Resources/mgmt-plane/L3N1YnNjcmlwdGlvbnMve30vcmVzb3VyY2Vncm91cHMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5vcGVyYXRpb25hbGluc2lnaHRzL3dvcmtzcGFjZXMve30vcHJvdmlkZXJzL21pY3Jvc29mdC5zZWN1cml0eWluc2lnaHRzL3dhdGNobGlzdHMve30=/2022-06-01-preview.xml (676 lines of code) (raw):
<?xml version='1.0' encoding='utf-8'?>
<CodeGen plane="mgmt-plane">
<resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/watchlists/{}" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvd2F0Y2hsaXN0cy97d2F0Y2hsaXN0QWxpYXN9/V/MjAyMi0wNi0wMS1wcmV2aWV3"/>
<commandGroup name="sentinel watchlist">
<command name="show" version="2022-06-01-preview">
<resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/watchlists/{}" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvd2F0Y2hsaXN0cy97d2F0Y2hsaXN0QWxpYXN9/V/MjAyMi0wNi0wMS1wcmV2aWV3"/>
<argGroup name="">
<arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True" idPart="resource_group"/>
<arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True" idPart="subscription"/>
<arg type="string" var="$Path.watchlistAlias" options="watchlist-alias name n" required="True" idPart="child_name_1">
<help short="Watchlist Alias"/>
</arg>
<arg type="string" var="$Path.workspaceName" options="workspace-name w" required="True" stage="Experimental" idPart="name">
<help short="The name of the workspace."/>
<format maxLength="90" minLength="1"/>
</arg>
</argGroup>
<operation operationId="Watchlists_Get">
<http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}">
<request method="get">
<path>
<param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True">
<format maxLength="90" minLength="1"/>
</param>
<param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True">
<format minLength="1"/>
</param>
<param type="string" name="watchlistAlias" arg="$Path.watchlistAlias" required="True"/>
<param type="string" name="workspaceName" arg="$Path.workspaceName" required="True">
<format maxLength="90" minLength="1"/>
</param>
</path>
<query>
<const readOnly="True" const="True" type="string" name="api-version" required="True">
<default value=""2022-06-01-preview""/>
<format minLength="1"/>
</const>
</query>
</request>
<response statusCode="200">
<body>
<json var="$Instance">
<schema type="object">
<prop type="string" name="etag"/>
<prop readOnly="True" type="ResourceId" name="id">
<format template="/subscriptions/{}/resourceGroups/{}/providers/Microsoft.OperationalInsights/workspaces/{}/providers/Microsoft.SecurityInsights/watchlists/{}"/>
</prop>
<prop readOnly="True" type="string" name="name"/>
<prop type="object" name="properties" clientFlatten="True">
<prop type="string" name="contentType"/>
<prop type="dateTime" name="created"/>
<prop type="object" name="createdBy" cls="UserInfo_read">
<prop readOnly="True" type="string" name="email"/>
<prop readOnly="True" type="string" name="name"/>
<prop nullable="True" type="uuid" name="objectId"/>
</prop>
<prop type="duration" name="defaultDuration"/>
<prop type="string" name="description"/>
<prop type="string" name="displayName" required="True"/>
<prop type="boolean" name="isDeleted"/>
<prop type="string" name="itemsSearchKey" required="True"/>
<prop type="array<string>" name="labels">
<item type="string"/>
</prop>
<prop type="integer32" name="numberOfLinesToSkip"/>
<prop type="string" name="provider" required="True"/>
<prop type="string" name="rawContent"/>
<prop type="string" name="source"/>
<prop type="string" name="sourceType">
<enum>
<item value=""Local file""/>
<item value=""Remote storage""/>
</enum>
</prop>
<prop type="string" name="tenantId"/>
<prop type="dateTime" name="updated"/>
<prop type="@UserInfo_read" name="updatedBy"/>
<prop type="string" name="uploadStatus"/>
<prop type="string" name="watchlistAlias"/>
<prop type="string" name="watchlistId"/>
<prop type="string" name="watchlistType"/>
</prop>
<prop readOnly="True" type="object" name="systemData">
<prop readOnly="True" type="dateTime" name="createdAt"/>
<prop readOnly="True" type="string" name="createdBy"/>
<prop readOnly="True" type="string" name="createdByType">
<enum>
<item value=""Application""/>
<item value=""Key""/>
<item value=""ManagedIdentity""/>
<item value=""User""/>
</enum>
</prop>
