From e1e37ea98901e59acdd5515d151618ac937094aa Mon Sep 17 00:00:00 2001 From: MorBrisker Date: Thu, 19 Aug 2021 15:09:47 +0300 Subject: [PATCH] Add2021-06-01AsessmentsAPIVersion (#15390) * Add2021-06-01AsessmentsAPIVersion * Add2021-06-01AsessmentsAPIVersion * Add2021-06-01AsessmentsAPIVersion * Add2021-06-01AsessmentsAPIVersion * Add2021-06-01AsessmentsAPIVersion * Add2021-06-01AsessmentsAPIVersion * Add2021-06-01AsessmentsAPIVersion * Add2021-06-01AsessmentsAPIVersion * Add2021-06-01AsessmentsAPIVersion * Add2021-06-01AsessmentsAPIVersion * Update custom-words.txt Co-authored-by: MIDDLEEAST\morbrisker --- custom-words.txt | 1 + .../stable/2021-06-01/assessmentMetadata.json | 1113 +++++++++++++++++ .../stable/2021-06-01/assessments.json | 467 +++++++ .../Assessments/DeleteAssessment_example.json | 11 + .../GetAssessmentWithExpand_example.json | 37 + .../Assessments/GetAssessment_example.json | 33 + .../Assessments/ListAssessments_example.json | 53 + .../Assessments/PutAssessment_example.json | 53 + ...essmentsMetadata_subscription_example.json | 52 + ...essmentsMetadata_subscription_example.json | 10 + .../GetAssessmentsMetadata_example.json | 53 + ...essmentsMetadata_subscription_example.json | 54 + .../ListAssessmentsMetadata_example.json | 106 ++ ...essmentsMetadata_subscription_example.json | 85 ++ .../security/resource-manager/readme.md | 6 +- 15 files changed, 2132 insertions(+), 2 deletions(-) create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessments.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/DeleteAssessment_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessmentWithExpand_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessment_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/ListAssessments_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/PutAssessment_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json diff --git a/custom-words.txt b/custom-words.txt index 35c64a9ec0bb..f58ce8aa679d 100644 --- a/custom-words.txt +++ b/custom-words.txt @@ -2263,3 +2263,4 @@ DOCM multislot Tebibytes privatelinkservicesforpowerbi +Obuscated diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json new file mode 100644 index 000000000000..b130a9c0569e --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json @@ -0,0 +1,1113 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "version": "2021-06-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/providers/Microsoft.Security/assessmentMetadata": { + "get": { + "x-ms-examples": { + "List security assessment metadata": { + "$ref": "./examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json" + } + }, + "tags": [ + "Assessments Metadata" + ], + "description": "Get metadata information on all assessment types", + "operationId": "AssessmentsMetadata_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityAssessmentMetadataResponseList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Security/assessmentMetadata/{assessmentMetadataName}": { + "get": { + "x-ms-examples": { + "Get security assessment metadata": { + "$ref": "./examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json" + } + }, + "tags": [ + "Assessments Metadata" + ], + "description": "Get metadata information on an assessment type", + "operationId": "AssessmentsMetadata_Get", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/AssessmentsMetadataName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityAssessmentMetadataResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata": { + "get": { + "x-ms-examples": { + "List security assessment metadata for subscription": { + "$ref": "./examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json" + } + }, + "tags": [ + "Assessments Metadata" + ], + "description": "Get metadata information on all assessment types in a specific subscription", + "operationId": "AssessmentsMetadata_ListBySubscription", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityAssessmentMetadataResponseList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata/{assessmentMetadataName}": { + "get": { + "x-ms-examples": { + "Get security assessment metadata for subscription": { + "$ref": "./examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json" + } + }, + "tags": [ + "Assessments Metadata" + ], + "description": "Get metadata information on an assessment type in a specific subscription", + "operationId": "AssessmentsMetadata_GetInSubscription", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/AssessmentsMetadataName" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityAssessmentMetadataResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create security assessment metadata for subscription": { + "$ref": "./examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json" + } + }, + "tags": [ + "Assessments Metadata" + ], + "description": "Create metadata information on an assessment type in a specific subscription", + "operationId": "AssessmentsMetadata_CreateInSubscription", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/AssessmentsMetadataName" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/SecurityAssessmentMetadataResponse" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityAssessmentMetadataResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a