attribute folder, add queryBased + nrt data models

.script/tests/detectionTemplateSchemaValidation/Models/AlertRuleKind.cs

@@ -0,0 +1,17 @@
+
+
+namespace Microsoft.Azure.Sentinel.Analytics.Management.AnalyticsTemplatesService.Interface.Model
+{
+    public enum AlertRuleKind
+    {
+        Undefined = 0,
+        Scheduled = 1,
+        BlackBox = 2,
+        Fusion = 4,
+        MLBehaviorAnalytics = 5,
+        MicrosoftSecurityIncidentCreation = 6,
+        ThreatIntelligence = 7,
+        Anomaly = 8,
+        NRT = 9
+    }
+}

.script/tests/detectionTemplateSchemaValidation/Models/AnalyticsTemplateInternalModelBase.cs

@@ -15,6 +15,9 @@ namespace Microsoft.Azure.Sentinel.Analytics.Management.AnalyticsTemplatesServic
         [JsonProperty("id", Required = Required.Always)]
         public Guid Id { get; set; }
 
+        [JsonProperty("kind", Required = Required.Always)]
+        public AlertRuleKind Kind { get; set; }
+
         [JsonProperty("name", Required = Required.Always)]
         [StringLength(256)]
         public string DisplayName { get; set; }

.script/tests/detectionTemplateSchemaValidation/Models/NrtTemplateInternalModel.cs

@@ -0,0 +1,8 @@
+
+
+namespace Microsoft.Azure.Sentinel.Analytics.Management.AnalyticsTemplatesService.Interface.Model
+{
+    public class NrtTemplateInternalModel : QueryBasedTemplateInternalModel
+    {
+    }
+}

.script/tests/detectionTemplateSchemaValidation/Models/QueryBasedTemplateInternalModel.cs

@@ -0,0 +1,44 @@
+using Microsoft.Azure.Sentinel.Analytics.Management.AnalyticsManagement.Contracts.Model.ARM;
+using Microsoft.Azure.Sentinel.Analytics.Management.AnalyticsManagement.Contracts.Model.ARM.ModelValidation;
+using Newtonsoft.Json;
+using System;
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+using System.Text;
+
+namespace Microsoft.Azure.Sentinel.Analytics.Management.AnalyticsTemplatesService.Interface.Model
+{
+    public class QueryBasedTemplateInternalModel : AnalyticsTemplateInternalModelBase
+    {
+        [JsonProperty("severity", Required = Required.Always)]
+        public Severity Severity { get; set; }
+
+        [JsonProperty("query", Required = Required.Always)]
+        [StringLength(10000, MinimumLength = 1)]
+        public string Query { get; set; }
+
+        [JsonProperty("customDetails", Required = Required.Default, NullValueHandling = NullValueHandling.Ignore)]
+        [DictionaryLength(20)]
+        [DictionaryMaxKeyAndValueLengths(maxKeyLength: 20, maxValueLength: 500)] // 500 is the max length of a column name in LA
+        [DictionaryKeyMatchesRegex("^[a-zA-Z]+\\w*$")] // The custom field key must start with an English letter and contain only alphanumeric characters (i.e. [a-zA-Z0-9_])
+        [DictionaryValueMatchesRegex("^[a-zA-Z_]+\\w*$")] // The custom field value must start with an English letter or an underscore and contain only alphanumeric characters (i.e. [a-zA-Z0-9_])
+        public Dictionary<string, string> CustomDetails { get; set; }
+
+        [JsonProperty("entityMappings", Required = Required.Default, NullValueHandling = NullValueHandling.Ignore)]
+        [ValidEntityMappings(entityMappingsMinLength: 1, entityMappingsMaxLength: 5, fieldMappingsMinLength: 1, fieldMappingsMaxLength: 3)]
+        public List<EntityMapping> EntityMappings { get; set; }
+
+        [JsonProperty("version", Required = Required.Default)]
+        [StringLength(20)] //Version should be quite short (for example "1.2.2")
+        [QueryBasedTemplateVersionValidator]
+        public string Version { get; set; }
+    }
+
+    public enum Severity
+    {
+        Informational = 0,
+        Low = 1,
+        Medium = 2,
+        High = 3
+    }
+}

.script/tests/detectionTemplateSchemaValidation/Models/ScheduledTemplateInternalModel.cs

@@ -11,23 +11,11 @@ namespace Microsoft.Azure.Sentinel.Analytics.Management.AnalyticsTemplatesServic
     [PeriodGreaterThanOrEqualFrequency]
     [FrequencyLimitationForLongPeriodQuery]
     [NewEntityMappings]
-    public class ScheduledTemplateInternalModel : AnalyticsTemplateInternalModelBase
+    public class ScheduledTemplateInternalModel : QueryBasedTemplateInternalModel
     {
         [JsonProperty("requiredDataConnectors", Required = Required.Always)]
         public override List<DataConnectorInternalModel> RequiredDataConnectors { get; set; }
 
-        [JsonProperty("severity", Required = Required.Always)]
-        public Severity Severity { get; set; }
-
-        [JsonProperty("query", Required = Required.Always)]
-        [StringLength(10000, MinimumLength = 1)]
-        public string Query { get; set; }
-
-        [JsonProperty("version", Required = Required.Always)]
-        [StringLength(20)] //Version should be quite short (for example "1.2.2")
-        [QueryBasedTemplateVersionValidator]
-        public string Version { get; set; }
-
         [JsonProperty("queryFrequency", Required = Required.Always)]
         [JsonConverter(typeof(ScheduledTemplateTimeSpanConverter))]
         [RangeTimeSpanIsoFormat("00:05:00", "14.00:00:00")]
@@ -46,26 +34,6 @@ namespace Microsoft.Azure.Sentinel.Analytics.Management.AnalyticsTemplatesServic
         [Range(0, 10000)]
         public int TriggerThreshold { get; set; }
 
-        [JsonProperty("customDetails", Required = Required.Default, NullValueHandling = NullValueHandling.Ignore)]
-        [DictionaryLength(20)]
-        [DictionaryMaxKeyAndValueLengths(maxKeyLength: 20, maxValueLength: 500)] // 500 is the max length of a column name in LA
-        [DictionaryKeyMatchesRegex("^[a-zA-Z]+\\w*$")] // The custom field key must start with an English letter and contain only alphanumeric characters (i.e. [a-zA-Z0-9_])
-        [DictionaryValueMatchesRegex("^[a-zA-Z_]+\\w*$")] // The custom field value must start with an English letter or an underscore and contain only alphanumeric characters (i.e. [a-zA-Z0-9_])
-        public Dictionary<string, string> CustomDetails { get; set; }
-
-        [JsonProperty("entityMappings", Required = Required.Default, NullValueHandling = NullValueHandling.Ignore)]
-        [ValidEntityMappings(entityMappingsMinLength: 1, entityMappingsMaxLength: 5, fieldMappingsMinLength: 1, fieldMappingsMaxLength: 3)]
-        public List<EntityMapping> EntityMappings { get; set; }
-    }
-
-    public enum Severity
-    {
-        Informational = 0,
-        Low = 1,
-        Medium = 2,
-        High = 3
-    }
-
     public enum AlertTriggerOperator
     {
         GreaterThan,