From 20eca6a0e0d02d9b7e263e1cf40329a4c0266b2b Mon Sep 17 00:00:00 2001 From: ShaniFelig Date: Sun, 19 Sep 2021 14:24:00 +0300 Subject: [PATCH] attribute folder, add queryBased + nrt data models --- .../Models/AlertRuleKind.cs | 17 +++++++ .../AnalyticsTemplateInternalModelBase.cs | 3 ++ .../DictionaryKeyMatchesRegexAttribute.cs | 0 .../DictionaryLengthAttribute.cs | 0 ...ictionaryMaxKeyAndValueLengthsAttribute.cs | 0 .../DictionaryValueMatchesRegexAttribute.cs | 0 .../FrequencyLimitationForLongPeriodQuery.cs | 0 .../NewEntityMappingsAttribute.cs | 0 ...iodGreaterThanOrEqualFrequencyAttribute.cs | 0 .../QueryBasedTemplateVersionValidator.cs | 0 .../RangeTimeSpanIsoFormatAttribute.cs | 0 .../ValidEntityMappingsAttribute.cs | 0 .../Models/NrtTemplateInternalModel.cs | 8 ++++ .../Models/QueryBasedTemplateInternalModel.cs | 44 +++++++++++++++++++ .../Models/ScheduledTemplateInternalModel.cs | 34 +------------- 15 files changed, 73 insertions(+), 33 deletions(-) create mode 100644 .script/tests/detectionTemplateSchemaValidation/Models/AlertRuleKind.cs rename .script/tests/detectionTemplateSchemaValidation/Models/{ => ModelValidationAttributes}/DictionaryKeyMatchesRegexAttribute.cs (100%) rename .script/tests/detectionTemplateSchemaValidation/Models/{ => ModelValidationAttributes}/DictionaryLengthAttribute.cs (100%) rename .script/tests/detectionTemplateSchemaValidation/Models/{ => ModelValidationAttributes}/DictionaryMaxKeyAndValueLengthsAttribute.cs (100%) rename .script/tests/detectionTemplateSchemaValidation/Models/{ => ModelValidationAttributes}/DictionaryValueMatchesRegexAttribute.cs (100%) rename .script/tests/detectionTemplateSchemaValidation/Models/{ => ModelValidationAttributes}/FrequencyLimitationForLongPeriodQuery.cs (100%) rename .script/tests/detectionTemplateSchemaValidation/Models/{ => ModelValidationAttributes}/NewEntityMappingsAttribute.cs (100%) rename .script/tests/detectionTemplateSchemaValidation/Models/{ => ModelValidationAttributes}/PeriodGreaterThanOrEqualFrequencyAttribute.cs (100%) rename .script/tests/detectionTemplateSchemaValidation/Models/{ => ModelValidationAttributes}/QueryBasedTemplateVersionValidator.cs (100%) rename .script/tests/detectionTemplateSchemaValidation/Models/{ => ModelValidationAttributes}/RangeTimeSpanIsoFormatAttribute.cs (100%) rename .script/tests/detectionTemplateSchemaValidation/Models/{ => ModelValidationAttributes}/ValidEntityMappingsAttribute.cs (100%) create mode 100644 .script/tests/detectionTemplateSchemaValidation/Models/NrtTemplateInternalModel.cs create mode 100644 .script/tests/detectionTemplateSchemaValidation/Models/QueryBasedTemplateInternalModel.cs diff --git a/.script/tests/detectionTemplateSchemaValidation/Models/AlertRuleKind.cs b/.script/tests/detectionTemplateSchemaValidation/Models/AlertRuleKind.cs new file mode 100644 index 0000000000..9683de4865 --- /dev/null +++ b/.script/tests/detectionTemplateSchemaValidation/Models/AlertRuleKind.cs @@ -0,0 +1,17 @@ + + +namespace Microsoft.Azure.Sentinel.Analytics.Management.AnalyticsTemplatesService.Interface.Model +{ + public enum AlertRuleKind + { + Undefined = 0, + Scheduled = 1, + BlackBox = 2, + Fusion = 4, + MLBehaviorAnalytics = 5, + MicrosoftSecurityIncidentCreation = 6, + ThreatIntelligence = 7, + Anomaly = 8, + NRT = 9 + } +} diff --git a/.script/tests/detectionTemplateSchemaValidation/Models/AnalyticsTemplateInternalModelBase.cs b/.script/tests/detectionTemplateSchemaValidation/Models/AnalyticsTemplateInternalModelBase.cs index c9c0824344..402c61f800 100644 --- a/.script/tests/detectionTemplateSchemaValidation/Models/AnalyticsTemplateInternalModelBase.cs +++ b/.script/tests/detectionTemplateSchemaValidation/Models/AnalyticsTemplateInternalModelBase.cs @@ -15,6 +15,9 @@ namespace Microsoft.Azure.Sentinel.Analytics.Management.AnalyticsTemplatesServic [JsonProperty("id", Required = Required.Always)] public Guid Id { get; set; } + [JsonProperty("kind", Required = Required.Always)] + public AlertRuleKind Kind { get; set; } + [JsonProperty("name", Required = Required.Always)] [StringLength(256)] public string DisplayName { get; set; } diff --git a/.script/tests/detectionTemplateSchemaValidation/Models/DictionaryKeyMatchesRegexAttribute.cs b/.script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/DictionaryKeyMatchesRegexAttribute.cs similarity index 100% rename from .script/tests/detectionTemplateSchemaValidation/Models/DictionaryKeyMatchesRegexAttribute.cs rename to .script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/DictionaryKeyMatchesRegexAttribute.cs diff --git a/.script/tests/detectionTemplateSchemaValidation/Models/DictionaryLengthAttribute.cs b/.script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/DictionaryLengthAttribute.cs similarity index 100% rename from .script/tests/detectionTemplateSchemaValidation/Models/DictionaryLengthAttribute.cs rename to .script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/DictionaryLengthAttribute.cs diff --git a/.script/tests/detectionTemplateSchemaValidation/Models/DictionaryMaxKeyAndValueLengthsAttribute.cs b/.script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/DictionaryMaxKeyAndValueLengthsAttribute.cs similarity index 100% rename from .script/tests/detectionTemplateSchemaValidation/Models/DictionaryMaxKeyAndValueLengthsAttribute.cs rename to .script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/DictionaryMaxKeyAndValueLengthsAttribute.cs diff --git a/.script/tests/detectionTemplateSchemaValidation/Models/DictionaryValueMatchesRegexAttribute.cs b/.script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/DictionaryValueMatchesRegexAttribute.cs similarity index 100% rename from .script/tests/detectionTemplateSchemaValidation/Models/DictionaryValueMatchesRegexAttribute.cs rename to .script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/DictionaryValueMatchesRegexAttribute.cs diff --git a/.script/tests/detectionTemplateSchemaValidation/Models/FrequencyLimitationForLongPeriodQuery.cs b/.script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/FrequencyLimitationForLongPeriodQuery.cs similarity index 100% rename from .script/tests/detectionTemplateSchemaValidation/Models/FrequencyLimitationForLongPeriodQuery.cs rename to .script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/FrequencyLimitationForLongPeriodQuery.cs diff --git a/.script/tests/detectionTemplateSchemaValidation/Models/NewEntityMappingsAttribute.cs b/.script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/NewEntityMappingsAttribute.cs similarity index 100% rename from .script/tests/detectionTemplateSchemaValidation/Models/NewEntityMappingsAttribute.cs rename to .script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/NewEntityMappingsAttribute.cs diff --git a/.script/tests/detectionTemplateSchemaValidation/Models/PeriodGreaterThanOrEqualFrequencyAttribute.cs b/.script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/PeriodGreaterThanOrEqualFrequencyAttribute.cs similarity index 100% rename from .script/tests/detectionTemplateSchemaValidation/Models/PeriodGreaterThanOrEqualFrequencyAttribute.cs rename to .script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/PeriodGreaterThanOrEqualFrequencyAttribute.cs diff --git a/.script/tests/detectionTemplateSchemaValidation/Models/QueryBasedTemplateVersionValidator.cs b/.script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/QueryBasedTemplateVersionValidator.cs similarity index 100% rename from .script/tests/detectionTemplateSchemaValidation/Models/QueryBasedTemplateVersionValidator.cs rename to .script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/QueryBasedTemplateVersionValidator.cs diff --git a/.script/tests/detectionTemplateSchemaValidation/Models/RangeTimeSpanIsoFormatAttribute.cs b/.script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/RangeTimeSpanIsoFormatAttribute.cs similarity index 100% rename from .script/tests/detectionTemplateSchemaValidation/Models/RangeTimeSpanIsoFormatAttribute.cs rename to .script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/RangeTimeSpanIsoFormatAttribute.cs diff --git a/.script/tests/detectionTemplateSchemaValidation/Models/ValidEntityMappingsAttribute.cs b/.script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/ValidEntityMappingsAttribute.cs similarity index 100% rename from .script/tests/detectionTemplateSchemaValidation/Models/ValidEntityMappingsAttribute.cs rename to .script/tests/detectionTemplateSchemaValidation/Models/ModelValidationAttributes/ValidEntityMappingsAttribute.cs diff --git a/.script/tests/detectionTemplateSchemaValidation/Models/NrtTemplateInternalModel.cs b/.script/tests/detectionTemplateSchemaValidation/Models/NrtTemplateInternalModel.cs new file mode 100644 index 0000000000..67b1cdd9d7 --- /dev/null +++ b/.script/tests/detectionTemplateSchemaValidation/Models/NrtTemplateInternalModel.cs @@ -0,0 +1,8 @@ + + +namespace Microsoft.Azure.Sentinel.Analytics.Management.AnalyticsTemplatesService.Interface.Model +{ + public class NrtTemplateInternalModel : QueryBasedTemplateInternalModel + { + } +} diff --git a/.script/tests/detectionTemplateSchemaValidation/Models/QueryBasedTemplateInternalModel.cs b/.script/tests/detectionTemplateSchemaValidation/Models/QueryBasedTemplateInternalModel.cs new file mode 100644 index 0000000000..483699da4e --- /dev/null +++ b/.script/tests/detectionTemplateSchemaValidation/Models/QueryBasedTemplateInternalModel.cs @@ -0,0 +1,44 @@ +using Microsoft.Azure.Sentinel.Analytics.Management.AnalyticsManagement.Contracts.Model.ARM; +using Microsoft.Azure.Sentinel.Analytics.Management.AnalyticsManagement.Contracts.Model.ARM.ModelValidation; +using Newtonsoft.Json; +using System; +using System.Collections.Generic; +using System.ComponentModel.DataAnnotations; +using System.Text; + +namespace Microsoft.Azure.Sentinel.Analytics.Management.AnalyticsTemplatesService.Interface.Model +{ + public class QueryBasedTemplateInternalModel : AnalyticsTemplateInternalModelBase + { + [JsonProperty("severity", Required = Required.Always)] + public Severity Severity { get; set; } + + [JsonProperty("query", Required = Required.Always)] + [StringLength(10000, MinimumLength = 1)] + public string Query { get; set; } + + [JsonProperty("customDetails", Required = Required.Default, NullValueHandling = NullValueHandling.Ignore)] + [DictionaryLength(20)] + [DictionaryMaxKeyAndValueLengths(maxKeyLength: 20, maxValueLength: 500)] // 500 is the max length of a column name in LA + [DictionaryKeyMatchesRegex("^[a-zA-Z]+\\w*$")] // The custom field key must start with an English letter and contain only alphanumeric characters (i.e. [a-zA-Z0-9_]) + [DictionaryValueMatchesRegex("^[a-zA-Z_]+\\w*$")] // The