<prop readOnly="True" type="dateTime" name="lastModifiedAt"/>
<prop readOnly="True" type="string" name="lastModifiedBy"/>
<prop readOnly="True" type="string" name="lastModifiedByType">
<enum>
<item value=""Application""/>
<item value=""Key""/>
<item value=""ManagedIdentity""/>
<item value=""User""/>
</enum>
</prop>
</prop>
<prop readOnly="True" type="string" name="type"/>
</schema>
</json>
</body>
</response>
<response isError="True">
<body>
<json>
<schema type="@ODataV4Format"/>
</json>
</body>
</response>
</http>
</operation>
<output type="object" ref="$Instance" clientFlatten="True"/>
</command>
<command name="delete" version="2022-06-01-preview" confirmation="Are you sure you want to perform this operation?">
<resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/watchlists/{}" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvd2F0Y2hsaXN0cy97d2F0Y2hsaXN0QWxpYXN9/V/MjAyMi0wNi0wMS1wcmV2aWV3"/>
<argGroup name="">
<arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True" idPart="resource_group"/>
<arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True" idPart="subscription"/>
<arg type="string" var="$Path.watchlistAlias" options="watchlist-alias name n" required="True" idPart="child_name_1">
<help short="Watchlist Alias"/>
</arg>
<arg type="string" var="$Path.workspaceName" options="workspace-name w" required="True" stage="Experimental" idPart="name">
<help short="The name of the workspace."/>
<format maxLength="90" minLength="1"/>
</arg>
</argGroup>
<operation operationId="Watchlists_Delete">
<http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}">
<request method="delete">
<path>
<param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True">
<format maxLength="90" minLength="1"/>
</param>
<param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True">
<format minLength="1"/>
</param>
<param type="string" name="watchlistAlias" arg="$Path.watchlistAlias" required="True"/>
<param type="string" name="workspaceName" arg="$Path.workspaceName" required="True">
<format maxLength="90" minLength="1"/>
</param>
</path>
<query>
<const readOnly="True" const="True" type="string" name="api-version" required="True">
<default value=""2022-06-01-preview""/>
<format minLength="1"/>
</const>
</query>
</request>
<response statusCode="200">
<header>
<item name="Azure-AsyncOperation"/>
</header>
</response>
<response statusCode="204"/>
<response isError="True">
<body>
<json>
<schema type="@ODataV4Format"/>
</json>
</body>
</response>
</http>
</operation>
</command>
<command name="create" version="2022-06-01-preview">
<resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/watchlists/{}" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvd2F0Y2hsaXN0cy97d2F0Y2hsaXN0QWxpYXN9/V/MjAyMi0wNi0wMS1wcmV2aWV3"/>
<argGroup name="">
<arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True" idPart="resource_group"/>
<arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True" idPart="subscription"/>
<arg type="string" var="$Path.watchlistAlias" options="watchlist-alias name n" required="True" idPart="child_name_1">
<help short="Watchlist Alias"/>
</arg>
<arg type="string" var="$Path.workspaceName" options="workspace-name w" required="True" stage="Experimental" idPart="name">
<help short="The name of the workspace."/>
<format maxLength="90" minLength="1"/>
</arg>
</argGroup>
<argGroup name="Properties">
<arg type="string" var="$watchlist.properties.contentType" options="content-type" group="Properties">
<help short="The content type of the raw content. Example : text/csv or text/tsv "/>
</arg>
<arg type="dateTime" var="$watchlist.properties.created" options="created" group="Properties">
<help short="The time the watchlist was created"/>
</arg>
<arg type="object" var="$watchlist.properties.createdBy" options="created-by" group="Properties" cls="UserInfo_create">
<help short="Describes a user that created the watchlist"/>
<arg nullable="True" type="uuid" var="@UserInfo_create.objectId" options="object-id">
<help short="The object id of the user."/>
</arg>
</arg>
<arg type="duration" var="$watchlist.properties.defaultDuration" options="default-duration" group="Properties">
<help short="The default duration of a watchlist (in ISO 8601 duration format)"/>
