Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5vcGVyYXRpb25hbGluc2lnaHRzL3dvcmtzcGFjZXMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5zZWN1cml0eWluc2lnaHRzL2luY2lkZW50cw==/2022-06-01-preview.xml (218 lines of code) (raw):
<?xml version='1.0' encoding='utf-8'?>
<CodeGen plane="mgmt-plane">
<resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/incidents" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvaW5jaWRlbnRz/V/MjAyMi0wNi0wMS1wcmV2aWV3"/>
<commandGroup name="sentinel incident">
<command name="list" version="2022-06-01-preview">
<resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/incidents" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvaW5jaWRlbnRz/V/MjAyMi0wNi0wMS1wcmV2aWV3"/>
<argGroup name="">
<arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True"/>
<arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True"/>
<arg type="string" var="$Path.workspaceName" options="workspace-name w" required="True" stage="Experimental">
<help short="The name of the workspace."/>
<format maxLength="90" minLength="1"/>
</arg>
<arg type="string" var="$Query.filter" options="filter">
<help short="Filters the results, based on a Boolean condition. Optional."/>
</arg>
<arg type="string" var="$Query.orderby" options="orderby">
<help short="Sorts the results. Optional."/>
</arg>
<arg type="string" var="$Query.skipToken" options="skip-token">
<help short="Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional."/>
</arg>
<arg type="integer32" var="$Query.top" options="top">
<help short="Returns only the first n results. Optional."/>
</arg>
</argGroup>
<operation operationId="Incidents_List">
<http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents">
<request method="get">
<path>
<param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True">
<format maxLength="90" minLength="1"/>
</param>
<param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True">
<format minLength="1"/>
</param>
<param type="string" name="workspaceName" arg="$Path.workspaceName" required="True">
<format maxLength="90" minLength="1"/>
</param>
</path>
<query>
<param type="string" name="$filter" arg="$Query.filter"/>
<param type="string" name="$orderby" arg="$Query.orderby"/>
<param type="string" name="$skipToken" arg="$Query.skipToken"/>
<param type="integer32" name="$top" arg="$Query.top"/>
<const readOnly="True" const="True" type="string" name="api-version" required="True">
<default value=""2022-06-01-preview""/>
<format minLength="1"/>
</const>
</query>
</request>
<response statusCode="200">
<body>
<json var="$Instance">
<schema type="object">
<prop readOnly="True" type="string" name="nextLink"/>
<prop type="array<object>" name="value" required="True">
<item type="object">
<prop type="string" name="etag"/>
<prop readOnly="True" type="ResourceId" name="id">
<format template="/subscriptions/{}/resourceGroups/{}/providers/Microsoft.OperationalInsights/workspaces/{}/providers/Microsoft.SecurityInsights/incidents/{}"/>
</prop>
<prop readOnly="True" type="string" name="name"/>
<prop type="object" name="properties" clientFlatten="True">
<prop readOnly="True" type="object" name="additionalData">
<prop readOnly="True" type="array<string>" name="alertProductNames">
<item readOnly="True" type="string"/>
</prop>
<prop readOnly="True" type="integer32" name="alertsCount"/>
<prop readOnly="True" type="integer32" name="bookmarksCount"/>
<prop readOnly="True" type="integer32" name="commentsCount"/>
<prop readOnly="True" type="string" name="providerIncidentUrl"/>
<prop readOnly="True" type="array<string>" name="tactics">
<item readOnly="True" type="string">
<enum>
<item value=""Collection""/>
<item value=""CommandAndControl""/>
<item value=""CredentialAccess""/>
<item value=""DefenseEvasion""/>
<item value=""Discovery""/>
<item value=""Execution""/>
<item value=""Exfiltration""/>
<item value=""Impact""/>