custom field value must start with an English letter or an underscore and contain only alphanumeric characters (i.e. [a-zA-Z0-9_]) + public Dictionary CustomDetails { get; set; } + + [JsonProperty("entityMappings", Required = Required.Default, NullValueHandling = NullValueHandling.Ignore)] + [ValidEntityMappings(entityMappingsMinLength: 1, entityMappingsMaxLength: 5, fieldMappingsMinLength: 1, fieldMappingsMaxLength: 3)] + public List EntityMappings { get; set; } + + [JsonProperty("version", Required = Required.Default)] + [StringLength(20)] //Version should be quite short (for example "1.2.2") + [QueryBasedTemplateVersionValidator] + public string Version { get; set; } + } + + public enum Severity + { + Informational = 0, + Low = 1, + Medium = 2, + High = 3 + } +} diff --git a/.script/tests/detectionTemplateSchemaValidation/Models/ScheduledTemplateInternalModel.cs b/.script/tests/detectionTemplateSchemaValidation/Models/ScheduledTemplateInternalModel.cs index 70c833403e..fbcc41e857 100644 --- a/.script/tests/detectionTemplateSchemaValidation/Models/ScheduledTemplateInternalModel.cs +++ b/.script/tests/detectionTemplateSchemaValidation/Models/ScheduledTemplateInternalModel.cs @@ -11,23 +11,11 @@ namespace Microsoft.Azure.Sentinel.Analytics.Management.AnalyticsTemplatesServic [PeriodGreaterThanOrEqualFrequency] [FrequencyLimitationForLongPeriodQuery] [NewEntityMappings] - public class ScheduledTemplateInternalModel : AnalyticsTemplateInternalModelBase + public class ScheduledTemplateInternalModel : QueryBasedTemplateInternalModel { [JsonProperty("requiredDataConnectors", Required = Required.Always)] public override List RequiredDataConnectors { get; set; } - [JsonProperty("severity", Required = Required.Always)] - public Severity Severity { get; set; } - - [JsonProperty("query", Required = Required.Always)] - [StringLength(10000, MinimumLength = 1)] - public string Query { get; set; } - - [JsonProperty("version", Required = Required.Always)] - [StringLength(20)] //Version should be quite short (for example "1.2.2") - [QueryBasedTemplateVersionValidator] - public string Version { get; set; } - [JsonProperty("queryFrequency", Required = Required.Always)] [JsonConverter(typeof(ScheduledTemplateTimeSpanConverter))] [RangeTimeSpanIsoFormat("00:05:00", "14.00:00:00")] @@ -46,26 +34,6 @@ namespace Microsoft.Azure.Sentinel.Analytics.Management.AnalyticsTemplatesServic [Range(0, 10000)] public int TriggerThreshold { get; set; } - [JsonProperty("customDetails", Required = Required.Default, NullValueHandling = NullValueHandling.Ignore)] - [DictionaryLength(20)] - [DictionaryMaxKeyAndValueLengths(maxKeyLength: 20, maxValueLength: 500)] // 500 is the max length of a column name in LA - [DictionaryKeyMatchesRegex("^[a-zA-Z]+\\w*$")] // The custom field key must start with an English letter and contain only alphanumeric characters (i.e. [a-zA-Z0-9_]) - [DictionaryValueMatchesRegex("^[a-zA-Z_]+\\w*$")] // The custom field value must start with an English letter or an underscore and contain only alphanumeric characters (i.e. [a-zA-Z0-9_]) - public Dictionary CustomDetails { get; set; } - - [JsonProperty("entityMappings", Required = Required.Default, NullValueHandling = NullValueHandling.Ignore)] - [ValidEntityMappings(entityMappingsMinLength: 1, entityMappingsMaxLength: 5, fieldMappingsMinLength: 1, fieldMappingsMaxLength: 3)] - public List EntityMappings { get; set; } - } - - public enum Severity - { - Informational = 0, - Low = 1, - Medium = 2, - High = 3 - } - public enum AlertTriggerOperator { GreaterThan,