Security-Copilot/Plugins/Community Based Plugins/Microsoft Graph API plugins/GUID Resolution/sp guid resolver-plugin-spec.yaml at 6a4e1d8d6fc29b29342e2e6235b0447877b4f058 · Azure/Security-Copilot · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
openapi: 3.0.0
info:
  title: Entra Service Principal GUID Resolver
  version: 1.0.0
  description: >
    Resolve a GUID from security alerts to the Microsoft Entra service principal (Enterprise Application)
    display name and identifiers using Microsoft Graph.

servers:
  - url: https://graph.microsoft.com/v1.0

paths:
  /servicePrincipals/{id}:
    get:
      operationId: GetServicePrincipalByObjectId
      summary: Resolve a service principal by Object ID (Caller GUID)
      description: >
        Retrieves Microsoft Entra service principal (Enterprise Application) details using the service principal
        Object ID. Use when an alert "Caller" field contains a GUID that is the enterprise application's Object ID.
        #ExamplePrompts Resolve this caller GUID to the enterprise application name: 9cb7b82d-55cd-4265-b8a7-8899a7376e5c
        #ExamplePrompts Get the service principal name for ObjectId 9cb7b82d-55cd-4265-b8a7-8899a7376e5c
      parameters:
        - name: id
          in: path
          required: true
          description: Service principal Object ID (GUID)
          schema:
            type: string
      responses:
        "200":
          description: Service principal found
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/ServicePrincipal"
        "404":
          description: Not found

  "/servicePrincipals(appId='{appId}')":
    get:
      operationId: GetServicePrincipalByAppId
      summary: Resolve a service principal by Application (Client) ID / appId
      description: >
        Retrieves Microsoft Entra service principal (Enterprise Application) details using the Application (Client) ID (appId).
        Use when the GUID you have is the AppId rather than the service principal Object ID.
        #ExamplePrompts Resolve this appId GUID to the enterprise application name: a12e8ccb-0fcd-46f8-b6a1-000000000000
        #ExamplePrompts Get the service principal name for appId a12e8ccb-0fcd-46f8-b6a1-000000000000
      parameters:
        - name: appId
          in: path
          required: true
          description: Application (Client) ID / appId (GUID)
          schema:
            type: string
      responses:
        "200":
          description: Service principal found
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/ServicePrincipal"
        "404":
          description: Not found

components:
  schemas:
    ServicePrincipal:
      type: object
      properties:
        id:
          type: string
          description: Service principal Object ID
        appId:
          type: string
          description: Application (Client) ID
        displayName:
          type: string
          description: Enterprise Application (service principal) display name
        servicePrincipalType:
          type: string
        accountEnabled:
          type: boolean
        publisherName:
          type: string