Microsoft.SecurityInsights bookmarks 2022-01-01-preview
- Latest
- 2023-02-01-preview
- 2022-12-01-preview
- 2022-11-01
- 2022-11-01-preview
- 2022-10-01-preview
- 2022-09-01-preview
- 2022-08-01
- 2022-08-01-preview
- 2022-07-01-preview
- 2022-06-01-preview
- 2022-05-01-preview
- 2022-04-01-preview
- 2022-01-01-preview
- 2021-10-01
- 2021-10-01-preview
- 2021-09-01-preview
- 2020-01-01
- 2019-01-01-preview
Bicep resource definition
The bookmarks resource type is an extension resource, which means you can apply it to another resource.
Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep.
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.SecurityInsights/bookmarks resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.SecurityInsights/bookmarks@2022-01-01-preview' = {
name: 'string'
scope: resourceSymbolicName
etag: 'string'
properties: {
created: 'string'
createdBy: {
objectId: 'string'
}
displayName: 'string'
entityMappings: [
{
entityType: 'string'
fieldMappings: [
{
identifier: 'string'
value: 'string'
}
]
}
]
eventTime: 'string'
incidentInfo: {
incidentId: 'string'
relationName: 'string'
severity: 'string'
title: 'string'
}
labels: [
'string'
]
notes: 'string'
query: 'string'
queryEndTime: 'string'
queryResult: 'string'
queryStartTime: 'string'
tactics: [
'string'
]
techniques: [
'string'
]
updated: 'string'
updatedBy: {
objectId: 'string'
}
}
}
Property values
bookmarks
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For Bicep, set this property to the symbolic name of the resource to apply the extension resource. |
| etag | Etag of the azure resource | string |
| properties | Bookmark properties | BookmarkProperties |
BookmarkProperties
| Name | Description | Value |
|---|---|---|
| created | The time the bookmark was created | string |
| createdBy | Describes a user that created the bookmark | UserInfo |
| displayName | The display name of the bookmark | string (required) |
| entityMappings | Describes the entity mappings of the bookmark | BookmarkEntityMappings[] |
| eventTime | The bookmark event time | string |
| incidentInfo | Describes an incident that relates to bookmark | IncidentInfo |
| labels | List of labels relevant to this bookmark | string[] |
| notes | The notes of the bookmark | string |
| query | The query of the bookmark. | string (required) |
| queryEndTime | The end time for the query | string |
| queryResult | The query result of the bookmark. | string |
| queryStartTime | The start time for the query | string |
| tactics | A list of relevant mitre attacks | String array containing any of: 'Collection' 'CommandAndControl' 'CredentialAccess' 'DefenseEvasion' 'Discovery' 'Execution' 'Exfiltration' 'Impact' 'ImpairProcessControl' 'InhibitResponseFunction' 'InitialAccess' 'LateralMovement' 'Persistence' 'PreAttack' 'PrivilegeEscalation' 'Reconnaissance' 'ResourceDevelopment' |
| techniques | A list of relevant mitre techniques | string[] |
| updated | The last time the bookmark was updated | string |
| updatedBy | Describes a user that updated the bookmark | UserInfo |
UserInfo
| Name | Description | Value |
|---|---|---|
| objectId | The object id of the user. | string |
BookmarkEntityMappings
| Name | Description | Value |
|---|---|---|
| entityType | The entity type | string |
| fieldMappings | Array of fields mapping for that entity type | EntityFieldMapping[] |
EntityFieldMapping
| Name | Description | Value |
|---|---|---|
| identifier | Alert V3 identifier | string |
| value | The value of the identifier | string |
IncidentInfo
| Name | Description | Value |
|---|---|---|
| incidentId | Incident Id | string |
| relationName | Relation Name | string |
| severity | The severity of the incident | 'High' 'Informational' 'Low' 'Medium' |
| title | The title of the incident | string |
ARM template resource definition
The bookmarks resource type is an extension resource, which means you can apply it to another resource.
Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.SecurityInsights/bookmarks resource, add the following JSON to your template.