</arg>
<arg type="string" var="$watchlist.properties.description" options="description" group="Properties">
<help short="A description of the watchlist"/>
</arg>
<arg type="string" var="$watchlist.properties.displayName" options="display-name" group="Properties">
<help short="The display name of the watchlist"/>
</arg>
<arg type="boolean" var="$watchlist.properties.isDeleted" options="is-deleted" group="Properties">
<help short="A flag that indicates if the watchlist is deleted or not"/>
</arg>
<arg type="string" var="$watchlist.properties.itemsSearchKey" options="items-search-key" group="Properties">
<help short="The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address."/>
</arg>
<arg type="array<string>" var="$watchlist.properties.labels" options="labels" group="Properties">
<help short="List of labels relevant to this watchlist"/>
<item type="string"/>
</arg>
<arg type="integer32" var="$watchlist.properties.numberOfLinesToSkip" options="skip-num" group="Properties">
<help short="The number of lines in a csv/tsv content to skip before the header"/>
</arg>
<arg type="string" var="$watchlist.properties.provider" options="provider" group="Properties">
<help short="The provider of the watchlist"/>
</arg>
<arg type="string" var="$watchlist.properties.rawContent" options="raw-content" group="Properties">
<help short="The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint"/>
</arg>
<arg type="string" var="$watchlist.properties.source" options="source" group="Properties">
<help short="The filename of the watchlist, called 'source'"/>
</arg>
<arg type="string" var="$watchlist.properties.sourceType" options="source-type" group="Properties">
<help short="The sourceType of the watchlist"/>
<enum>
<item name="Local file" value=""Local file""/>
<item name="Remote storage" value=""Remote storage""/>
</enum>
</arg>
<arg type="string" var="$watchlist.properties.tenantId" options="tenant-id" group="Properties">
<help short="The tenantId where the watchlist belongs to"/>
</arg>
<arg type="dateTime" var="$watchlist.properties.updated" options="updated" group="Properties">
<help short="The last time the watchlist was updated"/>
</arg>
<arg type="@UserInfo_create" var="$watchlist.properties.updatedBy" options="updated-by" group="Properties">
<help short="Describes a user that updated the watchlist"/>
</arg>
<arg type="string" var="$watchlist.properties.uploadStatus" options="upload-status" group="Properties">
<help short="The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted"/>
</arg>
<arg type="string" var="$watchlist.properties.watchlistId" options="watchlist-id" group="Properties">
<help short="The id (a Guid) of the watchlist"/>
</arg>
<arg type="string" var="$watchlist.properties.watchlistType" options="watchlist-type" group="Properties">
<help short="The type of the watchlist"/>
</arg>
</argGroup>
<argGroup name="Watchlist">
<arg type="string" var="$watchlist.etag" options="etag" group="Watchlist">
<help short="Etag of the azure resource"/>
</arg>
</argGroup>
<operation operationId="Watchlists_CreateOrUpdate">
<http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}">
<request method="put">
<path>
<param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True">
<format maxLength="90" minLength="1"/>
</param>
<param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True">
<format minLength="1"/>
</param>
<param type="string" name="watchlistAlias" arg="$Path.watchlistAlias" required="True"/>
<param type="string" name="workspaceName" arg="$Path.workspaceName" required="True">
<format maxLength="90" minLength="1"/>
</param>
</path>
<query>
<const readOnly="True" const="True" type="string" name="api-version" required="True">
<default value=""2022-06-01-preview""/>
<format minLength="1"/>
</const>
</query>
<body>
<json>
<schema type="object" name="watchlist" required="True" clientFlatten="True">
<prop type="string" name="etag" arg="$watchlist.etag"/>
<prop type="object" name="properties" clientFlatten="True">
<prop type="string" name="contentType" arg="$watchlist.properties.contentType"/>
<prop type="dateTime" name="created" arg="$watchlist.properties.created"/>
