly="True" type="string" name="ipAddressEntityId"/> <prop readOnly="True" type="string" name="macAddress"/> <prop readOnly="True" type="string" name="model"/> <prop readOnly="True" type="string" name="operatingSystem"/> <prop readOnly="True" type="array<string>" name="protocols"> <item readOnly="True" type="string"/> </prop> <prop readOnly="True" type="string" name="serialNumber"/> <prop readOnly="True" type="string" name="source"/> <prop readOnly="True" type="array<object>" name="threatIntelligence"> <item readOnly="True" type="object" cls="ThreatIntelligence_read"> <prop readOnly="True" type="float64" name="confidence"/> <prop readOnly="True" type="string" name="providerName"/> <prop readOnly="True" type="string" name="reportLink"/> <prop readOnly="True" type="string" name="threatDescription"/> <prop readOnly="True" type="string" name="threatName"/> <prop readOnly="True" type="string" name="threatType"/> </item> </prop> <prop readOnly="True" type="string" name="vendor"/> </prop> </discriminator> <discriminator property="kind" value="Ip"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop readOnly="True" type="string" name="address"/> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="object" name="location"> <prop readOnly="True" type="integer32" name="asn"/> <prop readOnly="True" type="string" name="city"/> <prop readOnly="True" type="string" name="countryCode"/> <prop readOnly="True" type="string" name="countryName"/> <prop readOnly="True" type="float64" name="latitude"/> <prop readOnly="True" type="float64" name="longitude"/> <prop readOnly="True" type="string" name="state"/> </prop> <prop readOnly="True" type="array<@ThreatIntelligence_read>" name="threatIntelligence"> <item readOnly="True" type="@ThreatIntelligence_read"/> </prop> </prop> </discriminator> <discriminator property="kind" value="MailCluster"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop readOnly="True" type="string" name="clusterGroup"/> <prop readOnly="True" type="dateTime" name="clusterQueryEndTime"/> <prop readOnly="True" type="dateTime" name="clusterQueryStartTime"/> <prop readOnly="True" type="string" name="clusterSourceIdentifier"/> <prop readOnly="True" type="string" name="clusterSourceType"/> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="boolean" name="isVolumeAnomaly"/> <prop readOnly="True" type="integer32" name="mailCount"/> <prop readOnly="True" type="array<string>" name="networkMessageIds"> <item readOnly="True" type="string"/> </prop> <prop readOnly="True" type="string" name="query"/> <prop readOnly="True" type="dateTime" name="queryTime"/> <prop readOnly="True" type="string" name="source"/> <prop readOnly="True" type="array<string>" name="threats"> <item readOnly="True" type="string"/> </prop> </prop> </discriminator> <discriminator property="kind" value="MailMessage"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop type="string" name="antispamDirection"> <enum> <item value=""Inbound""/> <item value=""Intraorg""/> <item value=""Outbound""/> <item value=""Unknown""/> </enum> </prop> <prop type="integer32" name="bodyFingerprintBin1"/> <prop type="integer32" name="bodyFingerprintBin2"/> <prop type="integer32" name="bodyFingerprintBin3"/> <prop type="integer32" name="bodyFingerprintBin4"/> <prop type="integer32" name="bodyFingerprintBin5"/> <prop type="string" name="deliveryAction"> <enum> <item value=""Blocked""/> <item value=""Delivered""/> <item value=""DeliveredAsSpam""/> <item value=""Replaced""/> <item value=""Unknown""/> </enum> </prop> <prop type="string" name="deliveryLocation"> <enum> <item value=""DeletedFolder""/> <item value=""Dropped""/> <item value=""External""/> <item value=""Failed""/> <item value=""Forwarded""/> <item value=""Inbox""/> <item value=""JunkFolder""/> <item value=""Quarantine""/> <item value=""Unknown""/> </enum> </prop> <prop readOnly="True" type="array<string>" name="fileEntityIds"> <item readOnly="True" type="string"/> </prop> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="string" name="internetMessageId"/> <prop readOnly="True" type="string" name="language"/> <prop readOnly="True" type="uuid" name="networkMessageId"/> <prop readOnly="True" type="string" name="p1Sender"/> <prop readOnly="True" type="string" name="p1SenderDisplayName"/> <prop readOnly="True" type="string" name="p1SenderDomain"/> <prop