security assessment metadata for subscription": { + "$ref": "./examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json" + } + }, + "tags": [ + "Assessments Metadata" + ], + "description": "Delete metadata information on an assessment type in a specific subscription, will cause the deletion of all the assessments of that type in that subscription", + "operationId": "AssessmentsMetadata_DeleteInSubscription", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/AssessmentsMetadataName" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "SecurityAssessmentMetadataResponseList": { + "type": "object", + "description": "List of security assessment metadata", + "properties": { + "value": { + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/SecurityAssessmentMetadataResponse" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "SecurityAssessmentMetadata": { + "type": "object", + "description": "Security assessment metadata", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/SecurityAssessmentMetadataProperties" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] + }, + "SecurityAssessmentMetadataResponse": { + "type": "object", + "description": "Security assessment metadata response", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/SecurityAssessmentMetadataPropertiesResponse" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] + }, + "SecurityAssessmentMetadataProperties": { + "type": "object", + "description": "Describes properties of an assessment metadata.", + "properties": { + "displayName": { + "type": "string", + "description": "User friendly display name of the assessment" + }, + "policyDefinitionId": { + "readOnly": true, + "type": "string", + "description": "Azure resource ID of the policy definition that turns this assessment calculation on" + }, + "description": { + "type": "string", + "description": "Human readable description of the assessment" + }, + "remediationDescription": { + "type": "string", + "description": "Human readable description of what you should do to mitigate this security issue" + }, + "categories": { + "type": "array", + "items": { + "type": "string", + "description": "The categories of resource that is at risk when the assessment is unhealthy", + "enum": [ + "Compute", + "Networking", + "Data", + "IdentityAndAccess", + "IoT" + ], + "x-ms-enum": { + "name": "categories", + "modelAsString": true, + "values": [ + { + "value": "Compute" + }, + { + "value": "Networking" + }, + { + "value": "Data" + }, + { + "value": "IdentityAndAccess" + }, + { + "value": "IoT" + } + ] + } + } + }, + "severity": { + "type": "string", + "description": "The severity level of the assessment", + "enum": [ + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "severity", + "modelAsString": true, + "values": [ + { + "value": "Low" + }, + { + "value": "Medium" + }, + { + "value": "High" + } + ] + } + }, + "userImpact": { + "type": "string", + "description": "The user impact of the assessment", + "enum": [ + "Low", + "Moderate", + "High" + ], + "x-ms-enum": { + "name": "userImpact", + "modelAsString": true, + "values": [ + { + "value": "Low" + }, + { + "value": "Moderate" + }, + { + "value": "High" + } + ] + } + }, + "implementationEffort": { + "type": "string", + "description": "The implementation effort required to remediate this assessment", + "enum": [ + "Low", + "Moderate", + "High" + ], + "x-ms-enum": { + "name": "implementationEffort", + "modelAsString": true, + "values": [ + { + "value": "Low" + }, + { + "value": "Moderate" + }, + { + "value": "High" + } + ] + } + }, + "threats": { + "type": "array", + "items": { + "type": "string", + "description": "Threats impact of the assessment", + "enum": [ + "accountBreach", + "dataExfiltration", + "dataSpillage", + "maliciousInsider", + "elevationOfPrivilege", + "threatResistance", + "missingCoverage", + "denialOfService" + ], + "x-ms-enum": { + "name": "threats", + "modelAsString": true, + "values": [ + { + "value": "accountBreach" + }, + { + "value": "dataExfiltration" + }, + { + "value": "dataSpillage" + }, + { + "value": "maliciousInsider" + }, + { + "value": "elevationOfPrivilege" + }, + { + "value": "threatResistance" + }, + { + "value": "missingCoverage" + }, + { + "value": "denialOfService" + } + ] + } + } + }, + "preview": { + "type": "boolean", + "description": "True if this assessment is in preview release status" + }, + "assessmentType": { + "type": "string", + "description": "BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition", + "enum": [ + "BuiltIn", + "CustomPolicy", + "CustomerManaged", + "VerifiedPartner" + ], + "x-ms-enum": { + "name": "assessmentType", + "modelAsString": true, + "values": [ + { + "value": "BuiltIn", + "description": "Azure Security Center managed assessments" + }, + { + "value": "CustomPolicy", + "description": "User defined policies that are automatically ingested from Azure Policy to Azure Security Center" + }, + { + "value": "CustomerManaged", + "description": "User assessments pushed directly by the user or other third party to Azure Security Center" + }, + { + "value": "VerifiedPartner", + "description": "An assessment