<prop type="object" name="createdBy" arg="$watchlist.properties.createdBy" cls="UserInfo_create">
<prop nullable="True" type="uuid" name="objectId" arg="@UserInfo_create.objectId"/>
</prop>
<prop type="duration" name="defaultDuration" arg="$watchlist.properties.defaultDuration"/>
<prop type="string" name="description" arg="$watchlist.properties.description"/>
<prop type="string" name="displayName" arg="$watchlist.properties.displayName" required="True"/>
<prop type="boolean" name="isDeleted" arg="$watchlist.properties.isDeleted"/>
<prop type="string" name="itemsSearchKey" arg="$watchlist.properties.itemsSearchKey" required="True"/>
<prop type="array<string>" name="labels" arg="$watchlist.properties.labels">
<item type="string"/>
</prop>
<prop type="integer32" name="numberOfLinesToSkip" arg="$watchlist.properties.numberOfLinesToSkip"/>
<prop type="string" name="provider" arg="$watchlist.properties.provider" required="True"/>
<prop type="string" name="rawContent" arg="$watchlist.properties.rawContent"/>
<prop type="string" name="source" arg="$watchlist.properties.source"/>
<prop type="string" name="sourceType" arg="$watchlist.properties.sourceType">
<enum>
<item value=""Local file""/>
<item value=""Remote storage""/>
</enum>
</prop>
<prop type="string" name="tenantId" arg="$watchlist.properties.tenantId"/>
<prop type="dateTime" name="updated" arg="$watchlist.properties.updated"/>
<prop type="@UserInfo_create" name="updatedBy" arg="$watchlist.properties.updatedBy"/>
<prop type="string" name="uploadStatus" arg="$watchlist.properties.uploadStatus"/>
<prop type="string" name="watchlistAlias" arg="$Path.watchlistAlias"/>
<prop type="string" name="watchlistId" arg="$watchlist.properties.watchlistId"/>
<prop type="string" name="watchlistType" arg="$watchlist.properties.watchlistType"/>
</prop>
</schema>
</json>
</body>
</request>
<response statusCode="200 201">
<body>
<json var="$Instance">
<schema type="object">
<prop type="string" name="etag"/>
<prop readOnly="True" type="ResourceId" name="id">
<format template="/subscriptions/{}/resourceGroups/{}/providers/Microsoft.OperationalInsights/workspaces/{}/providers/Microsoft.SecurityInsights/watchlists/{}"/>
</prop>
<prop readOnly="True" type="string" name="name"/>
<prop type="object" name="properties" clientFlatten="True">
<prop type="string" name="contentType"/>
<prop type="dateTime" name="created"/>
<prop type="object" name="createdBy" cls="UserInfo_read">
<prop readOnly="True" type="string" name="email"/>
<prop readOnly="True" type="string" name="name"/>
<prop nullable="True" type="uuid" name="objectId"/>
</prop>
<prop type="duration" name="defaultDuration"/>
<prop type="string" name="description"/>
<prop type="string" name="displayName" required="True"/>
<prop type="boolean" name="isDeleted"/>
<prop type="string" name="itemsSearchKey" required="True"/>
<prop type="array<string>" name="labels">
<item type="string"/>
</prop>
<prop type="integer32" name="numberOfLinesToSkip"/>
<prop type="string" name="provider" required="True"/>
<prop type="string" name="rawContent"/>
<prop type="string" name="source"/>
<prop type="string" name="sourceType">
<enum>
<item value=""Local file""/>
<item value=""Remote storage""/>
</enum>
</prop>
<prop type="string" name="tenantId"/>
<prop type="dateTime" name="updated"/>
<prop type="@UserInfo_read" name="updatedBy"/>
<prop type="string" name="uploadStatus"/>
<prop type="string" name="watchlistAlias"/>
<prop type="string" name="watchlistId"/>
<prop type="string" name="watchlistType"/>
</prop>
<prop readOnly="True" type="object" name="systemData">
<prop readOnly="True" type="dateTime" name="createdAt"/>
<prop readOnly="True" type="string" name="createdBy"/>
<prop readOnly="True" type="string" name="createdByType">
<enum>
<item value=""Application""/>
<item value=""Key""/>
<item value=""ManagedIdentity""/>
<item value=""User""/>
</enum>
</prop>
<prop readOnly="True" type="dateTime" name="lastModifiedAt"/>
<prop readOnly="True" type="string" name="lastModifiedBy"/>
<prop readOnly="True" type="string" name="lastModifiedByType">
<enum>
<item value=""Application""/>
<item value=""Key""/>
<item value=""ManagedIdentity""/>
<item value=""User""/>
</enum>
</prop>
</prop>