<item value=""ImpairProcessControl""/>
<item value=""InhibitResponseFunction""/>
<item value=""InitialAccess""/>
<item value=""LateralMovement""/>
<item value=""Persistence""/>
<item value=""PreAttack""/>
<item value=""PrivilegeEscalation""/>
<item value=""Reconnaissance""/>
<item value=""ResourceDevelopment""/>
</enum>
</item>
</prop>
<prop readOnly="True" type="array<string>" name="techniques">
<item readOnly="True" type="string"/>
</prop>
</prop>
<prop type="string" name="classification">
<enum>
<item value=""BenignPositive""/>
<item value=""FalsePositive""/>
<item value=""TruePositive""/>
<item value=""Undetermined""/>
</enum>
</prop>
<prop type="string" name="classificationComment"/>
<prop type="string" name="classificationReason">
<enum>
<item value=""InaccurateData""/>
<item value=""IncorrectAlertLogic""/>
<item value=""SuspiciousActivity""/>
<item value=""SuspiciousButExpected""/>
</enum>
</prop>
<prop readOnly="True" type="dateTime" name="createdTimeUtc"/>
<prop type="string" name="description"/>
<prop type="dateTime" name="firstActivityTimeUtc"/>
<prop readOnly="True" type="integer32" name="incidentNumber"/>
<prop readOnly="True" type="string" name="incidentUrl"/>
<prop type="array<object>" name="labels">
<item type="object">
<prop type="string" name="labelName" required="True"/>
<prop readOnly="True" type="string" name="labelType">
<enum>
<item value=""AutoAssigned""/>
<item value=""User""/>
</enum>
</prop>
</item>
</prop>
<prop type="dateTime" name="lastActivityTimeUtc"/>
<prop readOnly="True" type="dateTime" name="lastModifiedTimeUtc"/>
<prop type="object" name="owner">
<prop type="string" name="assignedTo"/>
<prop type="string" name="email"/>
<prop type="uuid" name="objectId"/>
<prop type="string" name="ownerType">
<enum>
<item value=""Group""/>
<item value=""Unknown""/>
<item value=""User""/>
</enum>
</prop>
<prop type="string" name="userPrincipalName"/>
</prop>
<prop type="string" name="providerIncidentId"/>
<prop type="string" name="providerName"/>
<prop readOnly="True" type="array<string>" name="relatedAnalyticRuleIds">
<item readOnly="True" type="string"/>
</prop>
<prop type="string" name="severity" required="True">
<enum>
<item value=""High""/>
<item value=""Informational""/>
<item value=""Low""/>
<item value=""Medium""/>
</enum>
</prop>
<prop type="string" name="status" required="True">
<enum>
<item value=""Active""/>
<item value=""Closed""/>
<item value=""New""/>
</enum>
</prop>
<prop type="object" name="teamInformation">
<prop readOnly="True" type="string" name="description"/>
<prop readOnly="True" type="string" name="name"/>
<prop readOnly="True" type="string" name="primaryChannelUrl"/>
<prop readOnly="True" type="dateTime" name="teamCreationTimeUtc"/>
<prop readOnly="True" type="string" name="teamId"/>
</prop>
<prop type="string" name="title" required="True"/>
</prop>
<prop readOnly="True" type="object" name="systemData">
<prop readOnly="True" type="dateTime" name="createdAt"/>
<prop readOnly="True" type="string" name="createdBy"/>
<prop readOnly="True" type="string" name="createdByType">
<enum>
<item value=""Application""/>
<item value=""Key""/>
<item value=""ManagedIdentity""/>
<item value=""User""/>
</enum>
</prop>
<prop readOnly="True" type="dateTime" name="lastModifiedAt"/>
<prop readOnly="True" type="string" name="lastModifiedBy"/>
<prop readOnly="True" type="string" name="lastModifiedByType">
<enum>
<item value=""Application""/>
<item value=""Key""/>
<item value=""ManagedIdentity""/>
<item value=""User""/>
</enum>
</prop>
</prop>
<prop readOnly="True" type="string" name="type"/>
</item>
</prop>
</schema>
</json>
</body>
</response>
<response isError="True">
<body>
<json>
<schema type="@ODataV4Format"/>
</json>
</body>
</response>
</http>
</operation>
<output type="array" ref="$Instance.value" clientFlatten="True" nextLink="$Instance.nextLink"/>
</command>
</commandGroup>
</CodeGen>