Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5vcGVyYXRpb25hbGluc2lnaHRzL3dvcmtzcGFjZXMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5zZWN1cml0eWluc2lnaHRzL2VudGl0aWVzL3t9L2dldHRpbWVsaW5l/2022-06-01-preview.xml

<?xml version='1.0' encoding='utf-8'?> <CodeGen plane="mgmt-plane"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/entities/{}/gettimeline" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvZW50aXRpZXMve2VudGl0eUlkfS9nZXRUaW1lbGluZQ==/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <commandGroup name="sentinel entity"> <command name="get-timeline" version="2022-06-01-preview"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/entities/{}/gettimeline" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvZW50aXRpZXMve2VudGl0eUlkfS9nZXRUaW1lbGluZQ==/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <argGroup name=""> <arg type="string" var="$Path.entityId" options="entity-id" required="True"> <help short="entity ID"/> </arg> <arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True"/> <arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True"/> <arg type="string" var="$Path.workspaceName" options="workspace-name w" required="True" stage="Experimental"> <help short="The name of the workspace."/> <format maxLength="90" minLength="1"/> </arg> </argGroup> <argGroup name="Parameters"> <arg type="dateTime" var="$parameters.endTime" options="end-time" required="True" group="Parameters"> <help short="The end timeline date, so the results returned are before this date."/> </arg> <arg type="array<string>" var="$parameters.kinds" options="kinds" group="Parameters"> <help short="Array of timeline Item kinds."/> <item type="string"> <enum> <item name="Activity" value=""Activity""/> <item name="Anomaly" value=""Anomaly""/> <item name="Bookmark" value=""Bookmark""/> <item name="SecurityAlert" value=""SecurityAlert""/> </enum> </item> </arg> <arg type="integer32" var="$parameters.numberOfBucket" options="number-of-bucket" group="Parameters"> <help short="The number of bucket for timeline queries aggregation."/> </arg> <arg type="dateTime" var="$parameters.startTime" options="start-time" required="True" group="Parameters"> <help short="The start timeline date, so the results returned are after this date."/> </arg> </argGroup> <operation operationId="EntitiesGetTimeline_list"> <http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getTimeline"> <request method="post"> <path> <param type="string" name="entityId" arg="$Path.entityId" required="True"/> <param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True"> <format maxLength="90" minLength="1"/> </param> <param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"> <format minLength="1"/> </param> <param type="string" name="workspaceName" arg="$Path.workspaceName" required="True"> <format maxLength="90" minLength="1"/> </param> </path> <query> <const readOnly="True" const="True" type="string" name="api-version" required="True"> <default value=""2022-06-01-preview""/> <format minLength="1"/> </const> </query> <body> <json> <schema type="object" name="parameters" required="True" clientFlatten="True"> <prop type="dateTime" name="endTime" arg="$parameters.endTime" required="True"/> <prop type="array<string>" name="kinds" arg="$parameters.kinds"> <item type="string"> <enum> <item value=""Activity""/> <item value=""Anomaly""/> <item value=""Bookmark""/> <item value=""SecurityAlert""/> </enum> </item> </prop> <prop type="integer32" name="numberOfBucket" arg="$parameters.numberOfBucket"/> <prop type="dateTime" name="startTime" arg="$parameters.startTime" required="True"/> </schema> </json> </body> </request> <response statusCode="200"> <body> <json var="$Instance"> <schema type="object"> <prop type="object" name="metaData"> <prop type="array<object>" name="aggregations" required="True"> <item type="object"> <prop type="integer32" name="count" required="True"/> <prop type="string" name="kind" required="True"> <enum> <item value=""Activity""/> <item value=""Anomaly""/> <item value=""Bookmark""/> <item value=""SecurityAlert""/> </enum> </prop> </item> </prop> <prop type="array<object>" name="errors"> <item type="object"> <prop type="string" name="errorMessage" required="True"/> <prop type="string" name="kind" required="True"> <enum> <item value=""Activity""/> <item value=""Anomaly""/> <item value=""Bookmark""/> <item value=""SecurityAlert""/> </enum> </prop> <prop type="string" name="queryId"/> </item> </prop> <prop type="integer32" name="totalCount" required="True"/> </prop> <prop type="array<object>" name="value"> <item type="object"> <prop type="string" name="kind" required="True"> <enum> <item value=""Activity""/> <item value=""Anomaly""/> <item value=""Bookmark""/> <item value=""SecurityAlert""/> </enum> </prop> <discriminator property="kind" value="Activity"> <prop type="dateTime" name="bucketEndTimeUTC" required="True"/> <prop type="dateTime" name="bucketStartTimeUTC" required="True"/> <prop type="string" name="content" required="True"/> <prop type="dateTime" name="firstActivityTimeUTC" required="True"/> <prop type="dateTime" name="lastActivityTimeUTC" required="True"/> <prop type="string" name="queryId" required="True"/> <prop type="string" name="title" required="True"/> </discriminator> <discriminator property="kind" value="Anomaly"> <prop type="string" name="azureResourceId" required="True"/> <prop type="string" name="description"/> <prop type="string" name="displayName" required="True"/> <prop type="dateTime" name="endTimeUtc" required="True"/> <prop type="string" name="intent"/> <prop type="string" name="productName"/> <prop type="array<string>" name="reasons"> <item type="string"/> </prop> <prop type="dateTime" name="startTimeUtc" required="True"/> <prop type="array<string>" name="techniques"> <item type="string"/> </prop> <prop type="dateTime" name="timeGenerated" required="True"/> <prop type="string" name="vendor"/> </discriminator> <discriminator property="kind" value="Bookmark"> <prop type="string" name="azureResourceId" required="True"/> <prop type="object" name="createdBy"> <prop readOnly="True" type="string" name="email"/> <prop readOnly="True" type="string" name="name"/> <prop nullable="True" type="uuid" name="objectId"/> </prop> <prop type="string" name="displayName"/> <prop type="dateTime" name="endTimeUtc"/> <prop type="dateTime" name="eventTime"/> <prop type="array<string>" name="labels"> <item type="string"/> </prop> <prop type="string" name="notes"/> <prop type="dateTime" name="startTimeUtc"/> </discriminator> <discriminator property="kind" value="SecurityAlert"> <prop type="string" name="alertType" required="True"/> <prop type="string" name="azureResourceId" required="True"/> <prop type="string" name="description"/> <prop type="string" name="displayName" required="True"/> <prop type="dateTime" name="endTimeUtc" required="True"/> <prop type="string" name="productName"/> <prop type="string" name="severity" required="True"> <enum> <item value=""High""/> <item value=""Informational""/> <item value=""Low""/> <item value=""Medium""/> </enum> </prop> <prop type="dateTime" name="startTimeUtc" required="True"/> <prop type="dateTime" name="timeGenerated" required="True"/> </discriminator> </item> </prop> </schema> </json> </body> </response> <response isError="True"> <body> <json> <schema type="@ODataV4Format"/> </json> </body> </response> </http> </operation> <output type="object" ref="$Instance" clientFlatten="True"/> </command> </commandGroup> </CodeGen>

Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5vcGVyYXRpb25hbGluc2lnaHRzL3dvcmtzcGFjZXMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5zZWN1cml0eWluc2lnaHRzL2VudGl0aWVzL3t9L2dldHRpbWVsaW5l/2022-06-01-preview.xml (203 lines of code) (raw):