Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5vcGVyYXRpb25hbGluc2lnaHRzL3dvcmtzcGFjZXMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5zZWN1cml0eWluc2lnaHRzL3NlY3VyaXR5bWxhbmFseXRpY3NzZXR0aW5ncy97fQ==/2022-06-01-preview.xml

<?xml version='1.0' encoding='utf-8'?> <CodeGen plane="mgmt-plane"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/securitymlanalyticssettings/{}" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvc2VjdXJpdHlNTEFuYWx5dGljc1NldHRpbmdzL3tzZXR0aW5nc1Jlc291cmNlTmFtZX0=/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <commandGroup name="sentinel analytics-setting"> <command name="show" version="2022-06-01-preview"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/securitymlanalyticssettings/{}" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvc2VjdXJpdHlNTEFuYWx5dGljc1NldHRpbmdzL3tzZXR0aW5nc1Jlc291cmNlTmFtZX0=/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <argGroup name=""> <arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True" idPart="resource_group"/> <arg type="string" var="$Path.settingsResourceName" options="settings-resource-name name n" required="True" idPart="child_name_1"> <help short="Security ML Analytics Settings resource name"/> </arg> <arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True" idPart="subscription"/> <arg type="string" var="$Path.workspaceName" options="workspace-name w" required="True" stage="Experimental" idPart="name"> <help short="The name of the workspace."/> <format maxLength="90" minLength="1"/> </arg> </argGroup> <operation operationId="SecurityMLAnalyticsSettings_Get"> <http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}"> <request method="get"> <path> <param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True"> <format maxLength="90" minLength="1"/> </param> <param type="string" name="settingsResourceName" arg="$Path.settingsResourceName" required="True"/> <param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"> <format minLength="1"/> </param> <param type="string" name="workspaceName" arg="$Path.workspaceName" required="True"> <format maxLength="90" minLength="1"/> </param> </path> <query> <const readOnly="True" const="True" type="string" name="api-version" required="True"> <default value=""2022-06-01-preview""/> <format minLength="1"/> </const> </query> </request> <response statusCode="200"> <body> <json var="$Instance"> <schema type="object"> <prop type="string" name="etag"/> <prop readOnly="True" type="ResourceId" name="id"> <format template="/subscriptions/{}/resourceGroups/{}/providers/Microsoft.OperationalInsights/workspaces/{}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{}"/> </prop> <prop type="string" name="kind" required="True"> <enum> <item value=""Anomaly""/> </enum> </prop> <prop readOnly="True" type="string" name="name"/> <prop readOnly="True" type="object" name="systemData"> <prop readOnly="True" type="dateTime" name="createdAt"/> <prop readOnly="True" type="string" name="createdBy"/> <prop readOnly="True" type="string" name="createdByType"> <enum> <item value=""Application""/> <item value=""Key""/> <item value=""ManagedIdentity""/> <item value=""User""/> </enum> </prop> <prop readOnly="True" type="dateTime" name="lastModifiedAt"/> <prop readOnly="True" type="string" name="lastModifiedBy"/> <prop readOnly="True" type="string" name="lastModifiedByType"> <enum> <item value=""Application""/> <item value=""Key""/> <item value=""ManagedIdentity""/> <item value=""User""/> </enum> </prop> </prop> <prop readOnly="True" type="string" name="type"/> <discriminator property="kind" value="Anomaly"> <prop type="object" name="properties" clientFlatten="True"> <prop type="integer32" name="anomalySettingsVersion"/> <prop type="string" name="anomalyVersion" required="True"/> <prop type="string" name="description"/> <prop type="string" name="displayName" required="True"/> <prop type="boolean" name="enabled" required="True"/> <prop type="duration" name="frequency" required="True"/> <prop type="boolean" name="isDefaultSettings" required="True"/> <prop readOnly="True" type="dateTime" name="lastModifiedUtc"/> <prop type="array<object>" name="requiredDataConnectors"> <item type="object"> <prop type="string" name="connectorId"/> <prop