From 81c1b6ff1fdee2b301494c3c3bcb74ffeed38b45 Mon Sep 17 00:00:00 2001 From: Amit Singh Date: Thu, 24 Oct 2024 15:12:09 -0500 Subject: [PATCH 1/2] commit my changes --- ...lugin-Repo-CodeScanning-Specification.yaml | 118 ------------------ ...Repo-DependabotScanning-Specification.yaml | 67 ---------- ...gin-Repo-SecretScanning-Specification.yaml | 93 -------------- ...SecurityForAzureDevOpsPlugin-Manifest.yaml | 32 ----- 4 files changed, 310 deletions(-) delete mode 100644 Plugins/Community Based Plugins/GitHub Advanced Security Custom Plugin Scenarios/GitHubAdvancedSecurity-CustomPlugins/GitHubAdvancedSecurityPlugin-Repo-CodeScanning-Specification.yaml delete mode 100644 Plugins/Community Based Plugins/GitHub Advanced Security Custom Plugin Scenarios/GitHubAdvancedSecurity-CustomPlugins/GitHubAdvancedSecurityPlugin-Repo-DependabotScanning-Specification.yaml delete mode 100644 Plugins/Community Based Plugins/GitHub Advanced Security Custom Plugin Scenarios/GitHubAdvancedSecurity-CustomPlugins/GitHubAdvancedSecurityPlugin-Repo-SecretScanning-Specification.yaml delete mode 100644 Plugins/Community Based Plugins/GitHub Advanced Security Custom Plugin Scenarios/GitHubAdvancedSecurityForAzureDevOps-CustomPlugin/GitHubAdvancedSecurityForAzureDevOpsPlugin-Manifest.yaml diff --git a/Plugins/Community Based Plugins/GitHub Advanced Security Custom Plugin Scenarios/GitHubAdvancedSecurity-CustomPlugins/GitHubAdvancedSecurityPlugin-Repo-CodeScanning-Specification.yaml b/Plugins/Community Based Plugins/GitHub Advanced Security Custom Plugin Scenarios/GitHubAdvancedSecurity-CustomPlugins/GitHubAdvancedSecurityPlugin-Repo-CodeScanning-Specification.yaml deleted file mode 100644 index 3ac59a32..00000000 --- a/Plugins/Community Based Plugins/GitHub Advanced Security Custom Plugin Scenarios/GitHubAdvancedSecurity-CustomPlugins/GitHubAdvancedSecurityPlugin-Repo-CodeScanning-Specification.yaml +++ /dev/null @@ -1,118 +0,0 @@ -openapi: 3.0.0 - -info: - title: GitHub Advanced Security Code Scanning for GitHub Repositories - description: Skills to retrieve code scanning default settings and code scanning alerts for the default branch of a specific GitHub repository (repo). - These code scannings are executed by GitHub Advanced Security (GhAS). - version: "0.0.1" - -paths: - /{repo}/code-scanning/alerts: - get: - operationId: ListCodeScanningAlertsForARepository - summary: Lists the alerts produced as result of the code scanning executed by GitHub Advanced Security (GhAS) - Each alert is related to a specific code vulnerability found in one or more files in the repo. - In each alert listed in the response, the field named "tool" contains the name of the code scanning tool that raised the alert. - The field "most_recent_instance" contains the location (path, start line & column, end line & column) of the most recent instance of this alert in the default branch. - The field "rule" contains the logic that found the code vulnerability and triggered the alert; the most relevant attributes for this rule are its "description" and its "severity". - parameters: - - in: path - name: repo - schema: - type: string - required: true - - in: header - name: User-Agent - schema: - type: string - required: true - description: User-Agent (You can write any text here. This parameter is added as a temporary workaround to make the call succeed) - responses: - 200: - description: Successful authentication. - 401: - description: Unsuccessful authentication. - /{repo}/code-scanning/alerts/{alertnumber}: - get: - operationId: GetCodeScanningAlert - summary: Gets a single code scanning alert. - This alert is related to a specific code vulnerability found in one or more files in the repo. - In the response, the field named "tool" contains the name of the code scanning tool that raised the alert. - The field "most_recent_instance" contains the location (path of the file, start line & column, end line & column) of the most recent instance of this alert in the default branch. - The field "rule" contains the logic that found the code vulnerability and triggered the alert; the most relevant attributes for this rule are its "description" and its "severity". - parameters: - - in: path - name: repo - schema: - type: string - required: true - - in: path - name: alertnumber - schema: - type: string - required: true - - in: header - name: User-Agent - schema: - type: string - required: true - description: User-Agent (You can write any text here. This parameter is added as a temporary workaround to make the call succeed) - responses: - 200: - description: Successful authentication. - 401: - description: Unsuccessful authentication. - /{repo}/code-scanning/alerts/{alertnumber}/instances: - get: - operationId: GetCodeScanningAlertInstances - summary: Lists all instances of the specified code scanning alert. - This alert is related to a specific code vulnerability found in one or more files in the repo. - The response contain the list of the files (instances) containing this code vulnerability. - In each instance, the field "location" contains the "path" of the file, the start line & column and end line & column in that file. - parameters: - - in: path - name: repo - schema: - type: string - required: true - - in: path - name: alertnumber - schema: - type: string - required: true - - in: header - name: User-Agent - schema: - type: string - required: true - description: User-Agent (You can write any text here. This parameter is added as a temporary workaround to make the call succeed) - responses: - 200: - description: Successful authentication. - 401: - description: Unsuccessful authentication. - /{repo}/code-scanning/default-setup: - get: - operationId: GetCodeScanningDefaultSetupConfigForRepo - summary: Gets a code scanning default setup configuration of Code Scanning (CodeQL) in the specified GitHub repo - In the results, the field "state" describe if CodeQL is configured (active) or not in the repo. - The field "languages" describe the programming languages covered by CodeQL in that repo. - Two field "schedule" describe the frequency of execution of the code scanning. - The field "updated_at" returns the date when this configuration was last updated. - parameters: - - in: path - name: repo - schema: - type: string - required: true - - in: header - name: User-Agent - schema: - type: string - required: true - description: User-Agent (You can write any text here. This parameter is added as a temporary workaround to make the call succeed) - responses: - 200: - description: Successful authentication. - 401: - description: Unsuccessful authentication. diff --git a/Plugins/Community Based Plugins/GitHub Advanced Security Custom Plugin Scenarios/GitHubAdvancedSecurity-CustomPlugins/GitHubAdvancedSecurityPlugin-Repo-DependabotScanning-Specification.yaml b/Plugins/Community Based Plugins/GitHub Advanced Security Custom Plugin Scenarios/GitHubAdvancedSecurity-CustomPlugins/GitHubAdvancedSecurityPlugin-Repo-DependabotScanning-Specification.yaml deleted file mode 100644 index d02077a4..00000000 --- a/Plugins/Community Based Plugins/GitHub Advanced Security Custom Plugin Scenarios/GitHubAdvancedSecurity-CustomPlugins/GitHubAdvancedSecurityPlugin-Repo-DependabotScanning-Specification.yaml +++ /dev/null @@ -1,67 +0,0 @@ -openapi: 3.0.0 - -info: - title: GitHub Advanced Security Dependabot Scanning for GitHub Repositories - description: Skills to retrieve Dependabot Scanning alerts for the default branch of a specific GitHub repository (repo). - These Dependabot scannings are executed by GitHub Advanced Security (GhAS). - version: "0.0.1" - -paths: - /{repo}/dependabot/alerts: - get: - operationId: ListDependabotAlertsForARepository - summary: Lists the alerts produced as result of the dependabot scanning executed by GitHub Advanced Security (GhAS). - Each alert is related to a specific software vulnerability existing in one of the software components found as dependencies in the solution in the repo. - In each alert listed in the response, the fields named "name" and "ecosystem", under the node "security_vulnerability/package", describe the name of the - software component found as dependency to which the alert is related. - The field "value" with type "CVE" under "identifiers" gives the CVE name of the vulnerability found in the affected software component. - The field named "references" include the links to all relevant official resources describing the vulnerability. - The fields