that was created by a verified 3rd party if the user connected it to ASC" + } + ] + } + }, + "partnerData": { + "$ref": "#/definitions/SecurityAssessmentMetadataPartnerData" + } + }, + "required": [ + "displayName", + "severity", + "assessmentType" + ] + }, + "SecurityAssessmentMetadataPartnerData": { + "type": "object", + "description": "Describes the partner that created the assessment", + "properties": { + "partnerName": { + "type": "string", + "description": "Name of the company of the partner" + }, + "productName": { + "type": "string", + "description": "Name of the product of the partner that created the assessment" + }, + "secret": { + "type": "string", + "description": "Secret to authenticate the partner and verify it created the assessment - write only", + "x-ms-secret": true + } + }, + "required": [ + "partnerName", + "secret" + ] + }, + "SecurityAssessmentMetadataPropertiesResponse": { + "type": "object", + "description": "Describes properties of an assessment metadata response.", + "properties": { + "publishDates": { + "type": "object", + "properties": { + "GA": { + "type": "string", + "pattern": "^([0-9]{2}/){2}[0-9]{4}$" + }, + "public": { + "type": "string", + "pattern": "^([0-9]{2}/){2}[0-9]{4}$" + } + }, + "required": [ + "public" + ] + }, + "plannedDeprecationDate": { + "type": "string", + "pattern": "^[0-9]{2}/[0-9]{4}$" + }, + "tactics": { + "type": "array", + "items": { + "type": "string", + "description": "Tactic of the assessment", + "enum": [ + "Reconnaissance", + "Resource Development", + "Initial Access", + "Execution", + "Persistence", + "Privilege Escalation", + "Defense Evasion", + "Credential Access", + "Discovery", + "Lateral Movement", + "Collection", + "Command and Control", + "Exfiltration", + "Impact" + ], + "x-ms-enum": { + "name": "tactics", + "modelAsString": true, + "values": [ + { + "value": "Reconnaissance" + }, + { + "value": "Resource Development" + }, + { + "value": "Initial Access" + }, + { + "value": "Execution" + }, + { + "value": "Persistence" + }, + { + "value": "Privilege Escalation" + }, + { + "value": "Defense Evasion" + }, + { + "value": "Credential Access" + }, + { + "value": "Discovery" + }, + { + "value": "Lateral Movement" + }, + { + "value": "Collection" + }, + { + "value": "Command and Control" + }, + { + "value": "Exfiltration" + }, + { + "value": "Impact" + } + ] + } + } + }, + "techniques": { + "type": "array", + "items": { + "type": "string", + "description": "Techniques of the assessment", + "enum": [ + "Abuse Elevation Control Mechanism", + "Access Token Manipulation", + "Account Discovery", + "Account Manipulation", + "Active Scanning", + "Application Layer Protocol", + "Audio Capture", + "Boot or Logon Autostart Execution", + "Boot or Logon Initialization Scripts", + "Brute Force", + "Cloud Infrastructure Discovery", + "Cloud Service Dashboard", + "Cloud Service Discovery", + "Command and Scripting Interpreter", + "Compromise Client Software Binary", + "Compromise Infrastructure", + "Container and Resource Discovery", + "Create Account", + "Create or Modify System Process", + "Credentials from Password Stores", + "Data Destruction", + "Data Encrypted for Impact", + "Data from Cloud Storage Object", + "Data from Configuration Repository", + "Data from Information Repositories", + "Data from Local System", + "Data Manipulation", + "Data Staged", + "Defacement", + "Deobfuscate/Decode Files or Information", + "Disk Wipe", + "Domain Trust Discovery", + "Drive-by Compromise", + "Dynamic Resolution", + "Endpoint Denial of Service", + "Event Triggered Execution", + "Exfiltration Over Alternative Protocol", + "Exploit Public-Facing Application", + "Exploitation for Client Execution", + "Exploitation for Credential Access", + "Exploitation for Defense Evasion", + "Exploitation for Privilege Escalation", + "Exploitation of Remote Services", + "External Remote Services", + "Fallback Channels", + "File and Directory Discovery", + "Gather Victim Network Information", + "Hide Artifacts", + "Hijack Execution Flow", + "Impair Defenses", + "Implant Container Image", + "Indicator Removal on Host", + "Indirect Command Execution", + "Ingress Tool Transfer", + "Input Capture", + "Inter-Process Communication", + "Lateral Tool Transfer", + "Man-in-the-Middle", + "Masquerading", + "Modify Authentication Process", + "Modify Registry", + "Network Denial of Service", + "Network Service Scanning", + "Network Sniffing", + "Non-Application Layer Protocol", + "Non-Standard Port", + "Obfuscated Files or Information", + "Obtain Capabilities", + "Obuscated Files or Information", + "Office Application Startup", + "OS Credential Dumping", + "Permission Groups Discovery", + "Phishing", + "Pre-OS Boot", + "Process Discovery", + "Process Injection", + "Protocol Tunneling", + "Proxy", + "Query Registry", + "Remote Access Software", + "Remote Service Session Hijacking", + "Remote Services", + "Remote System Discovery", + "Resource Hijacking", + "Scheduled Task/Job", + "Screen Capture", + "Search Victim-Owned Websites", + "Server Software Component", + "Service Stop", + "Signed Binary Proxy Execution", + "Software Deployment Tools", + "SQL Stored Procedures", + "Steal or