readOnly="True" type="string" name="p2Sender"/> <prop readOnly="True" type="string" name="p2SenderDisplayName"/> <prop readOnly="True" type="string" name="p2SenderDomain"/> <prop readOnly="True" type="dateTime" name="receiveDate"/> <prop readOnly="True" type="string" name="recipient"/> <prop readOnly="True" type="string" name="senderIP"/> <prop readOnly="True" type="string" name="subject"/> <prop readOnly="True" type="array<string>" name="threatDetectionMethods"> <item readOnly="True" type="string"/> </prop> <prop readOnly="True" type="array<string>" name="threats"> <item readOnly="True" type="string"/> </prop> <prop readOnly="True" type="array<string>" name="urls"> <item readOnly="True" type="string"/> </prop> </prop> </discriminator> <discriminator property="kind" value="Mailbox"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop readOnly="True" type="string" name="displayName"/> <prop readOnly="True" type="uuid" name="externalDirectoryObjectId"/> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="string" name="mailboxPrimaryAddress"/> <prop readOnly="True" type="string" name="upn"/> </prop> </discriminator> <discriminator property="kind" value="Malware"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop readOnly="True" type="string" name="category"/> <prop readOnly="True" type="array<string>" name="fileEntityIds"> <item readOnly="True" type="string"/> </prop> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="string" name="malwareName"/> <prop readOnly="True" type="array<string>" name="processEntityIds"> <item readOnly="True" type="string"/> </prop> </prop> </discriminator> <discriminator property="kind" value="Process"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="string" name="accountEntityId"/> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop readOnly="True" type="string" name="commandLine"/> <prop readOnly="True" type="dateTime" name="creationTimeUtc"/> <prop type="string" name="elevationToken"> <enum> <item value=""Default""/> <item value=""Full""/> <item value=""Limited""/> </enum> </prop> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="string" name="hostEntityId"/> <prop readOnly="True" type="string" name="hostLogonSessionEntityId"/> <prop readOnly="True" type="string" name="imageFileEntityId"/> <prop readOnly="True" type="string" name="parentProcessEntityId"/> <prop readOnly="True" type="string" name="processId"/> </prop> </discriminator> <discriminator property="kind" value="RegistryKey"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="string" name="hive"> <enum> <item value=""HKEY_A""/> <item value=""HKEY_CLASSES_ROOT""/> <item value=""HKEY_CURRENT_CONFIG""/> <item value=""HKEY_CURRENT_USER""/> <item value=""HKEY_CURRENT_USER_LOCAL_SETTINGS""/> <item value=""HKEY_LOCAL_MACHINE""/> <item value=""HKEY_PERFORMANCE_DATA""/> <item value=""HKEY_PERFORMANCE_NLSTEXT""/> <item value=""HKEY_PERFORMANCE_TEXT""/> <item value=""HKEY_USERS""/> </enum> </prop> <prop readOnly="True" type="string" name="key"/> </prop> </discriminator> <discriminator property="kind" value="RegistryValue"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="string" name="keyEntityId"/> <prop readOnly="True" type="string" name="valueData"/> <prop readOnly="True" type="string" name="valueName"/> <prop readOnly="True" type="string" name="valueType"> <enum> <item value=""Binary""/> <item value=""DWord""/> <item value=""ExpandString""/> <item value=""MultiString""/> <item value=""None""/> <item value=""QWord""/> <item value=""String""/> <item value=""Unknown""/> </enum> </prop> </prop> </discriminator> <discriminator property="kind" value="SecurityAlert"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop readOnly="True" type="string" name="alertDisplayName"/> <prop readOnly="True" type="string" name="alertLink"/> <prop readOnly="True" type="string" name="alertType"/> <prop readOnly="True" type="string" name="compromisedEntity"/> <prop readOnly="True" type="string" name="confidenceLevel"> <enum> <item value=""High""/> <item value=""Low""/> <item value=""Unknown""/> </enum> </prop> <prop readOnly="True" type="array<object>" name="confidenceReasons"> <item readOnly="True" type="object"> <prop readOnly="True" type="string" name="reason"/> <prop readOnly="True" type="string" name="reasonType"/> </item> </prop> <prop readOnly="True" type="float64" name="confidenceScore"/> <prop