named "vulnerable_version_range" and "first_patched_version" describe the versions that are vulnerable and the one where the vulnerability has been removed. - parameters: - - in: path - name: repo - schema: - type: string - required: true - - in: header - name: User-Agent - schema: - type: string - required: true - description: User-Agent (You can write any text here. This parameter is added as a temporary workaround to make the call succeed) - responses: - 200: - description: Successful authentication. - 401: - description: Unsuccessful authentication. - /{repo}/dependabot/alerts/{alertnumber}: - get: - operationId: GetDependabotAlert - summary: Gets a single dependabot alert. - In the response, the fields named "name" and "ecosystem", under the node "security_vulnerability/package", describe the name of the - software component found as dependency to which the alert is related. - The field "value" with type "CVE" under "identifiers" gives the CVE name of the vulnerability found in the affected software component. - The field named "references" include the links to all relevant official resources describing the vulnerability. - The fields named "vulnerable_version_range" and "first_patched_version" describe the versions that are vulnerable and the one where the vulnerability has been removed. - parameters: - - in: path - name: repo - schema: - type: string - required: true - - in: path - name: alertnumber - schema: - type: string - required: true - - in: header - name: User-Agent - schema: - type: string - required: true - description: User-Agent (You can write any text here. This parameter is added as a temporary workaround to make the call succeed) - responses: - 200: - description: Successful authentication. - 401: - description: Unsuccessful authentication. diff --git a/Plugins/Community Based Plugins/GitHub Advanced Security Custom Plugin Scenarios/GitHubAdvancedSecurity-CustomPlugins/GitHubAdvancedSecurityPlugin-Repo-SecretScanning-Specification.yaml b/Plugins/Community Based Plugins/GitHub Advanced Security Custom Plugin Scenarios/GitHubAdvancedSecurity-CustomPlugins/GitHubAdvancedSecurityPlugin-Repo-SecretScanning-Specification.yaml deleted file mode 100644 index 811387ce..00000000 --- a/Plugins/Community Based Plugins/GitHub Advanced Security Custom Plugin Scenarios/GitHubAdvancedSecurity-CustomPlugins/GitHubAdvancedSecurityPlugin-Repo-SecretScanning-Specification.yaml +++ /dev/null @@ -1,93 +0,0 @@ -openapi: 3.0.0 - -info: - title: GitHub Advanced Security Secret Scanning for GitHub Repositories - description: Skills to retrieve Secret Scanning alerts for the default branch of a specific GitHub repository (repo). - These Secret scannings are executed by GitHub Advanced Security (GhAS). - version: "0.0.1" - -paths: - /{repo}/secret-scanning/alerts: - get: - operationId: ListSecretScanningAlertsForARepository - summary: Lists the alerts produced as result of the secret scanning executed by GitHub Advanced Security (GhAS). - Each alert is related to a specific "secret" (text that should not be written in clear and stored in GitHub) found in one of the files in the repo. - In each alert listed in the response, the field named "secret_type_display_name" include the display name of the type of secret found in the code. - The field named "secret" include the content of the secret found. - The filed "login" in the element "push_protection_bypassed_by" is the login name of the user who introduced that secret in the code. - Use the GetSecretScanningAlertLocations skill to get the location (path URL) of the file containing the secret. - parameters: - - in: path - name: repo - schema: - type: string - required: true - - in: header - name: User-Agent - schema: - type: string - required: true - description: User-Agent (You can write any text here. This parameter is added as a temporary workaround to make the call succeed) - responses: - 200: - description: Successful authentication. - 401: - description: Unsuccessful authentication. - /{repo}/secret-scanning/alerts/{alertnumber}: - get: - operationId: GetSecretScanningAlert - summary: Gets a single secret scanning alert. - In the response, the field named "secret_type_display_name" include the display name