Forge Kerberos Tickets", + "Subvert Trust Controls", + "Supply Chain Compromise", + "System Information Discovery", + "Taint Shared Content", + "Traffic Signaling", + "Transfer Data to Cloud Account", + "Trusted Relationship", + "Unsecured Credentials", + "User Execution", + "Valid Accounts", + "Windows Management Instrumentation", + "File and Directory Permissions Modification" + ], + "x-ms-enum": { + "name": "techniques", + "modelAsString": true, + "values": [ + { + "value": "Abuse Elevation Control Mechanism" + }, + { + "value": "Access Token Manipulation" + }, + { + "value": "Account Discovery" + }, + { + "value": "Account Manipulation" + }, + { + "value": "Active Scanning" + }, + { + "value": "Application Layer Protocol" + }, + { + "value": "Audio Capture" + }, + { + "value": "Boot or Logon Autostart Execution" + }, + { + "value": "Boot or Logon Initialization Scripts" + }, + { + "value": "Brute Force" + }, + { + "value": "Cloud Infrastructure Discovery" + }, + { + "value": "Cloud Service Dashboard" + }, + { + "value": "Cloud Service Discovery" + }, + { + "value": "Command and Scripting Interpreter" + }, + { + "value": "Compromise Client Software Binary" + }, + { + "value": "Compromise Infrastructure" + }, + { + "value": "Container and Resource Discovery" + }, + { + "value": "Create Account" + }, + { + "value": "Create or Modify System Process" + }, + { + "value": "Credentials from Password Stores" + }, + { + "value": "Data Destruction" + }, + { + "value": "Data Encrypted for Impact" + }, + { + "value": "Data from Cloud Storage Object" + }, + { + "value": "Data from Configuration Repository" + }, + { + "value": "Data from Information Repositories" + }, + { + "value": "Data from Local System" + }, + { + "value": "Data Manipulation" + }, + { + "value": "Data Staged" + }, + { + "value": "Defacement" + }, + { + "value": "Deobfuscate/Decode Files or Information" + }, + { + "value": "Disk Wipe" + }, + { + "value": "Domain Trust Discovery" + }, + { + "value": "Drive-by Compromise" + }, + { + "value": "Dynamic Resolution" + }, + { + "value": "Endpoint Denial of Service" + }, + { + "value": "Event Triggered Execution" + }, + { + "value": "Exfiltration Over Alternative Protocol" + }, + { + "value": "Exploit Public-Facing Application" + }, + { + "value": "Exploitation for Client Execution" + }, + { + "value": "Exploitation for Credential Access" + }, + { + "value": "Exploitation for Defense Evasion" + }, + { + "value": "Exploitation for Privilege Escalation" + }, + { + "value": "Exploitation of Remote Services" + }, + { + "value": "External Remote Services" + }, + { + "value": "Fallback Channels" + }, + { + "value": "File and Directory Discovery" + }, + { + "value": "Gather Victim Network Information" + }, + { + "value": "Hide Artifacts" + }, + { + "value": "Hijack Execution Flow" + }, + { + "value": "Impair Defenses" + }, + { + "value": "Implant Container Image" + }, + { + "value": "Indicator Removal on Host" + }, + { + "value": "Indirect Command Execution" + }, + { + "value": "Ingress Tool Transfer" + }, + { + "value": "Input Capture" + }, + { + "value": "Inter-Process Communication" + }, + { + "value": "Lateral Tool Transfer" + }, + { + "value": "Man-in-the-Middle" + }, + { + "value": "Masquerading" + }, + { + "value": "Modify Authentication Process" + }, + { + "value": "Modify Registry" + }, + { + "value": "Network Denial of Service" + }, + { + "value": "Network Service Scanning" + }, + { + "value": "Network Sniffing" + }, + { + "value": "Non-Application Layer Protocol" + }, + { + "value": "Non-Standard Port" + }, + { + "value": "Obfuscated Files or Information" + }, + { + "value": "Obtain Capabilities" + }, + { + "value": "Obuscated Files or Information" + }, + { + "value": "Office Application Startup" + }, + { + "value": "OS Credential Dumping" + }, + { + "value": "Permission Groups Discovery" + }, + { + "value": "Phishing" + }, + { + "value": "Pre-OS Boot" + }, + { + "value": "Process Discovery" + }, + { + "value": "Process Injection" + }, + { + "value": "Protocol Tunneling" + }, + { + "value": "Proxy" + }, + { + "value": "Query Registry" + }, + { + "value": "Remote Access Software" + }, + { + "value": "Remote Service Session Hijacking" + }, + { + "value": "Remote Services" + }, + { + "value": "Remote System Discovery" + }, + { + "value": "Resource Hijacking" + }, + { + "value": "Scheduled Task/Job" + }, + { + "value": "Screen Capture" + }, + { + "value": "Search Victim-Owned Websites" + }, + { + "value": "Server Software Component" + }, + { + "value": "Service Stop" + }, + { + "value": "Signed Binary Proxy Execution" + }, + { + "value": "Software Deployment Tools" + }, + { + "value": "SQL Stored Procedures" + }, + { + "value": "Steal or Forge Kerberos Tickets" + }, + { + "value": "Subvert Trust Controls" + }, + { + "value": "Supply Chain Compromise" + }, + { + "value": "System Information Discovery" + }, + { + "value": "Taint Shared Content" + }, + { + "value": "Traffic Signaling" + }, + { + "value": "Transfer Data to Cloud Account" + }, + { + "value": "Trusted Relationship" + }, + { + "value": "Unsecured Credentials" + }, + { + "value": "User Execution" + }, + { + "value": "Valid Accounts" + }, + { + "value": "Windows