type="array<string>" name="dataTypes"> <item type="string"/> </prop> </item> </prop> <prop type="uuid" name="settingsDefinitionId"/> <prop type="string" name="settingsStatus" required="True"> <enum> <item value=""Flighting""/> <item value=""Production""/> </enum> </prop> <prop type="array<string>" name="tactics"> <item type="string"> <enum> <item value=""Collection""/> <item value=""CommandAndControl""/> <item value=""CredentialAccess""/> <item value=""DefenseEvasion""/> <item value=""Discovery""/> <item value=""Execution""/> <item value=""Exfiltration""/> <item value=""Impact""/> <item value=""ImpairProcessControl""/> <item value=""InhibitResponseFunction""/> <item value=""InitialAccess""/> <item value=""LateralMovement""/> <item value=""Persistence""/> <item value=""PreAttack""/> <item value=""PrivilegeEscalation""/> <item value=""Reconnaissance""/> <item value=""ResourceDevelopment""/> </enum> </item> </prop> <prop type="array<string>" name="techniques"> <item type="string"/> </prop> </prop> </discriminator> </schema> </json> </body> </response> <response isError="True"> <body> <json> <schema type="@ODataV4Format"/> </json> </body> </response> </http> </operation> <output type="object" ref="$Instance" clientFlatten="True"/> </command> <command name="delete" version="2022-06-01-preview" confirmation="Are you sure you want to perform this operation?"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/securitymlanalyticssettings/{}" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvc2VjdXJpdHlNTEFuYWx5dGljc1NldHRpbmdzL3tzZXR0aW5nc1Jlc291cmNlTmFtZX0=/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <argGroup name=""> <arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True" idPart="resource_group"/> <arg type="string" var="$Path.settingsResourceName" options="settings-resource-name name n" required="True" idPart="child_name_1"> <help short="Security ML Analytics Settings resource name"/> </arg> <arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True" idPart="subscription"/> <arg type="string" var="$Path.workspaceName" options="workspace-name w" required="True" stage="Experimental" idPart="name"> <help short="The name of the workspace."/> <format maxLength="90" minLength="1"/> </arg> </argGroup> <operation operationId="SecurityMLAnalyticsSettings_Delete"> <http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}"> <request method="delete"> <path> <param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True"> <format maxLength="90" minLength="1"/> </param> <param type="string" name="settingsResourceName" arg="$Path.settingsResourceName" required="True"/> <param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"> <format minLength="1"/> </param> <param type="string" name="workspaceName" arg="$Path.workspaceName" required="True"> <format maxLength="90" minLength="1"/> </param> </path> <query> <const readOnly="True" const="True" type="string" name="api-version" required="True"> <default value=""2022-06-01-preview""/> <format minLength="1"/> </const> </query> </request> <response statusCode="200"/> <response statusCode="204"/> <response isError="True"> <body> <json> <schema type="@ODataV4Format"/> </json> </body> </response> </http> </operation> </command> <command name="create" version="2022-06-01-preview"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/securitymlanalyticssettings/{}" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvc2VjdXJpdHlNTEFuYWx5dGljc1NldHRpbmdzL3tzZXR0aW5nc1Jlc291cmNlTmFtZX0=/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <argGroup name=""> <arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True" idPart="resource_group"/> <arg type="string" var="$Path.settingsResourceName" options="settings-resource-name name n" required="True" idPart="child_name_1"> <help short="Security ML Analytics Settings resource name"/> </arg> <arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True" idPart="subscription"/> <arg type="string" var="$Path.workspaceName" options="workspace-name w" required="True" stage="Experimental" idPart="name"> <help short="The name of the workspace."