of the type of secret found in the code. - The field named "secret" include the content of the secret found. - The filed "login" in the element "push_protection_bypassed_by" is the login name of the user who introduced that secret in the code. - Use the GetSecretScanningAlertLocations skill to get the location (URL) of the file containing the secret. - parameters: - - in: path - name: repo - schema: - type: string - required: true - - in: path - name: alertnumber - schema: - type: string - required: true - - in: header - name: User-Agent - schema: - type: string - required: true - description: User-Agent (You can write any text here. This parameter is added as a temporary workaround to make the call succeed) - responses: - 200: - description: Successful authentication. - 401: - description: Unsuccessful authentication. - /{repo}/secret-scanning/alerts/{alertnumber}/locations: - get: - operationId: GetSecretScanningAlertLocations - summary: Lists all locations of the specified secret scanning alert. - In the response, the location is specified in the field "path". - The field "blob_url" contain the link to the blob (raw) content of the file. - parameters: - - in: path - name: repo - schema: - type: string - required: true - - in: path - name: alertnumber - schema: - type: string - required: true - - in: header - name: User-Agent - schema: - type: string - required: true - description: User-Agent (You can write any text here. This parameter is added as a temporary workaround to make the call succeed) - responses: - 200: - description: Successful authentication. - 401: - description: Unsuccessful authentication. diff --git a/Plugins/Community Based Plugins/GitHub Advanced Security Custom Plugin Scenarios/GitHubAdvancedSecurityForAzureDevOps-CustomPlugin/GitHubAdvancedSecurityForAzureDevOpsPlugin-Manifest.yaml b/Plugins/Community Based Plugins/GitHub Advanced Security Custom Plugin Scenarios/GitHubAdvancedSecurityForAzureDevOps-CustomPlugin/GitHubAdvancedSecurityForAzureDevOpsPlugin-Manifest.yaml deleted file mode 100644 index 872a8187..00000000 --- a/Plugins/Community Based Plugins/GitHub Advanced Security Custom Plugin Scenarios/GitHubAdvancedSecurityForAzureDevOps-CustomPlugin/GitHubAdvancedSecurityForAzureDevOpsPlugin-Manifest.yaml +++ /dev/null @@ -1,32 +0,0 @@ -Descriptor: - Name: GitHub Advanced Security for Azure DevOps - DisplayName: GitHub Advanced Security for Azure DevOps (Community release) - Description: Skills to retrieve the alerts resulting from the code scanning, secret scanning and dependabot scanning executed by - GitHub Advanced Security for Azure DevOps (GAzDO) on the repositories of the projects of a specified Azure DevOps organization. - - Settings: - - Name: AzureDevOpsOrganizationUrl - Label: Azure DevOps API URL including the name of your Organization - Description: The URL of the Azure DevOps API for accessing your Organization. Specify the name of your Organization. - HintText: "https://advsec.dev.azure.com/MyOrganizationName" - DefaultValue: "https://advsec.dev.azure.com/" - SettingType: String - Required: true - - SupportedAuthTypes: - - ApiKey - Authorization: - Type: APIKey - Key: Authorization - Location: Header - AuthScheme: 'Basic' - -SkillGroups: - - Format: API - Settings: - OpenApiSpecUrl: https://raw.githubusercontent.com/Azure/Copilot-For-Security/main/Plugins/Community%20Based%20Plugins/GitHubAdvancedSecurityForAzureDevOps-CustomPlugin/GitHubAdvancedSecurityForAzureDevOpsPlugin-Alerts-Specification.yaml - EndpointUrlSettingName: AzureDevOpsOrganizationUrl - - Format: API - Settings: - OpenApiSpecUrl: https://raw.githubusercontent.com/Azure/Copilot-For-Security/main/Plugins/Community%20Based%20Plugins/GitHubAdvancedSecurityForAzureDevOps-CustomPlugin/GitHubAdvancedSecurityForAzureDevOpsPlugin-Management-Specification.yaml - EndpointUrlSettingName: AzureDevOpsOrganizationUrl \ No newline at end of file From 724b39b6aa10e9feb8082e24926b465ac7f0faf7 Mon Sep 17 00:00:00 2001 From: Amit Singh Date: Thu, 24 Oct 2024 15:53:48 -0500 Subject: [PATCH 2/2] Added eDiscovery_API_Plugin.yaml and eDisocvery_OAuth_API_manifest.yaml to eDiscovery folder --- .../eDiscovery/eDiscovery_API_Plugin.yaml | 404 ++++++++++++++++++ .../eDiscovery_OAuth_API_manifest.yaml | 18 + 2 files changed, 422 insertions(+) create mode 100644 Plugins/Community Based Plugins/Purview/eDiscovery/eDiscovery_API_Plugin.yaml create mode 100644 Plugins/Community Based Plugins/Purview/eDiscovery/eDiscovery_OAuth_API_manifest.yaml diff --git a/Plugins/Community Based Plugins/Purview/eDiscovery/eDiscovery_API_Plugin.yaml b/Plugins/Community Based Plugins/Purview/eDiscovery/eDiscovery_API_Plugin.yaml new file mode 100644 index 00000000..e26b283c --- /dev/null +++ b/Plugins/Community Based Plugins/Purview/eDiscovery/eDiscovery_API_Plugin.yaml @@ -0,0 +1,404 @@ +openapi: 3.0.0 + +info: + title: eDiscovery Case Plugin + description: Skills for creating a plugin that will help create eDiscovery case & additional workflows in Purview via Graph API Call + version: "v1.0" +servers: + - url: https://graph.microsoft.com/v1.0/security/cases + +paths: + /ediscoveryCases: + post: + operationId: Create eDiscovery case in Purview + description: Create eDiscovery case based on user supplied name + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + displayName: + type: string + description: The name of the eDiscovery case + description: + type: string + description: The eDiscovery case description + externalId: + type: string + description: The external case number for customer reference + required: + - displayName + responses: + "200": + description: OK + content: + application/json: + + /ediscoveryCases/{ediscoveryCaseId}/custodians: + post: + operationId: Add custodian to eDiscovery case in Purview + description: Add custodian to eDiscovery case in Purview + parameters: + - in: path + name: ediscoveryCaseId + schema: + type: string + required: true + description: ediscoveryCaseId in eDiscovery + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + email: + type: string + description: Custodian's primary SMTP address supplied by the user + required: + - email + responses: + "200": + description: OK + content: + application/json: + + /ediscoveryCases/{ediscoveryCaseId}/custodians/{custodianId}/userSources: + post: + operationId: Add new userSource object associated with an eDiscovery custodian + description: Add a new userSource object associated with an eDiscovery custodian in Purview + parameters: + - in: path + name: ediscoveryCaseId + schema: + type: string + required: true + description: caseId in eDiscovery + - in: path + name: custodianId + schema: + type: string + required: true + description: custodianId in eDiscovery + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + email: + type: string + description: Custodian's primary SMTP address supplied by the user + includedSources: + type: string + description: Specifies which sources are included in this group. Possible values are (mailbox, site) supplied by the user, seperated by a comma + required: + - email + - includedSources + responses: + "200": + description: OK + content: + application/json: + + /ediscoveryCases/{ediscoveryCaseId}/custodians/{custodianId}/siteSources: + post: + operationId: Add a new siteSource object associated with an eDiscovery custodian + description: Add a new siteSource (sharepoint) object associated with an eDiscovery custodian in Purview + parameters: + - in: path + name: ediscoveryCaseId + schema: + type: string + required: true + description: caseId in eDiscovery + - in: path + name: custodianId + schema: + type: string + required: true + description: custodianId in eDiscovery + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + webUrl: + type: string + description: URL of the sharepoint site supplied by the user + required: + - webUrl + responses: + "200": + description: OK + content: + application/json: + + /ediscoveryCases/{ediscoveryCaseId}/custodians/applyHold: + post: + operationId: Applying hold on eDiscovery custodians + description: Applying hold on eDiscovery custodians in Purview + parameters: + - in: path + name: ediscoveryCaseId + schema: + type: string + required: true + description: caseId in eDiscovery + - in: path + name: custodianId + schema: + type: string + required: true + description: custodianId in eDiscovery + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + ids: + type: string + description: ids of