Management Instrumentation" + }, + { + "value": "File and Directory Permissions Modification" + } + ] + } + } + } + }, + "allOf": [ + { + "$ref": "#/definitions/SecurityAssessmentMetadataProperties" + } + ] + } + }, + "parameters": { + "AssessmentsMetadataName": { + "name": "assessmentMetadataName", + "in": "path", + "required": true, + "type": "string", + "description": "The Assessment Key - Unique key for the assessment type", + "x-ms-parameter-location": "method" + }, + "SecurityAssessmentMetadataResponse": { + "name": "assessmentMetadata", + "in": "body", + "required": true, + "description": "AssessmentMetadata object", + "schema": { + "$ref": "#/definitions/SecurityAssessmentMetadataResponse" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessments.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessments.json new file mode 100644 index 000000000000..7fb23dbd17c5 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessments.json @@ -0,0 +1,467 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "version": "2021-06-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Security/assessments": { + "get": { + "x-ms-examples": { + "List security assessments": { + "$ref": "./examples/Assessments/ListAssessments_example.json" + } + }, + "tags": [ + "Assessments" + ], + "description": "Get security assessments on all your scanned resources inside a scope", + "operationId": "Assessments_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/Scope" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityAssessmentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/{resourceId}/providers/Microsoft.Security/assessments/{assessmentName}": { + "get": { + "x-ms-examples": { + "Get security recommendation task from security data location": { + "$ref": "./examples/Assessments/GetAssessment_example.json" + }, + "Get security recommendation task from security data location with expand parameter": { + "$ref": "./examples/Assessments/GetAssessmentWithExpand_example.json" + } + }, + "tags": [ + "Assessments" + ], + "description": "Get a security assessment on your scanned resource", + "operationId": "Assessments_Get", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceId" + }, + { + "$ref": "#/parameters/AssessmentName" + }, + { + "$ref": "#/parameters/ExpandAssessments" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityAssessmentResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create security recommendation task on a resource": { + "$ref": "./examples/Assessments/PutAssessment_example.json" + } + }, + "tags": [ + "Assessments" + ], + "description": "Create a security assessment on your resource. An assessment metadata that describes this assessment must be predefined with the same name before inserting the assessment result", + "operationId": "Assessments_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceId" + }, + { + "$ref": "#/parameters/AssessmentName" + }, + { + "$ref": "#/parameters/AssessmentBody" + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/SecurityAssessmentResponse" + } + }, + "200": { + "description": "OK - Updated", + "schema": { + "$ref": "#/definitions/SecurityAssessmentResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a security recommendation task on a resource": { + "$ref": "./examples/Assessments/DeleteAssessment_example.json" + } + }, + "tags": [ + "Assessments" + ], + "description": "Delete a security assessment on your resource. An assessment metadata that describes this assessment must be predefined with the same name before inserting the assessment result", + "operationId": "Assessments_Delete", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceId" + }, + { + "$ref": "#/parameters/AssessmentName" + } + ], + "responses": { + "200": { + "description": "OK - Assessment was deleted" + }, + "204": { + "description": "No Content - Assessment does not exist" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "SecurityAssessmentList": { + "type": "object", + "description": "Page of a security assessments list", + "properties": { + "value": { + "description": "Collection of security assessments in this page", + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/SecurityAssessmentResponse" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "SecurityAssessment": { + "type": "object", + "description": "Security assessment on a resource", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/SecurityAssessmentProperties" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] + }, + "SecurityAssessmentResponse": { + "type": "object", + "description": "Security assessment on a resource - response format", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/SecurityAssessmentPropertiesResponse" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] + }, + "SecurityAssessmentProperties": { + "type": "object", + "description": "Describes properties of an assessment.", + "properties": { + "status": { + "$ref": "#/definitions/AssessmentStatus" + } + }, + "allOf": [ + { + "$ref": "#/definitions/SecurityAssessmentPropertiesBase" + } + ], + "required": [ + "status" + ] + }, + "SecurityAssessmentPropertiesResponse": { + "type": "object", + "description": "Describes