add eventGroupingSettings to ScheduledAlertRuleCommonProperties (#10416)

Author: oshvartz

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json

@@ -7521,10 +7521,35 @@
         "triggerThreshold": {
           "description": "The threshold triggers this alert rule.",
           "type": "integer"
+        },
+        "eventGroupingSettings": {
+          "$ref": "#/definitions/EventGroupingSettings",
+          "description": "The event grouping settings."
         }
       },
       "type": "object"
     },
+    "EventGroupingSettings": {
+      "description": "Event grouping settings property bag.",
+      "properties": {
+        "aggregationKind": {
+          "$ref": "#/definitions/EventGroupingAggregationKind"
+        }
+      },
+      "type": "object"
+    },
+    "EventGroupingAggregationKind": {
+      "description": "The event grouping aggregation kinds",
+      "enum": [
+        "SingleAlert",
+        "AlertPerResult"
+      ],
+      "type": "string",
+      "x-ms-enum": {
+        "modelAsString": true,
+        "name": "EventGroupingAggregationKind"
+      }
+    },
     "ScheduledAlertRuleProperties": {
       "allOf": [
         {

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json

@@ -23,6 +23,9 @@
           "triggerThreshold": 0,
           "displayName": "Changes to Amazon VPC settings",
           "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/",
+          "eventGroupingSettings": {
+            "aggregationKind": "AlertPerResult"
+          },
           "tactics": [
             "PrivilegeEscalation",
             "LateralMovement"

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/CreateScheduledAlertRule.json

@@ -25,6 +25,9 @@
         "triggerThreshold": 0,
         "suppressionDuration": "PT1H",
         "suppressionEnabled": false,
+        "eventGroupingSettings": {
+          "aggregationKind": "AlertPerResult"
+        },
         "incidentConfiguration": {
           "createIncident": true,
           "groupingConfiguration": {
@@ -67,6 +70,9 @@
           "suppressionDuration": "PT1H",
           "suppressionEnabled": false,
           "lastModifiedUtc": "2019-01-01T13:15:30Z",
+          "eventGroupingSettings": {
+            "aggregationKind": "AlertPerResult"
+          },
           "incidentConfiguration": {
             "createIncident": true,
             "groupingConfiguration": {

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetAllAlertRules.json

@@ -34,6 +34,9 @@
               "suppressionDuration": "PT1H",
               "suppressionEnabled": false,
               "lastModifiedUtc": "2019-01-01T13:15:30Z",
+              "eventGroupingSettings": {
+                "aggregationKind": "AlertPerResult"
+              },
               "incidentConfiguration": {
                 "createIncident": true,
                 "groupingConfiguration": {

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/alertRules/GetScheduledAlertRule.json

@@ -33,6 +33,9 @@
           "suppressionDuration": "PT1H",
           "suppressionEnabled": false,
           "lastModifiedUtc": "2019-01-01T13:15:30Z",
+          "eventGroupingSettings": {
+            "aggregationKind": "AlertPerResult"
+          },
           "incidentConfiguration": {
             "createIncident": true,
             "groupingConfiguration": {