custodian/s seperated by comma supplied by the user + required: + - ids + responses: + "200": + description: OK + headers: + location: + description: The URL to the operation status, location provides a URL that will return an eDiscoveryHoldOperation object. + schema: + type: string + example: "https://graph.microsoft.com/v1.0/security/cases/ediscoverycases('{ediscoveryCaseId}')/operations('{ediscoveryReviewSetId}')" + content: + application/json: + + /ediscoveryCases/{ediscoveryCaseId}/searches: + post: + operationId: Add a new ediscoverySearch object + description: Add a new ediscoverySearch object in Purview + parameters: + - in: path + name: ediscoveryCaseId + schema: + type: string + required: true + description: caseId in eDiscovery + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + displayName: + type: string + description: The display name of the search, supplied by the user + description: + type: string + description: The description of the search, supplied by the user. Optional + contentQuery: + type: string + description: The query string used for the search. The query string in KQL (Keyword Query Language) format, supplied by the user. Optional + dataSourceScopes: + type: string + description: The option to search across all mailboxes or sites in the tenant. The possible values are none, allTenantMailboxes, allTenantSites, allCaseCustodians, allCaseNoncustodialDataSources, supplied by the user. Optional + required: + - displayName + responses: + "200": + description: OK + content: + application/json: + + /ediscoveryCases/{ediscoveryCaseId}/searches/{ediscoverySearchId}/estimateStatistics: + post: + operationId: Run an estimate in the eDiscovery search + description: Run an estimate of the number of emails and documents in the eDiscovery search + parameters: + - in: path + name: ediscoveryCaseId + schema: + type: string + required: true + description: caseId in eDiscovery + - in: path + name: ediscoverySearchId + schema: + type: string + required: true + description: ediscoverySearchId in eDiscovery + requestBody: + required: true + description: Run an estimate of the number of emails and documents in the eDiscovery search + responses: + "200": + description: OK + headers: + location: + description: The response contains also a Location header, which contains the location of the Export operation that was created to handle the export. + schema: + type: string + example: "https://graph.microsoft.com/v1.0/security/cases/ediscoverycases('{ediscoveryCaseId}')/operations('{ediscoverySearchId}')" + content: + application/json: + + /ediscoveryCases/{ediscoveryCaseId}/reviewSets: + post: + operationId: Create a new ediscovery ReviewSet object + description: Create new ediscoveryReviewSet object in Purview + parameters: + - in: path + name: ediscoveryCaseId + schema: + type: string + required: true + description: caseId in eDiscovery + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + displayName: + type: string + description: The name of the review set, supplied by the user. Required + required: + - displayName + responses: + "200": + description: OK + content: + application/json: + + /ediscoveryCases/{ediscoveryCaseId}/reviewSets/{eDiscoveryReviewSetId}/addToReviewSet: + post: + operationId: Add eDiscovery search to a review set + description: Add an eDiscovery search to a review set by associating review set ID with search ID + parameters: + - in: path + name: ediscoveryCaseId + schema: + type: string + required: true + description: caseId in eDiscovery + - in: path + name: eDiscoveryReviewSetId + schema: + type: string + required: true + description: eDiscoveryReviewSetId in eDiscovery + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + search: + type: object #this will be an object as well + properties: + id: + type: string + description: Q-The ID of the eDiscovery search you'd like to add to the review set, supplied by the user. Required. + example: "cxxxxx-xxx0-4exx-bxx8-2xxxxxxxb7" + additionalDataOptions: + type: string + description: The options for adding items to reviewSet that you'd like to add to the review set, supplied by the user. Examples are "allVersions" and/or linkedFiles, you can use both seperated by a comma. Required + required: + - search + - additionalDataOptions + responses: + "200": + description: OK + content: + application/json: + + /ediscoveryCases/{ediscoveryCaseId}/reviewSets/{eDiscoveryReviewSetId}/export: + post: + operationId: Initiate an export from a ediscoveryReviewSet + description: Initiate an export from a ediscoveryReviewSet in Purview + parameters: + - in: path + name: ediscoveryCaseId + schema: + type: string + required: true + description: caseId in eDiscovery + - in: path + name: eDiscoveryReviewSetId + schema: + type: string + required: true + description: eDiscoveryReviewSetId in eDiscovery + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + outputName: + type: string + description: Name of the export, supplied by the user. Required + description: + type: string + description: Description of the export, supplied by the user. + exportOptions: + type: string + description: Specifies options that control the format of the export. Possible values are; originalFiles, text, pdfReplacement, tags, unknownFutureValue supplied by the user. + exportStructure: + type: string + description: Options that control file structure and packaging of the export. Possible values are; none, directory, pst, unknownFutureValue.supplied by the user. + required: + - outputName + responses: + "200": + description: OK + headers: + location: + description: The response contains also a Location header, which contains the location of the Export operation that was created to handle the export. + schema: + type: string + example: "https://graph.microsoft.com/v1.0/security/cases/ediscoverycases('{ediscoveryCaseId}')/operations('{ediscoveryReviewSetId}')" + content: + application/json: + + /ediscoveryCases/{ediscoveryCaseId}/operations: + get: + operationId: Get a list of the caseOperation objects + description: Get a list of the caseOperation objects and their properties in Purview + parameters: + - in: path + name: ediscoveryCaseId + schema: + type: string + required: true + description: caseId in eDiscovery + requestBody: + required: true + description: Run an estimate of the number of emails and documents in the eDiscovery search + + responses: + "200": + description: OK + headers: + location: + description: If successful, this method returns a 200 OK response code and a collection of microsoft.graph.security.caseOperation objects in the response body + schema: + type: string + example: "https://graph.microsoft.com/v1.0/security/cases/ediscoverycases('{ediscoveryCaseId}')/operations('{ediscoverySearchId}')" + content: + application/json: + + + + diff --git a/Plugins/Community Based Plugins/Purview/eDiscovery/eDiscovery_OAuth_API_manifest.yaml b/Plugins/Community Based Plugins/Purview/eDiscovery/eDiscovery_OAuth_API_manifest.yaml new file mode 100644 index 00000000..22d64d68 --- /dev/null +++ b/Plugins/Community Based Plugins/Purview/eDiscovery/eDiscovery_OAuth_API_manifest.yaml @@ -0,0 +1,18 @@ +Descriptor: + Name: eDiscovery Case Plugin + DisplayName: eDiscovery Case Plugin + Description: The skills in this plugin will help create eDiscovery case & additional steps all the way to export in Purview via Graph API Call + DescriptionForModel: The skills in this plugin will help create eDiscovery case, add custodian, add hold, create search, create reviewset and kickoff export in Purview + + Authorization: + Type: OAuthAuthorizationCodeFlow + ClientId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx #ClientId from App Registration in EntraID + AuthorizationEndpoint: https://login.microsoftonline.com/Directory(tenant)ID/oauth2/v2.0/authorize #Directory(tenant)ID from Overview page of your App Registration in EntraID + TokenEndpoint: https://login.microsoftonline.com/Directory(tenant)ID/oauth2/v2.0/token #Directory(tenant)ID from Overview page of your App Registration in EntraID + Scopes: offline_access user.read eDiscovery.Read.All eDiscovery.ReadWrite.All #EntraID permissions for this App & delegated permissions assigned to your App in EntraID + AuthorizationContentType: application/x-www-form-urlencoded + +SkillGroups: + - Format: API + Settings: + OpenApiSpecUrl: https://raw.githubusercontent.com/samitks77/sam-cfs/main/eDiscovery_API_Plugin.yaml \ No newline at end of file