<prop readOnly="True" type="string" name="type"/>
</schema>
</json>
</body>
</response>
<response isError="True">
<body>
<json>
<schema type="@ODataV4Format"/>
</json>
</body>
</response>
</http>
</operation>
<output type="object" ref="$Instance" clientFlatten="True"/>
</command>
<command name="update" version="2022-06-01-preview">
<resource id="/subscriptions/{}/resourcegroups/{}/providers/microsoft.operationalinsights/workspaces/{}/providers/microsoft.securityinsights/watchlists/{}" version="2022-06-01-preview" swagger="mgmt-plane/securityinsights/ResourceProviders/Microsoft.SecurityInsights/Paths/L3N1YnNjcmlwdGlvbnMve3N1YnNjcmlwdGlvbklkfS9yZXNvdXJjZUdyb3Vwcy97cmVzb3VyY2VHcm91cE5hbWV9L3Byb3ZpZGVycy9NaWNyb3NvZnQuT3BlcmF0aW9uYWxJbnNpZ2h0cy93b3Jrc3BhY2VzL3t3b3Jrc3BhY2VOYW1lfS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5SW5zaWdodHMvd2F0Y2hsaXN0cy97d2F0Y2hsaXN0QWxpYXN9/V/MjAyMi0wNi0wMS1wcmV2aWV3"/>
<argGroup name="">
<arg type="ResourceGroupName" var="$Path.resourceGroupName" options="resource-group g" required="True" idPart="resource_group"/>
<arg type="SubscriptionId" var="$Path.subscriptionId" options="subscription" required="True" idPart="subscription"/>
<arg type="string" var="$Path.watchlistAlias" options="watchlist-alias name n" required="True" idPart="child_name_1">
<help short="Watchlist Alias"/>
</arg>
<arg type="string" var="$Path.workspaceName" options="workspace-name w" required="True" stage="Experimental" idPart="name">
<help short="The name of the workspace."/>
<format maxLength="90" minLength="1"/>
</arg>
</argGroup>
<argGroup name="Properties">
<arg nullable="True" type="string" var="$watchlist.properties.contentType" options="content-type" group="Properties">
<help short="The content type of the raw content. Example : text/csv or text/tsv "/>
</arg>
<arg nullable="True" type="dateTime" var="$watchlist.properties.created" options="created" group="Properties">
<help short="The time the watchlist was created"/>
</arg>
<arg nullable="True" type="object" var="$watchlist.properties.createdBy" options="created-by" group="Properties" cls="UserInfo_update">
<help short="Describes a user that created the watchlist"/>
<arg nullable="True" type="uuid" var="@UserInfo_update.objectId" options="object-id">
<help short="The object id of the user."/>
</arg>
</arg>
<arg nullable="True" type="duration" var="$watchlist.properties.defaultDuration" options="default-duration" group="Properties">
<help short="The default duration of a watchlist (in ISO 8601 duration format)"/>
</arg>
<arg nullable="True" type="string" var="$watchlist.properties.description" options="description" group="Properties">
<help short="A description of the watchlist"/>
</arg>
<arg type="string" var="$watchlist.properties.displayName" options="display-name" group="Properties">
<help short="The display name of the watchlist"/>
</arg>
<arg nullable="True" type="boolean" var="$watchlist.properties.isDeleted" options="is-deleted" group="Properties">
<help short="A flag that indicates if the watchlist is deleted or not"/>
</arg>
<arg type="string" var="$watchlist.properties.itemsSearchKey" options="items-search-key" group="Properties">
<help short="The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address."/>
</arg>
<arg nullable="True" type="array<string>" var="$watchlist.properties.labels" options="labels" group="Properties">
<help short="List of labels relevant to this watchlist"/>
<item type="string"/>
</arg>
<arg nullable="True" type="integer32" var="$watchlist.properties.numberOfLinesToSkip" options="skip-num" group="Properties">
<help short="The number of lines in a csv/tsv content to skip before the header"/>
</arg>
<arg type="string" var="$watchlist.properties.provider" options="provider" group="Properties">
<help short="The provider of the watchlist"/>
</arg>
<arg nullable="True" type="string" var="$watchlist.properties.rawContent" options="raw-content" group="Properties">
<help short="The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint"/>
</arg>
<arg nullable="True" type="string" var="$watchlist.properties.source" options="source" group="Properties">
<help short="The filename of the watchlist, called 'source'"/>
</arg>