properties of an assessment.", + "properties": { + "status": { + "$ref": "#/definitions/AssessmentStatusResponse" + } + }, + "allOf": [ + { + "$ref": "#/definitions/SecurityAssessmentPropertiesBase" + } + ], + "required": [ + "status" + ] + }, + "SecurityAssessmentPropertiesBase": { + "type": "object", + "description": "Describes properties of an assessment.", + "properties": { + "resourceDetails": { + "$ref": "../../../common/v1/types.json#/definitions/ResourceDetails" + }, + "displayName": { + "readOnly": true, + "type": "string", + "description": "User friendly display name of the assessment" + }, + "additionalData": { + "type": "object", + "description": "Additional data regarding the assessment", + "additionalProperties": { + "type": "string" + } + }, + "links": { + "$ref": "#/definitions/AssessmentLinks" + }, + "metadata": { + "$ref": "./assessmentMetadata.json#/definitions/SecurityAssessmentMetadataProperties" + }, + "partnersData": { + "$ref": "#/definitions/SecurityAssessmentPartnerData" + } + }, + "required": [ + "resourceDetails" + ] + }, + "SecurityAssessmentPartnerData": { + "type": "object", + "description": "Data regarding 3rd party partner integration", + "properties": { + "partnerName": { + "type": "string", + "description": "Name of the company of the partner" + }, + "secret": { + "type": "string", + "description": "secret to authenticate the partner - write only", + "x-ms-secret": true + } + }, + "required": [ + "partnerName", + "secret" + ] + }, + "AssessmentLinks": { + "type": "object", + "description": "Links relevant to the assessment", + "readOnly": true, + "properties": { + "azurePortalUri": { + "type": "string", + "description": "Link to assessment in Azure Portal", + "readOnly": true + } + } + }, + "AssessmentStatusResponse": { + "type": "object", + "description": "The result of the assessment", + "properties": { + "firstEvaluationDate": { + "readOnly": true, + "type": "string", + "format": "date-time", + "description": "The time that the assessment was created and first evaluated. Returned as UTC time in ISO 8601 format" + }, + "statusChangeDate": { + "readOnly": true, + "type": "string", + "format": "date-time", + "description": "The time that the status of the assessment last changed. Returned as UTC time in ISO 8601 format" + } + }, + "allOf": [ + { + "$ref": "#/definitions/AssessmentStatus" + } + ] + }, + "AssessmentStatus": { + "type": "object", + "description": "The result of the assessment", + "properties": { + "code": { + "type": "string", + "description": "Programmatic code for the status of the assessment", + "enum": [ + "Healthy", + "Unhealthy", + "NotApplicable" + ], + "x-ms-enum": { + "name": "AssessmentStatusCode", + "modelAsString": true, + "values": [ + { + "value": "Healthy", + "description": "The resource is healthy" + }, + { + "value": "Unhealthy", + "description": "The resource has a security issue that needs to be addressed" + }, + { + "value": "NotApplicable", + "description": "Assessment for this resource did not happen" + } + ] + } + }, + "cause": { + "type": "string", + "description": "Programmatic code for the cause of the assessment status" + }, + "description": { + "type": "string", + "description": "Human readable description of the assessment status" + } + }, + "required": [ + "code" + ] + } + }, + "parameters": { + "ExpandAssessments": { + "name": "$expand", + "in": "query", + "required": false, + "type": "string", + "description": "OData expand. Optional.", + "x-ms-parameter-location": "method", + "enum": [ + "links", + "metadata" + ], + "x-ms-enum": { + "name": "ExpandEnum", + "modelAsString": true, + "values": [ + { + "value": "links", + "description": "All links associated with an assessment" + }, + { + "value": "metadata", + "description": "Assessment metadata" + } + ] + } + }, + "AssessmentName": { + "name": "assessmentName", + "in": "path", + "required": true, + "type": "string", + "description": "The Assessment Key - Unique key for the assessment type", + "x-ms-parameter-location": "method" + }, + "AssessmentBody": { + "name": "assessment", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/SecurityAssessment" + }, + "description": "Calculated assessment on a pre-defined assessment metadata", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/DeleteAssessment_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/DeleteAssessment_example.json new file mode 100644 index 000000000000..5a4da6233241 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/DeleteAssessment_example.json @@ -0,0 +1,11 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "resourceId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2", + "assessmentName": "8bb8be0a-6010-4789-812f-e4d661c4ed0e" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessmentWithExpand_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessmentWithExpand_example.json new file mode 100644 index 000000000000..216a2c29dbc4 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessmentWithExpand_example.