Add a new data plane Upload API (#27639)

Author: hunngu-ms

cSpell.json

@@ -1264,6 +1264,13 @@
                 "realface",
                 "spoofface"
             ]
+        },
+        {
+            "filename": "**/specification/securityinsights/data-plane/Microsoft.SecurityInsights/**/*.json",
+            "words": [
+                "threatintelligencestixobjects",
+                "stixobjects"
+            ]
         }
     ],
     "enableFiletypes": [

specification/securityinsights/data-plane/Microsoft.SecurityInsights/preview/2024-02-01-preview/ThreatIntelligence.json

@@ -0,0 +1,190 @@
+{
+  "swagger": "2.0",
+  "info": {
+    "title": "Microsoft Sentinel Upload API",
+    "description": "Specification for Microsoft Sentinel Upload API.",
+    "version": "2024-02-01-preview"
+  },
+  "host": "api.ti.sentinel.azure.com",
+  "schemes": [
+    "https"
+  ],
+  "paths": {
+    "/workspaces/{workspaceId}/threat-intelligence-stix-objects:upload": {
+      "post": {
+        "x-ms-examples": {
+          "Upload Stix Objects": {
+            "$ref": "./examples/threatintelligence/UploadStixObjects.json"
+          }
+        },
+        "summary": "Upload Structured Threat Information Expression (STIX) objects to the workspace",
+        "description": "Upload an array of Structured Threat Information Expression (STIX) objects to the workspace specified",
+        "operationId": "ThreatIntelligenceStixObjects_Upload",
+        "consumes": [
+          "application/json"
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "parameters": [
+          {
+            "$ref": "#/parameters/ApiVersionParameter"
+          },
+          {
+            "in": "path",
+            "name": "workspaceId",
+            "description": "The workspace ID for the STIX objects to be uploaded.",
+            "required": true,
+            "type": "string",
+            "format": "uuid",
+            "maxLength": 36,
+            "pattern": "^[{]?[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$"
+          },
+          {
+            "in": "body",
+            "name": "body",
+            "description": "Body of the request with an array of STIX objects and other properties",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/UploadStixObjectsRequest"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "The API returns 200 when at least one STIX object is successfully validated and published.",
+            "schema": {
+              "$ref": "#/definitions/UploadStixObjectsResponse"
+            }
+          },
+          "default": {
+            "description": "Upload STIX Objects API service error response.",
+            "headers": {
+              "x-ms-error-code": {
+                "type": "string",
+                "description": "Error code for specific error that occurred."
+              }
+            },
+            "schema": {
+              "$ref": "#/definitions/ErrorResponseBody"
+            },
+            "x-ms-error-response": true
+          }
+        },
+        "security": [
+          {
+            "azure_auth": [
+              "user_impersonation"
+            ]
+          }
+        ]
+      }
+    }
+  },
+  "definitions": {
+    "JsonPropertyBag": {
+      "description": "This is a STIX object. STIX objects need to be in STIX format. We only support STIX 2.0 and 2.1 format.",
+      "type": "object",
+      "additionalProperties": {}
+    },
+    "UploadStixObjectsRequest": {
+      "description": "Schema for request body.",
+      "type": "object",
+      "properties": {
+        "sourcesystem": {
+          "description": "Source of the STIX objects to be uploaded. Source system name cannot be Microsoft Sentinel. Maximum length is 256 characters.",
+          "type": "string"
+        },
+        "stixobjects": {
+          "description": "The stixobjects param is an array of STIX objects. STIX objects need to be in STIX format. We only support STIX 2.0 and 2.1 format.",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/JsonPropertyBag"
+          }
+        }
+      }
+    },
+    "UploadStixObjectsResponse": {
+      "description": "Response object containing more details about the operation.",
+      "type": "object",
+      "properties": {
+        "errors": {
+          "description": "Details of the error. Contains a list of STIX objects validation errors",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/StixObjectsValidationError"
+          }
+        }
+      }
+    },
+    "StixObjectsValidationError": {
+      "description": "Object that stores a list of errors encountered when executing the Upload operation.",
+      "type": "object",
+      "properties": {
+        "recordIndex": {
+          "format": "int64",
+          "description": "Index of the STIX objects in stixobjects array from request.",
+          "type": "integer"
+        },
+        "validationErrorMessages": {
+          "description": "List of validation errors for a single STIX object.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      }
+    },
+    "ErrorResponseBody": {
+      "description": "The definition of an error object.",
+      "required": [
+        "error"
+      ],
+      "type": "object",
+      "properties": {
+        "error": {
+          "$ref": "#/definitions/ErrorData"
+        }
+      }
+    },
+    "ErrorData": {
+      "description": "Detailed information about the errors from the operation.",
+      "type": "object",
+      "required": [
+        "code",
+        "message"
+      ],
+      "properties": {
+        "code": {
+          "description": "Server defined code for the error",
+          "type": "string"
+        },
+        "message": {
+          "description": "Error message",
+          "type": "string"
+        }
+      }
+    }
+  },
+  "parameters": {
+    "ApiVersionParameter": {
+      "in": "query",
+      "name": "api-version",
+      "description": "The api-version for operation",
+      "required": true,
+      "type": "string",
+      "x-ms-parameter-location": "method"
+    }
+  },
+  "securityDefinitions": {
+    "azure_auth": {
+      "type": "oauth2",
+      "flow": "implicit",
+      "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
+      "scopes": {
+        "user_impersonation": "impersonate your user account"
+      },
+      "description": "Azure Active Directory OAuth2 Flow"
+    }
+  }
+}