Add SubAssessment event source type and edit automations PUT examples (#10454)

Author: surashed

specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json

@@ -158,8 +158,11 @@
       },
       "put": {
         "x-ms-examples": {
-          "Create or update a security automation": {
-            "$ref": "./examples/Automations/PutAutomation_example.json"
+          "Create or update a security automation for all assessments": {
+            "$ref": "./examples/Automations/PutAutomationAllAssessments_example.json"
+          },
+          "Create or update a security automation for all high severity assessments": {
+            "$ref": "./examples/Automations/PutAutomationHighSeverityAssessments_example.json"
           },
           "Disable or enable a security automation": {
             "$ref": "./examples/Automations/PutDisableAutomation_example.json"
@@ -373,6 +376,7 @@
           "description": "A valid event source type.",
           "enum": [
             "Assessments",
+            "SubAssessments",
             "Alerts"
           ],
           "x-ms-enum": {
@@ -382,6 +386,9 @@
               {
                 "value": "Assessments"
               },
+              {
+                "value": "SubAssessments"
+              },
               {
                 "value": "Alerts"
               }

specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json

@@ -0,0 +1,102 @@
+{
+  "parameters": {
+    "api-version": "2019-01-01-preview",
+    "subscriptionId": "a5caac9c-5c04-49af-b3d0-e204f40345d5",
+    "automationName": "exampleAutomation",
+    "resourceGroupName": "exampleResourceGroup",
+    "Automation": {
+      "location": "Central US",
+      "etag": "etag value (must be supplied for update)",
+      "tags": {},
+      "properties": {
+        "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment",
+        "isEnabled": true,
+        "scopes": [
+          {
+            "description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
+            "scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
+          }
+        ],
+        "sources": [
+          {
+            "eventSource": "Assessments",
+            "ruleSets": []
+          }
+        ],
+        "actions": [
+          {
+            "logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
+            "actionType": "LogicApp",
+            "uri": "https://exampleTriggerUri1.com"
+          }
+        ]
+      }
+    }
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation",
+        "name": "exampleAutomation",
+        "type": "Microsoft.Security/automations",
+        "location": "Central US",
+        "etag": "new etag value",
+        "tags": {},
+        "properties": {
+          "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment",
+          "isEnabled": true,
+          "scopes": [
+            {
+              "description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
+              "scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
+            }
+          ],
+          "sources": [
+            {
+              "eventSource": "Assessments",
+              "ruleSets": []
+            }
+          ],
+          "actions": [
+            {
+              "logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
+              "actionType": "LogicApp"
+            }
+          ]
+        }
+      }
+    },
+    "201": {
+      "body": {
+        "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/SecurityAutomations/exampleAutomation",
+        "name": "exampleAutomation",
+        "type": "Microsoft.Security/SecurityAutomations",
+        "location": "Central US",
+        "etag": "new etag value",
+        "tags": {},
+        "properties": {
+          "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment",
+          "isEnabled": true,
+          "scopes": [
+            {
+              "description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
+              "scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
+            }
+          ],
+          "sources": [
+            {
+              "eventSource": "Assessments",
+              "ruleSets": []
+            }
+          ],
+          "actions": [
+            {
+              "logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
+              "actionType": "LogicApp"
+            }
+          ]
+        }
+      }
+    }
+  }
+}

specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomation_example.json renamed to specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationHighSeverityAssessments_example.json

@@ -9,7 +9,7 @@
       "etag": "etag value (must be supplied for update)",
       "tags": {},
       "properties": {
-        "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment",
+        "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment",
         "isEnabled": true,
         "scopes": [
           {
@@ -24,9 +24,9 @@
               {
                 "rules": [
                   {
-                    "propertyJPath": "$.Entity.AssessmentType",
+                    "propertyJPath": "properties.metadata.severity",
                     "propertyType": "String",
-                    "expectedValue": "customAssessment",
+                    "expectedValue": "High",
                     "operator": "Equals"
                   }
                 ]
@@ -54,7 +54,7 @@
         "etag": "new etag value",
         "tags": {},
         "properties": {
-          "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment",
+          "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment",
           "isEnabled": true,
           "scopes": [
             {
@@ -69,9 +69,9 @@
                 {
                   "rules": [
                     {
-                      "propertyJPath": "$.Entity.AssessmentType",
+                      "propertyJPath": "properties.metadata.severity",
                       "propertyType": "String",
-                      "expectedValue": "customAssessment",
+                      "expectedValue": "High",
                       "operator": "Equals"
                     }
                   ]
@@ -97,7 +97,7 @@
         "etag": "new etag value",
         "tags": {},
         "properties": {
-          "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment",
+          "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment",
           "isEnabled": true,
           "scopes": [
             {
@@ -112,9 +112,9 @@
                 {
                   "rules": [
                     {
-                      "propertyJPath": "$.Entity.AssessmentType",
+                      "propertyJPath": "properties.metadata.severity",
                       "propertyType": "String",
-                      "expectedValue": "customAssessment",
+                      "expectedValue": "High",
                       "operator": "Equals"
                     }
                   ]

specification/security/resource-manager/common/v1/types.json

@@ -65,7 +65,7 @@
           "$ref": "#/definitions/Resource"
         },
         {
-          "$ref": "#/definitions/Location"
+          "$ref": "#/definitions/TrackedResourceLocation"
         },
         {
           "$ref": "#/definitions/Kind"
@@ -122,6 +122,16 @@
         }
       }
     },
+    "TrackedResourceLocation": {
+      "type": "object",
+      "description": "Describes an Azure resource with location",
+      "properties": {
+        "location": {
+          "type": "string",
+          "description": "Location where the resource is stored"
+        }
+      }
+    },
     "AscLocationList": {
       "type": "object",
       "description": "List of locations where ASC saves your data",