<arg nullable="True" type="string" var="$watchlist.properties.sourceType" options="source-type" group="Properties">
<help short="The sourceType of the watchlist"/>
<enum>
<item name="Local file" value=""Local file""/>
<item name="Remote storage" value=""Remote storage""/>
</enum>
</arg>
<arg nullable="True" type="string" var="$watchlist.properties.tenantId" options="tenant-id" group="Properties">
<help short="The tenantId where the watchlist belongs to"/>
</arg>
<arg nullable="True" type="dateTime" var="$watchlist.properties.updated" options="updated" group="Properties">
<help short="The last time the watchlist was updated"/>
</arg>
<arg nullable="True" type="@UserInfo_update" var="$watchlist.properties.updatedBy" options="updated-by" group="Properties">
<help short="Describes a user that updated the watchlist"/>
</arg>
<arg nullable="True" type="string" var="$watchlist.properties.uploadStatus" options="upload-status" group="Properties">
<help short="The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted"/>
</arg>
<arg nullable="True" type="string" var="$watchlist.properties.watchlistId" options="watchlist-id" group="Properties">
<help short="The id (a Guid) of the watchlist"/>
</arg>
<arg nullable="True" type="string" var="$watchlist.properties.watchlistType" options="watchlist-type" group="Properties">
<help short="The type of the watchlist"/>
</arg>
</argGroup>
<argGroup name="Watchlist">
<arg nullable="True" type="string" var="$watchlist.etag" options="etag" group="Watchlist">
<help short="Etag of the azure resource"/>
</arg>
</argGroup>
<operation operationId="Watchlists_Get">
<http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}">
<request method="get">
<path>
<param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True">
<format maxLength="90" minLength="1"/>
</param>
<param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True">
<format minLength="1"/>
</param>
<param type="string" name="watchlistAlias" arg="$Path.watchlistAlias" required="True"/>
<param type="string" name="workspaceName" arg="$Path.workspaceName" required="True">
<format maxLength="90" minLength="1"/>
</param>
</path>
<query>
<const readOnly="True" const="True" type="string" name="api-version" required="True">
<default value=""2022-06-01-preview""/>
<format minLength="1"/>
</const>
</query>
</request>
<response statusCode="200">
<body>
<json var="$Instance">
<schema type="object" cls="Watchlist_read">
<prop type="string" name="etag"/>
<prop readOnly="True" type="ResourceId" name="id">
<format template="/subscriptions/{}/resourceGroups/{}/providers/Microsoft.OperationalInsights/workspaces/{}/providers/Microsoft.SecurityInsights/watchlists/{}"/>
</prop>
<prop readOnly="True" type="string" name="name"/>
<prop type="object" name="properties" clientFlatten="True">
<prop type="string" name="contentType"/>
<prop type="dateTime" name="created"/>
<prop type="object" name="createdBy" cls="UserInfo_read">
<prop readOnly="True" type="string" name="email"/>
<prop readOnly="True" type="string" name="name"/>
<prop nullable="True" type="uuid" name="objectId"/>
</prop>
<prop type="duration" name="defaultDuration"/>
<prop type="string" name="description"/>
<prop type="string" name="displayName" required="True"/>
<prop type="boolean" name="isDeleted"/>
<prop type="string" name="itemsSearchKey" required="True"/>
<prop type="array<string>" name="labels">
<item type="string"/>
</prop>
<prop type="integer32" name="numberOfLinesToSkip"/>
<prop type="string" name="provider" required="True"/>
<prop type="string" name="rawContent"/>
<prop type="string" name="source"/>
<prop type="string" name="sourceType">
<enum>
<item value=""Local file""/>
<item value=""Remote storage""/>
</enum>
</prop>
<prop type="string" name="tenantId"/>
<prop type="dateTime" name="updated"/>
<prop type="@UserInfo_read" name="updatedBy"/>
<prop type="string" name="uploadStatus"/>
<prop type="string" name="watchlistAlias"/>
<prop type="string" name="watchlistId"/>
<prop type="string" name="watchlistType"/>
</prop>
<prop readOnly="True" type="object" name="systemData">
<prop readOnly="True" type="dateTime" name="createdAt"/>
<prop readOnly="True" type="string" name="createdBy"/>