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "resourceId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2", + "assessmentName": "21300918-b2e3-0346-785f-c77ff57d243b", + "$expand": "links" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b", + "name": "21300918-b2e3-0346-785f-c77ff57d243b", + "type": "Microsoft.Security/assessments", + "properties": { + "resourceDetails": { + "source": "Azure", + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2" + }, + "displayName": "Install endpoint protection solution on virtual machine scale sets", + "status": { + "code": "NotApplicable", + "cause": "OffByPolicy", + "description": "The effective policy for the assessment was evaluated to off - use Microsoft.Authorization/policyAssignments to turn this assessment on", + "statusChangeDate": "2021-04-12T09:07:18.6759138Z", + "firstEvaluationDate": "2021-04-12T09:07:18.6759138Z" + }, + "additionalData": { + "linkedWorkspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myLaWorkspace" + }, + "links": { + "azurePortalUri": "https://www.portal.azure.com/?fea#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/21300918-b2e3-0346-785f-c77ff57d243b" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessment_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessment_example.json new file mode 100644 index 000000000000..00cc1cd605ad --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessment_example.json @@ -0,0 +1,33 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "resourceId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2", + "assessmentName": "21300918-b2e3-0346-785f-c77ff57d243b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b", + "name": "21300918-b2e3-0346-785f-c77ff57d243b", + "type": "Microsoft.Security/assessments", + "properties": { + "resourceDetails": { + "source": "Azure", + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2" + }, + "displayName": "Install endpoint protection solution on virtual machine scale sets", + "status": { + "code": "NotApplicable", + "cause": "OffByPolicy", + "description": "The effective policy for the assessment was evaluated to off - use Microsoft.Authorization/policyAssignments to turn this assessment on", + "statusChangeDate": "2021-04-12T09:07:18.6759138Z", + "firstEvaluationDate": "2021-04-12T09:07:18.6759138Z" + }, + "additionalData": { + "linkedWorkspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myLaWorkspace" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/ListAssessments_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/ListAssessments_example.json new file mode 100644 index 000000000000..9fcb5d07a2f7 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/ListAssessments_example.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b", + "name": "21300918-b2e3-0346-785f-c77ff57d243b", + "type": "Microsoft.Security/assessments", + "properties": { + "resourceDetails": { + "source": "Azure", + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1" + }, + "displayName": "Install endpoint protection solution on virtual machine scale sets", + "status": { + "code": "Healthy", + "statusChangeDate": "2021-04-12T09:07:18.6759138Z", + "firstEvaluationDate": "2021-04-12T09:07:18.6759138Z" + } + } + }, + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b", + "name": "21300918-b2e3-0346-785f-c77ff57d243b", + "type": "Microsoft.Security/assessments", + "properties": { + "resourceDetails": { + "source": "Azure", + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2" + }, + "displayName": "Install endpoint protection solution on virtual machine scale sets", + "status": { + "code": "NotApplicable", + "cause": "OffByPolicy", + "description": "The effective policy for the assessment was evaluated to off - use Microsoft.Authorization/policyAssignments to turn this assessment on", + "statusChangeDate": "2021-04-12T09:07:18.6759138Z", + "firstEvaluationDate": "2021-04-12T09:07:18.6759138Z" + }, + "additionalData": { + "linkedWorkspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myLaWorkspace" + } + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/PutAssessment_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/PutAssessment_example.json new file mode 100644 index 000000000000..36964844cd9c --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/PutAssessment_example.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "resourceId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2", + "assessmentName": "8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "assessment": { + "properties": { + "resourceDetails": { + "source": "Azure" + }, + "status": { + "code": "Healthy" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1/providers/Microsoft.Security/assessments/8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "name": "8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "type": "Microsoft.Security/assessments", + "properties": { + "resourceDetails": { + "source": "Azure", + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1/providers/Microsoft.Security/assessments/8bb8be0a-6010-4789-812f-e4d661c4ed0e" + }, + "displayName": "Install internal agent on