{"files":{"SKILL.md":"---\nname: security-insights\ndescription: \"Security Insights API skill. Use when working with Security Insights for providers, subscriptions. Covers 8 endpoints.\"\nversion: 1.0.0\ngenerator: lapsh\n---\n\n# Security Insights\nAPI version: 2020-01-01\n\n## Auth\nOAuth2\n\n## Base URL\nhttps://management.azure.com\n\n## Setup\n1. Configure auth: OAuth2\n2. GET /providers/Microsoft.SecurityInsights/operations -- lists all operations available azure security insights resource provider.\n3. Explore available endpoints below\n\n## Endpoints\n8 endpoints across 2 groups. See references/api-spec.lap for full details.\n\n### Providers\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /providers/Microsoft.SecurityInsights/operations | Lists all operations available Azure Security Insights Resource Provider. |\n\n### Subscriptions\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents | Gets all incidents. |\n| GET | /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId} | Gets an incident. |\n| PUT | /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId} | Creates or updates the incident. |\n| DELETE | /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId} | Delete the incident. |\n| GET | /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments | Gets all incident comments. |\n| GET | /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId} | Gets an incident comment. |\n| PUT | /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId} | Creates the incident comment. |\n\n## Common Questions\nMatch user requests to endpoints in references/api-spec.lap. Key patterns:\n- \"List all operations?\" -> GET /providers/Microsoft.SecurityInsights/operations\n- \"List all incidents?\" -> GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents\n- \"Get incident details?\" -> GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}\n- \"Update a incident?\" -> PUT /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}\n- \"Delete a incident?\" -> DELETE /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}\n- \"List all comments?\" -> GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments\n- \"Get comment details?\" -> GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}\n- \"Update a comment?\" -> PUT /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}\n- \"How to authenticate?\" -> See Auth section above\n\n## Response Tips\n- Check response schemas in references/api-spec.lap for field details\n- Create/update endpoints return the modified resource on success\n\n## References\n- Full spec: See references/api-spec.lap for complete endpoint details, parameter tables, and response schemas\n\n> Generated from the official API spec by [LAP](https://lap.sh)\n","references/api-spec.lap":"@lap v0.3\n# Machine-readable API spec. Each @endpoint block is one API call.\n@api Security Insights\n@base https://management.azure.com\n@version 2020-01-01\n@auth OAuth2\n@common_fields {api-version: any # API version for the operation}\n@endpoints 8\n@toc providers(1), subscriptions(7)\n\n@group providers\n@endpoint GET /providers/Microsoft.SecurityInsights/operations\n@desc Lists all operations available Azure Security Insights Resource Provider.\n@returns(200) OK. Successfully retrieved operations list.\n\n@endgroup\n\n@group subscriptions\n@endpoint GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents\n@desc Gets all incidents.\n@required {subscriptionId: any # Azure subscription ID, resourceGroupName: any # The name of the resource group within the user's subscription. The name is case insensitive., workspaceName: any # The name of the workspace.}\n@optional {$filter: any # Filters the results, based on a Boolean condition. Optional., $orderby: any # Sorts the results. Optional., $top: any # Returns only the first n results. Optional., $skipToken: any # Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.}\n@returns(200) OK, Operation successfully completed\n\n@endpoint GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}\n@desc Gets an incident.\n@required {subscriptionId: any # Azure subscription ID, resourceGroupName: any # The name of the resource group within the user's subscription. The name is case insensitive., workspaceName: any # The name of the workspace., incidentId: any # Incident ID}\n@returns(200) OK, Operation successfully completed\n\n@endpoint PUT /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}\n@desc Creates or updates the incident.\n@required {subscriptionId: any # Azure subscription ID, resourceGroupName: any # The name of the resource group within the user's subscription. The name is case insensitive., workspaceName: any # The name of the workspace., incidentId: any # Incident ID, incident: map # The incident}\n@returns(200) OK, Operation successfully completed\n@returns(201) Created\n\n@endpoint DELETE /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}\n@desc Delete the incident.\n@required {subscriptionId: any # Azure subscription ID, resourceGroupName: any # The name of the resource group within the user's subscription. The name is case insensitive., workspaceName: any # The name of the workspace., incidentId: any # Incident ID}\n@returns(200) OK, Operation successfully completed\n@returns(204) No Content\n\n@endpoint GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments\n@desc Gets all incident comments.\n@required {subscriptionId: any # Azure subscription ID, resourceGroupName: any # The name of the resource group within the user's subscription. The name is case insensitive., workspaceName: any # The name of the workspace., incidentId: any # Incident ID}\n@optional {$filter: any # Filters the results, based on a Boolean condition. Optional., $orderby: any # Sorts the results. Optional., $top: any # Returns only the first n results. Optional., $skipToken: any # Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.}\n@returns(200) OK, Operation successfully completed\n\n@endpoint GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}\n@desc Gets an incident comment.\n@required {subscriptionId: any # Azure subscription ID, resourceGroupName: any # The name of the resource group within the user's subscription. The name is case insensitive., workspaceName: any # The name of the workspace., incidentId: any # Incident ID, incidentCommentId: any # Incident comment ID}\n@returns(200) OK, Operation successfully completed\n\n@endpoint PUT /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}\n@desc Creates the incident comment.\n@required {subscriptionId: any # Azure subscription ID, resourceGroupName: any # The name of the resource group within the user's subscription. The name is case insensitive., workspaceName: any # The name of the workspace., incidentId: any # Incident ID, incidentCommentId: any # Incident comment ID, incidentComment: map # The incident comment}\n@returns(201) Created\n\n@endgroup\n\n@end\n"}}