/> <format maxLength="90" minLength="1"/> </arg> </argGroup> <argGroup name="SecurityMLAnalyticsSetting"> <arg type="object" var="$securityMLAnalyticsSetting.Anomaly" options="anomaly" group="SecurityMLAnalyticsSetting"> <arg type="integer32" var="$securityMLAnalyticsSetting.Anomaly.properties.anomalySettingsVersion" options="anomaly-settings-version" group="Properties"> <help short="The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not."/> </arg> <arg type="string" var="$securityMLAnalyticsSetting.Anomaly.properties.anomalyVersion" options="anomaly-version" group="Properties"> <help short="The anomaly version of the AnomalySecurityMLAnalyticsSettings."/> </arg> <arg type="string" var="$securityMLAnalyticsSetting.Anomaly.properties.description" options="description" group="Properties"> <help short="The description of the SecurityMLAnalyticsSettings."/> </arg> <arg type="string" var="$securityMLAnalyticsSetting.Anomaly.properties.displayName" options="display-name" group="Properties"> <help short="The display name for settings created by this SecurityMLAnalyticsSettings."/> </arg> <arg type="boolean" var="$securityMLAnalyticsSetting.Anomaly.properties.enabled" options="enabled" group="Properties"> <help short="Determines whether this settings is enabled or disabled."/> </arg> <arg type="duration" var="$securityMLAnalyticsSetting.Anomaly.properties.frequency" options="frequency" group="Properties"> <help short="The frequency that this SecurityMLAnalyticsSettings will be run."/> </arg> <arg type="boolean" var="$securityMLAnalyticsSetting.Anomaly.properties.isDefaultSettings" options="is-default-settings" group="Properties"> <help short="Determines whether this anomaly security ml analytics settings is a default settings"/> </arg> <arg type="array<object>" var="$securityMLAnalyticsSetting.Anomaly.properties.requiredDataConnectors" options="required-data-connectors" group="Properties"> <help short="The required data sources for this SecurityMLAnalyticsSettings"/> <item type="object"> <arg type="string" var="$securityMLAnalyticsSetting.Anomaly.properties.requiredDataConnectors[].connectorId" options="connector-id"> <help short="The connector id that provides the following data types"/> </arg> <arg type="array<string>" var="$securityMLAnalyticsSetting.Anomaly.properties.requiredDataConnectors[].dataTypes" options="data-types"> <help short="The data types used by the security ml analytics settings"/> <item type="string"/> </arg> </item> </arg> <arg type="uuid" var="$securityMLAnalyticsSetting.Anomaly.properties.settingsDefinitionId" options="settings-definition-id" group="Properties"> <help short="The anomaly settings definition Id"/> </arg> <arg type="string" var="$securityMLAnalyticsSetting.Anomaly.properties.settingsStatus" options="settings-status" group="Properties"> <help short="The anomaly SecurityMLAnalyticsSettings status"/> <enum> <item name="Flighting" value=""Flighting""/> <item name="Production" value=""Production""/> </enum> </arg> <arg type="array<string>" var="$securityMLAnalyticsSetting.Anomaly.properties.tactics" options="tactics" group="Properties"> <help short="The tactics of the SecurityMLAnalyticsSettings"/> <item type="string"> <enum> <item name="Collection" value=""Collection""/> <item name="CommandAndControl" value=""CommandAndControl""/> <item name="CredentialAccess" value=""CredentialAccess""/> <item name="DefenseEvasion" value=""DefenseEvasion""/> <item name="Discovery" value=""Discovery""/> <item name="Execution" value=""Execution""/> <item name="Exfiltration" value=""Exfiltration""/> <item name="Impact" value=""Impact""/> <item name="ImpairProcessControl" value=""ImpairProcessControl""/> <item name="InhibitResponseFunction" value=""InhibitResponseFunction""/> <item name="InitialAccess" value=""InitialAccess""/> <item name="LateralMovement" value=""LateralMovement""/> <item name="Persistence" value=""Persistence""/> <item name="PreAttack" value=""PreAttack""/> <item name="PrivilegeEscalation" value=""PrivilegeEscalation""/> <item name="Reconnaissance" value=""Reconnaissance""/> <item name="ResourceDevelopment" value=""ResourceDevelopment""/> </enum> </item> </arg> <arg type="array<string>" var="$securityMLAnalyticsSetting.Anomaly.properties.techniques" options="techniques" group="Properties"> <help short="The techniques of the SecurityMLAnalyticsSettings"/> <item