readOnly="True" type="string" name="confidenceScoreStatus"> <enum> <item value=""Final""/> <item value=""InProcess""/> <item value=""NotApplicable""/> <item value=""NotFinal""/> </enum> </prop> <prop readOnly="True" type="string" name="description"/> <prop readOnly="True" type="dateTime" name="endTimeUtc"/> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="string" name="intent"> <enum> <item value=""Collection""/> <item value=""CommandAndControl""/> <item value=""CredentialAccess""/> <item value=""DefenseEvasion""/> <item value=""Discovery""/> <item value=""Execution""/> <item value=""Exfiltration""/> <item value=""Exploitation""/> <item value=""Impact""/> <item value=""LateralMovement""/> <item value=""Persistence""/> <item value=""PrivilegeEscalation""/> <item value=""Probing""/> <item value=""Unknown""/> </enum> </prop> <prop readOnly="True" type="dateTime" name="processingEndTime"/> <prop readOnly="True" type="string" name="productComponentName"/> <prop readOnly="True" type="string" name="productName"/> <prop readOnly="True" type="string" name="productVersion"/> <prop readOnly="True" type="string" name="providerAlertId"/> <prop readOnly="True" type="array<string>" name="remediationSteps"> <item readOnly="True" type="string"/> </prop> <prop type="string" name="severity"> <enum> <item value=""High""/> <item value=""Informational""/> <item value=""Low""/> <item value=""Medium""/> </enum> </prop> <prop readOnly="True" type="dateTime" name="startTimeUtc"/> <prop readOnly="True" type="string" name="status"> <enum> <item value=""Dismissed""/> <item value=""InProgress""/> <item value=""New""/> <item value=""Resolved""/> <item value=""Unknown""/> </enum> </prop> <prop readOnly="True" type="string" name="systemAlertId"/> <prop readOnly="True" type="array<string>" name="tactics"> <item readOnly="True" type="string"> <enum> <item value=""Collection""/> <item value=""CommandAndControl""/> <item value=""CredentialAccess""/> <item value=""DefenseEvasion""/> <item value=""Discovery""/> <item value=""Execution""/> <item value=""Exfiltration""/> <item value=""Impact""/> <item value=""ImpairProcessControl""/> <item value=""InhibitResponseFunction""/> <item value=""InitialAccess""/> <item value=""LateralMovement""/> <item value=""Persistence""/> <item value=""PreAttack""/> <item value=""PrivilegeEscalation""/> <item value=""Reconnaissance""/> <item value=""ResourceDevelopment""/> </enum> </item> </prop> <prop readOnly="True" type="dateTime" name="timeGenerated"/> <prop readOnly="True" type="string" name="vendorName"/> </prop> </discriminator> <discriminator property="kind" value="SecurityGroup"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop readOnly="True" type="string" name="distinguishedName"/> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="uuid" name="objectGuid"/> <prop readOnly="True" type="string" name="sid"/> </prop> </discriminator> <discriminator property="kind" value="SubmissionMail"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="uuid" name="networkMessageId"/> <prop readOnly="True" type="string" name="recipient"/> <prop readOnly="True" type="string" name="reportType"/> <prop readOnly="True" type="string" name="sender"/> <prop readOnly="True" type="string" name="senderIp"/> <prop readOnly="True" type="string" name="subject"/> <prop readOnly="True" type="dateTime" name="submissionDate"/> <prop readOnly="True" type="uuid" name="submissionId"/> <prop readOnly="True" type="string" name="submitter"/> <prop readOnly="True" type="dateTime" name="timestamp"/> </prop> </discriminator> <discriminator property="kind" value="Url"> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <additionalProp readOnly="True"/> </prop> <prop readOnly="True" type="string" name="friendlyName"/> <prop readOnly="True" type="string" name="url"/> </prop> </discriminator> </item> </prop> </prop> </schema> </json> </body> </response> <response isError="True"> <body> <json> <schema type="@ODataV4Format"/> </json> </body> </response> </http> </operation> <output type="object" ref="$Instance" clientFlatten="True"/> </command> </commandGroup> </CodeGen>

Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5vcGVyYXRpb25hbGluc2lnaHRzL3dvcmtzcGFjZXMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5zZWN1cml0eWluc2lnaHRzL2Jvb2ttYXJrcy97fS9leHBhbmQ=/2022-06-01-preview.xml (716 lines of code) (raw):