Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5vcGVyYXRpb25hbGluc2lnaHRzL3dvcmtzcGFjZXMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5zZWN1cml0eWluc2lnaHRzL2luY2lkZW50cw==/2022-06-01-preview.xml (218 lines of code) (raw):

<?xml version='1.0' encoding='utf-8'?> <CodeGen plane="mgmt-plane"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/incidents" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvaW5jaWRlbnRz/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <commandGroup name="sentinel incident"> <command name="list" version="2022-06-01-preview"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/incidents" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvaW5jaWRlbnRz/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <argGroup name=""> <arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True"/> <arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True"/> <arg type="string" var="$Path.workspaceName" options="workspace-name w" required="True" stage="Experimental"> <help short="The name of the workspace."/> <format maxLength="90" minLength="1"/> </arg> <arg type="string" var="$Query.filter" options="filter"> <help short="Filters the results, based on a Boolean condition. Optional."/> </arg> <arg type="string" var="$Query.orderby" options="orderby"> <help short="Sorts the results. Optional."/> </arg> <arg type="string" var="$Query.skipToken" options="skip-token"> <help short="Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional."/> </arg> <arg type="integer32" var="$Query.top" options="top"> <help short="Returns only the first n results. Optional."/> </arg> </argGroup> <operation operationId="Incidents_List"> <http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents"> <request method="get"> <path> <param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True"> <format maxLength="90" minLength="1"/> </param> <param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"> <format minLength="1"/> </param> <param type="string" name="workspaceName" arg="$Path.workspaceName" required="True"> <format maxLength="90" minLength="1"/> </param> </path> <query> <param type="string" name="$filter" arg="$Query.filter"/> <param type="string" name="$orderby" arg="$Query.orderby"/> <param type="string" name="$skipToken" arg="$Query.skipToken"/> <param type="integer32" name="$top" arg="$Query.top"/> <const readOnly="True" const="True" type="string" name="api-version" required="True"> <default value="&quot;2022-06-01-preview&quot;"/> <format minLength="1"/> </const> </query> </request> <response statusCode="200"> <body> <json var="$Instance"> <schema type="object"> <prop readOnly="True" type="string" name="nextLink"/> <prop type="array<object>" name="value" required="True"> <item type="object"> <prop type="string" name="etag"/> <prop readOnly="True" type="ResourceId" name="id"> <format template="/subscriptions/{}/resourceGroups/{}/providers/Microsoft.OperationalInsights/workspaces/{}/providers/Microsoft.SecurityInsights/incidents/{}"/> </prop> <prop readOnly="True" type="string" name="name"/> <prop type="object" name="properties" clientFlatten="True"> <prop readOnly="True" type="object" name="additionalData"> <prop readOnly="True" type="array<string>" name="alertProductNames"> <item readOnly="True" type="string"/> </prop> <prop readOnly="True" type="integer32" name="alertsCount"/> <prop readOnly="True" type="integer32" name="bookmarksCount"/> <prop readOnly="True" type="integer32" name="commentsCount"/> <prop readOnly="True" type="string" name="providerIncidentUrl"/> <prop readOnly="True" type="array<string>" name="tactics"> <item readOnly="True" type="string"> <enum> <item value="&quot;Collection&quot;"/> <item value="&quot;CommandAndControl&quot;"/> <item value="&quot;CredentialAccess&quot;"/> <item value="&quot;DefenseEvasion&quot;"/> <item value="&quot;Discovery&quot;"/> <item value="&quot;Execution&quot;"/> <item value="&quot;Exfiltration&quot;"/> <item value="&quot;Impact&quot;"/> <item value="&quot;ImpairProcessControl&quot;"/> <item value="&quot;InhibitResponseFunction&quot;"/> <item value="&quot;InitialAccess&quot;"/> <item