type="string"/> </arg> </arg> <arg type="string" var="$securityMLAnalyticsSetting.etag" options="etag" group="SecurityMLAnalyticsSetting"> <help short="Etag of the azure resource"/> </arg> </argGroup> <operation operationId="SecurityMLAnalyticsSettings_CreateOrUpdate"> <http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}"> <request method="put"> <path> <param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True"> <format maxLength="90" minLength="1"/> </param> <param type="string" name="settingsResourceName" arg="$Path.settingsResourceName" required="True"/> <param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"> <format minLength="1"/> </param> <param type="string" name="workspaceName" arg="$Path.workspaceName" required="True"> <format maxLength="90" minLength="1"/> </param> </path> <query> <const readOnly="True" const="True" type="string" name="api-version" required="True"> <default value=""2022-06-01-preview""/> <format minLength="1"/> </const> </query> <body> <json> <schema type="object" name="securityMLAnalyticsSetting" required="True" clientFlatten="True"> <prop type="string" name="etag" arg="$securityMLAnalyticsSetting.etag"/> <prop type="string" name="kind" required="True"> <enum> <item arg="$securityMLAnalyticsSetting.Anomaly" value=""Anomaly""/> </enum> </prop> <discriminator property="kind" value="Anomaly"> <prop type="object" name="properties" clientFlatten="True"> <prop type="integer32" name="anomalySettingsVersion" arg="$securityMLAnalyticsSetting.Anomaly.properties.anomalySettingsVersion"/> <prop type="string" name="anomalyVersion" arg="$securityMLAnalyticsSetting.Anomaly.properties.anomalyVersion" required="True"/> <prop type="string" name="description" arg="$securityMLAnalyticsSetting.Anomaly.properties.description"/> <prop type="string" name="displayName" arg="$securityMLAnalyticsSetting.Anomaly.properties.displayName" required="True"/> <prop type="boolean" name="enabled" arg="$securityMLAnalyticsSetting.Anomaly.properties.enabled" required="True"/> <prop type="duration" name="frequency" arg="$securityMLAnalyticsSetting.Anomaly.properties.frequency" required="True"/> <prop type="boolean" name="isDefaultSettings" arg="$securityMLAnalyticsSetting.Anomaly.properties.isDefaultSettings" required="True"/> <prop type="array<object>" name="requiredDataConnectors" arg="$securityMLAnalyticsSetting.Anomaly.properties.requiredDataConnectors"> <item type="object"> <prop type="string" name="connectorId" arg="$securityMLAnalyticsSetting.Anomaly.properties.requiredDataConnectors[].connectorId"/> <prop type="array<string>" name="dataTypes" arg="$securityMLAnalyticsSetting.Anomaly.properties.requiredDataConnectors[].dataTypes"> <item type="string"/> </prop> </item> </prop> <prop type="uuid" name="settingsDefinitionId" arg="$securityMLAnalyticsSetting.Anomaly.properties.settingsDefinitionId"/> <prop type="string" name="settingsStatus" arg="$securityMLAnalyticsSetting.Anomaly.properties.settingsStatus" required="True"> <enum> <item value=""Flighting""/> <item value=""Production""/> </enum> </prop> <prop type="array<string>" name="tactics" arg="$securityMLAnalyticsSetting.Anomaly.properties.tactics"> <item type="string"> <enum> <item value=""Collection""/> <item value=""CommandAndControl""/> <item value=""CredentialAccess""/> <item value=""DefenseEvasion""/> <item value=""Discovery""/> <item value=""Execution""/> <item value=""Exfiltration""/> <item value=""Impact""/> <item value=""ImpairProcessControl""/> <item value=""InhibitResponseFunction""/> <item value=""InitialAccess""/> <item value=""LateralMovement""/> <item value=""Persistence""/> <item value=""PreAttack""/> <item value=""PrivilegeEscalation""/> <item value=""Reconnaissance""/> <item value=""ResourceDevelopment""/> </enum> </item> </prop> <prop type="array<string>" name="techniques" arg="$securityMLAnalyticsSetting.Anomaly.properties.techniques"> <item type="string"/> </prop> </prop> </discriminator> </schema> </json> </body> </request> <response statusCode="200 201"> <body> <json var="$Instance"> <schema type="object"> <prop type="string" name="etag"/> <prop readOnly="True" type="ResourceId" name="id"> <format