{
"type": "Microsoft.SecurityInsights/bookmarks",
"apiVersion": "2022-01-01-preview",
"name": "string",
"scope": "string",
"etag": "string",
"properties": {
"created": "string",
"createdBy": {
"objectId": "string"
},
"displayName": "string",
"entityMappings": [
{
"entityType": "string",
"fieldMappings": [
{
"identifier": "string",
"value": "string"
}
]
}
],
"eventTime": "string",
"incidentInfo": {
"incidentId": "string",
"relationName": "string",
"severity": "string",
"title": "string"
},
"labels": [ "string" ],
"notes": "string",
"query": "string",
"queryEndTime": "string",
"queryResult": "string",
"queryStartTime": "string",
"tactics": [ "string" ],
"techniques": [ "string" ],
"updated": "string",
"updatedBy": {
"objectId": "string"
}
}
}
Property values
bookmarks
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.SecurityInsights/bookmarks' |
| apiVersion | The resource api version | '2022-01-01-preview' |
| name | The resource name | string (required) |
| scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For JSON, set the value to the full name of the resource to apply the extension resource to. |
| etag | Etag of the azure resource | string |
| properties | Bookmark properties | BookmarkProperties |
BookmarkProperties
| Name | Description | Value |
|---|---|---|
| created | The time the bookmark was created | string |
| createdBy | Describes a user that created the bookmark | UserInfo |
| displayName | The display name of the bookmark | string (required) |
| entityMappings | Describes the entity mappings of the bookmark | BookmarkEntityMappings[] |
| eventTime | The bookmark event time | string |
| incidentInfo | Describes an incident that relates to bookmark | IncidentInfo |
| labels | List of labels relevant to this bookmark | string[] |
| notes | The notes of the bookmark | string |
| query | The query of the bookmark. | string (required) |
| queryEndTime | The end time for the query | string |
| queryResult | The query result of the bookmark. | string |
| queryStartTime | The start time for the query | string |
| tactics | A list of relevant mitre attacks | String array containing any of: 'Collection' 'CommandAndControl' 'CredentialAccess' 'DefenseEvasion' 'Discovery' 'Execution' 'Exfiltration' 'Impact' 'ImpairProcessControl' 'InhibitResponseFunction' 'InitialAccess' 'LateralMovement' 'Persistence' 'PreAttack' 'PrivilegeEscalation' 'Reconnaissance' 'ResourceDevelopment' |
| techniques | A list of relevant mitre techniques | string[] |
| updated | The last time the bookmark was updated | string |
| updatedBy | Describes a user that updated the bookmark | UserInfo |
UserInfo
| Name | Description | Value |
|---|---|---|
| objectId | The object id of the user. | string |
BookmarkEntityMappings
| Name | Description | Value |
|---|---|---|
| entityType | The entity type | string |
| fieldMappings | Array of fields mapping for that entity type | EntityFieldMapping[] |
EntityFieldMapping
| Name | Description | Value |
|---|---|---|
| identifier | Alert V3 identifier | string |
| value | The value of the identifier | string |
IncidentInfo
| Name | Description | Value |
|---|---|---|
| incidentId | Incident Id | string |
| relationName | Relation Name | string |
| severity | The severity of the incident | 'High' 'Informational' 'Low' 'Medium' |
| title | The title of the incident | string |
Terraform (AzAPI provider) resource definition
The bookmarks resource type is an extension resource, which means you can apply it to another resource.
Use the parent_id property on this resource to set the scope for this resource.
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.SecurityInsights/bookmarks resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.SecurityInsights/bookmarks@2022-01-01-preview"
name = "string"
parent_id = "string"
body = jsonencode({
properties = {
created = "string"
createdBy = {
objectId = "string"
}
displayName = "string"
entityMappings = [
{
entityType = "string"
fieldMappings = [
{
identifier = "string"
value = "string"
}
]
}
]
eventTime = "string"
incidentInfo = {
incidentId = "string"
relationName = "string"
severity = "string"
title = "string"
}
labels = [
"string"
]
notes = "string"
query = "string"
queryEndTime = "string"
queryResult = "string"
queryStartTime = "string"
tactics = [
"string"
]
techniques = [
"string"
]
updated = "string"
updatedBy = {
objectId = "string"
}
}
etag = "string"
})
}
Property values
bookmarks
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.SecurityInsights/bookmarks@2022-01-01-preview" |
| name | The resource name | string (required) |
| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
| etag | Etag of the azure resource | string |
| properties | Bookmark properties | BookmarkProperties |
BookmarkProperties
| Name | Description | Value |
|---|---|---|
| created | The time the bookmark was created | string |
| createdBy | Describes a user that created the bookmark | UserInfo |
| displayName | The display name of the bookmark | string (required) |
| entityMappings | Describes the entity mappings of the bookmark | BookmarkEntityMappings[] |
| eventTime | The bookmark event time | string |
| incidentInfo | Describes an incident that relates to bookmark | IncidentInfo |
| labels | List of labels relevant to this bookmark | string[] |
| notes | The notes of the bookmark | string |
| query | The query of the bookmark. | string (required) |
| queryEndTime | The end time for the query | string |
| queryResult | The query result of the bookmark. | string |
| queryStartTime | The start time for the query | string |
| tactics | A list of relevant mitre attacks | String array containing any of: "Collection" "CommandAndControl" "CredentialAccess" "DefenseEvasion" "Discovery" "Execution" "Exfiltration" "Impact" "ImpairProcessControl" "InhibitResponseFunction" "InitialAccess" "LateralMovement" "Persistence" "PreAttack" "PrivilegeEscalation" "Reconnaissance" "ResourceDevelopment" |
| techniques | A list of relevant mitre techniques | string[] |
| updated | The last time the bookmark was updated | string |
| updatedBy | Describes a user that updated the bookmark | UserInfo |
UserInfo
| Name | Description | Value |
|---|---|---|
| objectId | The object id of the user. | string |
BookmarkEntityMappings
| Name | Description | Value |
|---|---|---|
| entityType | The entity type | string |
| fieldMappings | Array of fields mapping for that entity type | EntityFieldMapping[] |
EntityFieldMapping
| Name | Description | Value |
|---|---|---|
| identifier | Alert V3 identifier | string |
| value | The value of the identifier | string |
IncidentInfo
| Name | Description | Value |
|---|---|---|
| incidentId | Incident Id | string |
| relationName | Relation Name | string |
| severity | The severity of the incident | "High" "Informational" "Low" "Medium" |
| title | The title of the incident | string |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for