<prop readOnly="True" type="string" name="createdByType">
<enum>
<item value=""Application""/>
<item value=""Key""/>
<item value=""ManagedIdentity""/>
<item value=""User""/>
</enum>
</prop>
<prop readOnly="True" type="dateTime" name="lastModifiedAt"/>
<prop readOnly="True" type="string" name="lastModifiedBy"/>
<prop readOnly="True" type="string" name="lastModifiedByType">
<enum>
<item value=""Application""/>
<item value=""Key""/>
<item value=""ManagedIdentity""/>
<item value=""User""/>
</enum>
</prop>
</prop>
<prop readOnly="True" type="string" name="type"/>
</schema>
</json>
</body>
</response>
<response isError="True">
<body>
<json>
<schema type="@ODataV4Format"/>
</json>
</body>
</response>
</http>
</operation>
<operation>
<instanceUpdate instance="$Instance">
<json>
<schema type="object" name="watchlist" required="True" clientFlatten="True">
<prop type="string" name="etag" arg="$watchlist.etag"/>
<prop type="object" name="properties" clientFlatten="True">
<prop type="string" name="contentType" arg="$watchlist.properties.contentType"/>
<prop type="dateTime" name="created" arg="$watchlist.properties.created"/>
<prop type="object" name="createdBy" arg="$watchlist.properties.createdBy" cls="UserInfo_update">
<prop nullable="True" type="uuid" name="objectId" arg="@UserInfo_update.objectId"/>
</prop>
<prop type="duration" name="defaultDuration" arg="$watchlist.properties.defaultDuration"/>
<prop type="string" name="description" arg="$watchlist.properties.description"/>
<prop type="string" name="displayName" arg="$watchlist.properties.displayName" required="True"/>
<prop type="boolean" name="isDeleted" arg="$watchlist.properties.isDeleted"/>
<prop type="string" name="itemsSearchKey" arg="$watchlist.properties.itemsSearchKey" required="True"/>
<prop type="array<string>" name="labels" arg="$watchlist.properties.labels">
<item type="string"/>
</prop>
<prop type="integer32" name="numberOfLinesToSkip" arg="$watchlist.properties.numberOfLinesToSkip"/>
<prop type="string" name="provider" arg="$watchlist.properties.provider" required="True"/>
<prop type="string" name="rawContent" arg="$watchlist.properties.rawContent"/>
<prop type="string" name="source" arg="$watchlist.properties.source"/>
<prop type="string" name="sourceType" arg="$watchlist.properties.sourceType">
<enum>
<item value=""Local file""/>
<item value=""Remote storage""/>
</enum>
</prop>
<prop type="string" name="tenantId" arg="$watchlist.properties.tenantId"/>
<prop type="dateTime" name="updated" arg="$watchlist.properties.updated"/>
<prop type="@UserInfo_update" name="updatedBy" arg="$watchlist.properties.updatedBy"/>
<prop type="string" name="uploadStatus" arg="$watchlist.properties.uploadStatus"/>
<prop type="string" name="watchlistAlias" arg="$Path.watchlistAlias"/>
<prop type="string" name="watchlistId" arg="$watchlist.properties.watchlistId"/>
<prop type="string" name="watchlistType" arg="$watchlist.properties.watchlistType"/>
</prop>
</schema>
</json>
</instanceUpdate>
</operation>
<operation operationId="Watchlists_CreateOrUpdate">
<http path="/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}">
<request method="put">
<path>
<param type="string" name="resourceGroupName" arg="$Path.resourceGroupName" required="True">
<format maxLength="90" minLength="1"/>
</param>
<param type="string" name="subscriptionId" arg="$Path.subscriptionId" required="True">
<format minLength="1"/>
</param>
<param type="string" name="watchlistAlias" arg="$Path.watchlistAlias" required="True"/>
<param type="string" name="workspaceName" arg="$Path.workspaceName" required="True">
<format maxLength="90" minLength="1"/>
</param>
</path>
<query>
<const readOnly="True" const="True" type="string" name="api-version" required="True">
<default value=""2022-06-01-preview""/>
<format minLength="1"/>
</const>
</query>
<body>
<json ref="$Instance"/>
</body>
</request>
<response statusCode="200 201">
<body>
<json var="$Instance">
<schema type="@Watchlist_read"/>
</json>
</body>
</response>
<response isError="True">
<body>
<json>
<schema type="@ODataV4Format"/>
</json>
</body>
</response>
</http>
</operation>
<output type="object" ref="$Instance" clientFlatten="True"/>
</command>
</commandGroup>
</CodeGen>