template="/subscriptions/{}/resourceGroups/{}/providers/Microsoft.OperationalInsights/workspaces/{}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{}"/> </prop> <prop type="string" name="kind" required="True"> <enum> <item value=""Anomaly""/> </enum> </prop> <prop readOnly="True" type="string" name="name"/> <prop readOnly="True" type="object" name="systemData"> <prop readOnly="True" type="dateTime" name="createdAt"/> <prop readOnly="True" type="string" name="createdBy"/> <prop readOnly="True" type="string" name="createdByType"> <enum> <item value=""Application""/> <item value=""Key""/> <item value=""ManagedIdentity""/> <item value=""User""/> </enum> </prop> <prop readOnly="True" type="dateTime" name="lastModifiedAt"/> <prop readOnly="True" type="string" name="lastModifiedBy"/> <prop readOnly="True" type="string" name="lastModifiedByType"> <enum> <item value=""Application""/> <item value=""Key""/> <item value=""ManagedIdentity""/> <item value=""User""/> </enum> </prop> </prop> <prop readOnly="True" type="string" name="type"/> <discriminator property="kind" value="Anomaly"> <prop type="object" name="properties" clientFlatten="True"> <prop type="integer32" name="anomalySettingsVersion"/> <prop type="string" name="anomalyVersion" required="True"/> <prop type="string" name="description"/> <prop type="string" name="displayName" required="True"/> <prop type="boolean" name="enabled" required="True"/> <prop type="duration" name="frequency" required="True"/> <prop type="boolean" name="isDefaultSettings" required="True"/> <prop readOnly="True" type="dateTime" name="lastModifiedUtc"/> <prop type="array<object>" name="requiredDataConnectors"> <item type="object"> <prop type="string" name="connectorId"/> <prop type="array<string>" name="dataTypes"> <item type="string"/> </prop> </item> </prop> <prop type="uuid" name="settingsDefinitionId"/> <prop type="string" name="settingsStatus" required="True"> <enum> <item value=""Flighting""/> <item value=""Production""/> </enum> </prop> <prop type="array<string>" name="tactics"> <item type="string"> <enum> <item value=""Collection""/> <item value=""CommandAndControl""/> <item value=""CredentialAccess""/> <item value=""DefenseEvasion""/> <item value=""Discovery""/> <item value=""Execution""/> <item value=""Exfiltration""/> <item value=""Impact""/> <item value=""ImpairProcessControl""/> <item value=""InhibitResponseFunction""/> <item value=""InitialAccess""/> <item value=""LateralMovement""/> <item value=""Persistence""/> <item value=""PreAttack""/> <item value=""PrivilegeEscalation""/> <item value=""Reconnaissance""/> <item value=""ResourceDevelopment""/> </enum> </item> </prop> <prop type="array<string>" name="techniques"> <item type="string"/> </prop> </prop> </discriminator> </schema> </json> </body> </response> <response isError="True"> <body> <json> <schema type="@ODataV4Format"/> </json> </body> </response> </http> </operation> <output type="object" ref="$Instance" clientFlatten="True"/> </command> <command name="update" version="2022-06-01-preview"> <resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/securitymlanalyticssettings/{}" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvc2VjdXJpdHlNTEFuYWx5dGljc1NldHRpbmdzL3tzZXR0aW5nc1Jlc291cmNlTmFtZX0=/V/MjAyMi0wNi0wMS1wcmV2aWV3"/> <argGroup name=""> <arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True" idPart="resource_group"/> <arg type="string" var="$Path.settingsResourceName" options="settings-resource-name name n" required="True" idPart="child_name_1"> <help short="Security ML Analytics Settings resource name"/> </arg> <arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True" idPart="subscription"/> <arg type="string" var="$Path.workspaceName" options="workspace-name w" required="True" stage="Experimental" idPart="name"> <help short="The name of the workspace."/> <format maxLength="90" minLength="1"/> </arg> </argGroup> <argGroup name="SecurityMLAnalyticsSetting"> <arg type="object" var="$securityMLAnalyticsSetting.Anomaly" options="anomaly" group="SecurityMLAnalyticsSetting"> <arg nullable="True" type="integer32" var="$securityMLAnalyticsSetting.Anomaly.properties.anomalySettingsVersion" options="anomaly-settings-version" group="Properties"> <help short="The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not."