value="&quot;LateralMovement&quot;"/> <item value="&quot;Persistence&quot;"/> <item value="&quot;PreAttack&quot;"/> <item value="&quot;PrivilegeEscalation&quot;"/> <item value="&quot;Reconnaissance&quot;"/> <item value="&quot;ResourceDevelopment&quot;"/> </enum> </item> </prop> <prop readOnly="True" type="array<string>" name="techniques"> <item readOnly="True" type="string"/> </prop> </prop> <prop type="string" name="classification"> <enum> <item value="&quot;BenignPositive&quot;"/> <item value="&quot;FalsePositive&quot;"/> <item value="&quot;TruePositive&quot;"/> <item value="&quot;Undetermined&quot;"/> </enum> </prop> <prop type="string" name="classificationComment"/> <prop type="string" name="classificationReason"> <enum> <item value="&quot;InaccurateData&quot;"/> <item value="&quot;IncorrectAlertLogic&quot;"/> <item value="&quot;SuspiciousActivity&quot;"/> <item value="&quot;SuspiciousButExpected&quot;"/> </enum> </prop> <prop readOnly="True" type="dateTime" name="createdTimeUtc"/> <prop type="string" name="description"/> <prop type="dateTime" name="firstActivityTimeUtc"/> <prop readOnly="True" type="integer32" name="incidentNumber"/> <prop readOnly="True" type="string" name="incidentUrl"/> <prop type="array<object>" name="labels"> <item type="object"> <prop type="string" name="labelName" required="True"/> <prop readOnly="True" type="string" name="labelType"> <enum> <item value="&quot;AutoAssigned&quot;"/> <item value="&quot;User&quot;"/> </enum> </prop> </item> </prop> <prop type="dateTime" name="lastActivityTimeUtc"/> <prop readOnly="True" type="dateTime" name="lastModifiedTimeUtc"/> <prop type="object" name="owner"> <prop type="string" name="assignedTo"/> <prop type="string" name="email"/> <prop type="uuid" name="objectId"/> <prop type="string" name="ownerType"> <enum> <item value="&quot;Group&quot;"/> <item value="&quot;Unknown&quot;"/> <item value="&quot;User&quot;"/> </enum> </prop> <prop type="string" name="userPrincipalName"/> </prop> <prop type="string" name="providerIncidentId"/> <prop type="string" name="providerName"/> <prop readOnly="True" type="array<string>" name="relatedAnalyticRuleIds"> <item readOnly="True" type="string"/> </prop> <prop type="string" name="severity" required="True"> <enum> <item value="&quot;High&quot;"/> <item value="&quot;Informational&quot;"/> <item value="&quot;Low&quot;"/> <item value="&quot;Medium&quot;"/> </enum> </prop> <prop type="string" name="status" required="True"> <enum> <item value="&quot;Active&quot;"/> <item value="&quot;Closed&quot;"/> <item value="&quot;New&quot;"/> </enum> </prop> <prop type="object" name="teamInformation"> <prop readOnly="True" type="string" name="description"/> <prop readOnly="True" type="string" name="name"/> <prop readOnly="True" type="string" name="primaryChannelUrl"/> <prop readOnly="True" type="dateTime" name="teamCreationTimeUtc"/> <prop readOnly="True" type="string" name="teamId"/> </prop> <prop type="string" name="title" required="True"/> </prop> <prop readOnly="True" type="object" name="systemData"> <prop readOnly="True" type="dateTime" name="createdAt"/> <prop readOnly="True" type="string" name="createdBy"/> <prop readOnly="True" type="string" name="createdByType"> <enum> <item value="&quot;Application&quot;"/> <item value="&quot;Key&quot;"/> <item value="&quot;ManagedIdentity&quot;"/> <item value="&quot;User&quot;"/> </enum> </prop> <prop readOnly="True" type="dateTime" name="lastModifiedAt"/> <prop readOnly="True" type="string" name="lastModifiedBy"/> <prop readOnly="True" type="string" name="lastModifiedByType"> <enum> <item value="&quot;Application&quot;"/> <item value="&quot;Key&quot;"/> <item value="&quot;ManagedIdentity&quot;"/> <item value="&quot;User&quot;"/> </enum> </prop> </prop> <prop readOnly="True" type="string" name="type"/> </item> </prop> </schema> </json> </body> </response> <response isError="True"> <body> <json> <schema type="@ODataV4Format"/> </json> </body> </response> </http> </operation> <output type="array" ref="$Instance.value" clientFlatten="True" nextLink="$Instance.nextLink"/> </command> </commandGroup> </CodeGen>