/> </arg> <arg type="string" var="$securityMLAnalyticsSetting.Anomaly.properties.anomalyVersion" options="anomaly-version" group="Properties"> <help short="The anomaly version of the AnomalySecurityMLAnalyticsSettings."/> </arg> <arg nullable="True" type="string" var="$securityMLAnalyticsSetting.Anomaly.properties.description" options="description" group="Properties"> <help short="The description of the SecurityMLAnalyticsSettings."/> </arg> <arg type="string" var="$securityMLAnalyticsSetting.Anomaly.properties.displayName" options="display-name" group="Properties"> <help short="The display name for settings created by this SecurityMLAnalyticsSettings."/> </arg> <arg type="boolean" var="$securityMLAnalyticsSetting.Anomaly.properties.enabled" options="enabled" group="Properties"> <help short="Determines whether this settings is enabled or disabled."/> </arg> <arg type="duration" var="$securityMLAnalyticsSetting.Anomaly.properties.frequency" options="frequency" group="Properties"> <help short="The frequency that this SecurityMLAnalyticsSettings will be run."/> </arg> <arg type="boolean" var="$securityMLAnalyticsSetting.Anomaly.properties.isDefaultSettings" options="is-default-settings" group="Properties"> <help short="Determines whether this anomaly security ml analytics settings is a default settings"/> </arg> <arg nullable="True" type="array<object>" var="$securityMLAnalyticsSetting.Anomaly.properties.requiredDataConnectors" options="required-data-connectors" group="Properties"> <help short="The required data sources for this SecurityMLAnalyticsSettings"/> <item type="object"> <arg nullable="True" type="string" var="$securityMLAnalyticsSetting.Anomaly.properties.requiredDataConnectors[].connectorId" options="connector-id"> <help short="The connector id that provides the following data types"/> </arg> <arg nullable="True" type="array<string>" var="$securityMLAnalyticsSetting.Anomaly.properties.requiredDataConnectors[].dataTypes" options="data-types"> <help short="The data types used by the security ml analytics settings"/> <item type="string"/> </arg> </item> </arg> <arg nullable="True" type="uuid" var="$securityMLAnalyticsSetting.Anomaly.properties.settingsDefinitionId" options="settings-definition-id" group="Properties"> <help short="The anomaly settings definition Id"/> </arg> <arg type="string" var="$securityMLAnalyticsSetting.Anomaly.properties.settingsStatus" options="settings-status" group="Properties"> <help short="The anomaly SecurityMLAnalyticsSettings status"/> <enum> <item name="Flighting" value=""Flighting""/> <item name="Production" value=""Production""/> </enum> </arg> <arg nullable="True" type="array<string>" var="$securityMLAnalyticsSetting.Anomaly.properties.tactics" options="tactics" group="Properties"> <help short="The tactics of the SecurityMLAnalyticsSettings"/> <item type="string"> <enum> <item name="Collection" value=""Collection""/> <item name="CommandAndControl" value=""CommandAndControl""/> <item name="CredentialAccess" value=""CredentialAccess""/> <item name="DefenseEvasion" value=""DefenseEvasion""/> <item name="Discovery" value=""Discovery""/> <item name="Execution" value=""Execution""/> <item name="Exfiltration" value=""Exfiltration""/> <item name="Impact" value=""Impact""/> <item name="ImpairProcessControl" value=""ImpairProcessControl""/> <item name="InhibitResponseFunction" value=""InhibitResponseFunction""/> <item name="InitialAccess" value=""InitialAccess""/> <item name="LateralMovement" value=""LateralMovement""/> <item name="Persistence" value=""Persistence""/> <item name="PreAttack" value=""PreAttack""/> <item name="PrivilegeEscalation" value=""PrivilegeEscalation""/> <item name="Reconnaissance" value=""Reconnaissance""/> <item name="ResourceDevelopment" value=""ResourceDevelopment""/> </enum> </item> </arg> <arg nullable="True" type="array<string>" var="$securityMLAnalyticsSetting.Anomaly.properties.techniques" options="techniques" group="Properties"> <help short="The techniques of the SecurityMLAnalyticsSettings"/> <item type="string"/> </arg> </arg> <arg nullable="True" type="string" var="$securityMLAnalyticsSetting.etag" options="etag" group="SecurityMLAnalyticsSetting"> <help short="Etag of the azure resource"/> </arg> </argGroup> <operation operationId="SecurityMLAnalyticsSettings_Get"> <http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}"> <request method="get"> <path> <param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True"> <format maxLength="90" minLength="1"/> </param> <param type="string" name="settingsResourceName" arg="$Path.settingsResourceName" required="True"/> <param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"> <format minLength="1"/> </param> <param type="string" name="workspaceName" arg="$Path.workspaceName" required="True"> <format maxLength="90" minLength="1"/> </param> </path> <query> <const readOnly="True" const="True" type="string" name="api-version" required="True"> <default value=""2022-06-01-preview""/> <format minLength="1"/> </const> </query> </request> <response statusCode="200"> <body> <json var="$Instance"> <schema type="object" cls="SecurityMLAnalyticsSetting_read"> <prop type="string" name="etag"/> <prop readOnly="True" type="ResourceId" name="id"> <format template="/subscriptions/{}/resourceGroups/{}/providers/Microsoft.OperationalInsights/workspaces/{}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{}"/> </prop> <prop type="string" name="kind" required="True"> <enum> <item value=""Anomaly""/> </enum> </prop> <prop readOnly="True" type="string" name="name"/> <prop readOnly="True" type="object" name="systemData"> <prop readOnly="True" type="dateTime" name="createdAt"/> <prop readOnly="True" type="string" name="createdBy"/> <prop readOnly="True" type="string" name="createdByType"> <enum> <item value=""Application""/> <item value=""Key""/> <item value=""ManagedIdentity""/> <item value=""User""/> </enum> </prop> <prop readOnly="True" type="dateTime" name="lastModifiedAt"/> <prop readOnly="True" type="string" name="lastModifiedBy"/> <prop readOnly="True" type="string" name="lastModifiedByType"> <enum> <item value=""Application""/> <item value=""Key""/> <item value=""ManagedIdentity""/> <item value=""User""/> </enum> </prop> </prop> <prop readOnly="True" type="string" name="type"/> <discriminator property="kind" value="Anomaly"> <prop type="object" name="properties" clientFlatten="True"> <prop type="integer32" name="anomalySettingsVersion"/> <prop type="string" name="anomalyVersion" required="True"/> <prop type="string" name="description"/> <prop type="string" name="displayName" required="True"/> <prop type="boolean" name="enabled" required="True"/> <prop type="duration" name="frequency" required="True"/> <prop type="boolean" name="isDefaultSettings" required="True"/> <prop readOnly="True" type="dateTime" name="lastModifiedUtc"/> <prop type="array<object>" name="requiredDataConnectors"> <item type="object"> <prop type="string" name="connectorId"/> <prop type="array<string>" name="dataTypes"> <item type="string"/> </prop> </item> </prop> <prop type="uuid" name="settingsDefinitionId"/> <prop type="string" name="settingsStatus" required="True"> <enum> <item value=""Flighting""/> <item value=""Production""/> </enum> </prop> <prop type="array<string>" name="tactics"> <item type="string"> <enum> <item value=""Collection""/> <item value=""CommandAndControl""/> <item value=""CredentialAccess""/> <item value=""DefenseEvasion""/> <item value=""Discovery""/> <item value=""Execution""/> <item value=""Exfiltration""/> <item value=""Impact""/> <item value=""ImpairProcessControl""/> <item value=""InhibitResponseFunction""/> <item value=""InitialAccess""/> <item value=""LateralMovement""/> <item value=""Persistence""/> <item value=""PreAttack""/> <item value=""PrivilegeEscalation""/> <item value=""Reconnaissance""/> <item value=""ResourceDevelopment""/> </enum> </item> </prop> <prop type="array<string>" name="techniques"> <item type="string"/> </prop> </prop> </discriminator> </schema> </json> </body> </response> <response isError="True"> <body> <json> <schema type="@ODataV4Format"/> </json> </body> </response> </http> </operation> <operation> <instanceUpdate instance="$Instance"> <json> <schema type="object" name="securityMLAnalyticsSetting" required="True" clientFlatten="True"> <prop type="string" name="etag" arg="$securityMLAnalyticsSetting.etag"/> <prop type="string" name="kind" required="True"> <enum> <item arg="$securityMLAnalyticsSetting.Anomaly" value=""Anomaly""/> </enum> </prop> <discriminator property="kind" value="Anomaly"> <prop type="object" name="properties" clientFlatten="True"> <prop type="integer32" name="anomalySettingsVersion" arg="$securityMLAnalyticsSetting.Anomaly.properties.anomalySettingsVersion"/> <prop type="string" name="anomalyVersion" arg="$securityMLAnalyticsSetting.Anomaly.properties.anomalyVersion" required="True"/> <prop type="string" name="description" arg="$securityMLAnalyticsSetting.Anomaly.properties.description"/> <prop type="string" name="displayName" arg="$securityMLAnalyticsSetting.Anomaly.properties.displayName" required="True"/> <prop type="boolean" name="enabled" arg="$securityMLAnalyticsSetting.Anomaly.properties.enabled" required="True"/> <prop type="duration" name="frequency" arg="$securityMLAnalyticsSetting.Anomaly.properties.frequency" required="True"/> <prop type="boolean" name="isDefaultSettings" arg="$securityMLAnalyticsSetting.Anomaly.properties.isDefaultSettings" required="True"/> <prop type="array<object>" name="requiredDataConnectors" arg="$securityMLAnalyticsSetting.Anomaly.properties.requiredDataConnectors"> <item type="object"> <prop type="string" name="connectorId" arg="$securityMLAnalyticsSetting.Anomaly.properties.requiredDataConnectors[].connectorId"/> <prop type="array<string>" name="dataTypes" arg="$securityMLAnalyticsSetting.Anomaly.properties.requiredDataConnectors[].dataTypes"> <item type="string"/> </prop> </item> </prop> <prop type="uuid" name="settingsDefinitionId" arg="$securityMLAnalyticsSetting.Anomaly.properties.settingsDefinitionId"/> <prop type="string" name="settingsStatus" arg="$securityMLAnalyticsSetting.Anomaly.properties.settingsStatus" required="True"> <enum> <item value=""Flighting""/> <item value=""Production""/> </enum> </prop> <prop type="array<string>" name="tactics" arg="$securityMLAnalyticsSetting.Anomaly.properties.tactics"> <item type="string"> <enum> <item value=""Collection""/> <item value=""CommandAndControl""/> <item value=""CredentialAccess""/> <item value=""DefenseEvasion""/> <item value=""Discovery""/> <item value=""Execution""/> <item value=""Exfiltration""/> <item value=""Impact""/> <item value=""ImpairProcessControl""/> <item value=""InhibitResponseFunction""/> <item value=""InitialAccess""/> <item value=""LateralMovement""/> <item value=""Persistence""/> <item value=""PreAttack""/> <item value=""PrivilegeEscalation""/> <item value=""Reconnaissance""/> <item value=""ResourceDevelopment""/> </enum> </item> </prop> <prop type="array<string>" name="techniques" arg="$securityMLAnalyticsSetting.Anomaly.properties.techniques"> <item type="string"/> </prop> </prop> </discriminator> </schema> </json> </instanceUpdate> </operation> <operation operationId="SecurityMLAnalyticsSettings_CreateOrUpdate"> <http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}"> <request method="put"> <path> <param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True"> <format maxLength="90" minLength="1"/> </param> <param type="string" name="settingsResourceName" arg="$Path.settingsResourceName" required="True"/> <param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True"> <format minLength="1"/> </param> <param type="string" name="workspaceName" arg="$Path.workspaceName" required="True"> <format maxLength="90" minLength="1"/> </param> </path> <query> <const readOnly="True" const="True" type="string" name="api-version" required="True"> <default value=""2022-06-01-preview""/> <format minLength="1"/> </const> </query> <body> <json ref="$Instance"/> </body> </request> <response statusCode="200 201"> <body> <json var="$Instance"> <schema type="@SecurityMLAnalyticsSetting_read"/> </json> </body> </response> <response isError="True"> <body> <json> <schema type="@ODataV4Format"/> </json> </body> </response> </http> </operation> <output type="object" ref="$Instance" clientFlatten="True"/> </command> </commandGroup> </CodeGen>

Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5vcGVyYXRpb25hbGluc2lnaHRzL3dvcmtzcGFjZXMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5zZWN1cml0eWluc2lnaHRzL3NlY3VyaXR5bWxhbmFseXRpY3NzZXR0aW5ncy97fQ==/2022-06-01-preview.xml (800 lines of code) (raw):