VM", + "status": { + "code": "Healthy" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1/providers/Microsoft.Security/assessments/8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "name": "8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "type": "Microsoft.Security/assessments", + "properties": { + "resourceDetails": { + "source": "Azure", + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1/providers/Microsoft.Security/assessments/8bb8be0a-6010-4789-812f-e4d661c4ed0e" + }, + "displayName": "Install internal agent on VM", + "status": { + "code": "Healthy" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json new file mode 100644 index 000000000000..f2f8d67693b6 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "subscriptionId": "0980887d-03d6-408c-9566-532f3456804e", + "assessmentMetadataName": "ca039e75-a276-4175-aebc-bcd41e4b14b7", + "assessmentMetadata": { + "properties": { + "displayName": "Install endpoint protection solution on virtual machine scale sets", + "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.", + "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set", + "categories": [ + "Compute" + ], + "severity": "Medium", + "userImpact": "Low", + "implementationEffort": "Low", + "threats": [ + "dataExfiltration", + "dataSpillage", + "maliciousInsider" + ], + "assessmentType": "CustomerManaged" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/providers/Microsoft.Security/assessmentMetadata/ca039e75-a276-4175-aebc-bcd41e4b14b7", + "name": "ca039e75-a276-4175-aebc-bcd41e4b14b7", + "type": "Microsoft.Security/assessmentMetadata", + "properties": { + "displayName": "My organization security assessment", + "description": "Assessment that my organization created to view our security assessment in Azure Security Center", + "remediationDescription": "Fix it with these remediation instructions", + "categories": [ + "Compute" + ], + "severity": "Medium", + "userImpact": "Low", + "implementationEffort": "Low", + "threats": [ + "dataExfiltration", + "dataSpillage", + "maliciousInsider" + ], + "assessmentType": "CustomerManaged" + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json new file mode 100644 index 000000000000..592c45b8848b --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json @@ -0,0 +1,10 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "subscriptionId": "0980887d-03d6-408c-9566-532f3456804e", + "assessmentMetadataName": "ca039e75-a276-4175-aebc-bcd41e4b14b7" + }, + "responses": { + "200": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json new file mode 100644 index 000000000000..1d3b5a8c2ae8 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "assessmentMetadataName": "21300918-b2e3-0346-785f-c77ff57d243b" + }, + "responses": { + "200": { + "body": { + "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b", + "name": "21300918-b2e3-0346-785f-c77ff57d243b", + "type": "Microsoft.Security/assessmentMetadata", + "properties": { + "displayName": "Install endpoint protection solution on virtual machine scale sets", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", + "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.", + "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set", + "categories": [ + "Compute" + ], + "severity": "Medium", + "userImpact": "Low", + "implementationEffort": "Low", + "threats": [ + "dataExfiltration", + "dataSpillage", + "maliciousInsider" + ], + "publishDates": { + "GA": "06/01/2021", + "public": "06/01/2021" + }, + "plannedDeprecationDate": "03/2022", + "tactics": [ + "Credential Access", + "Persistence", + "Execution", + "Defense Evasion", + "Collection", + "Discovery", + "Privilege Escalation" + ], + "techniques": [ + "Obuscated Files or Information", + "Ingress Tool Transfer", + "Phishing", + "User Execution" + ], + "assessmentType": "BuiltIn" + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json new file mode 100644 index 000000000000..eccba4cfa404 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "subscriptionId": "0980887d-03d6-408c-9566-532f3456804e", + "assessmentMetadataName": "21300918-b2e3-0346-785f-c77ff57d243b" + }, + "responses": { + "200": { + "body": { + "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b", + "name": "21300918-b2e3-0346-785f-c77ff57d243b", + "type": "Microsoft.Security/assessmentMetadata", + "properties": { + "displayName": "Install endpoint protection solution on virtual machine scale sets", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", + "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.", + "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set", + "categories": [ + "Compute" + ], + "severity": "Medium", + "userImpact": "Low", + "implementationEffort": "Low", + "threats": [ + "dataExfiltration", + "dataSpillage", + "maliciousInsider" + ], + "publishDates": { + "GA": "06/01/2021", + "public": "06/01/2021" + }, + "plannedDeprecationDate": "03/2022", + "tactics": [ + "Credential Access", + "Persistence", + "Execution", + "Defense Evasion", + "Collection", + "Discovery", + "Privilege Escalation" + ], + "techniques": [ + "Obuscated Files or Information", + "Ingress Tool Transfer", + "Phishing", + "User Execution" + ], + "assessmentType": "BuiltIn" + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json new file mode 100644 index 000000000000..9dd72f1eddb5 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json @@ -0,0 +1,106 @@ +{ + "parameters": { + "api-version": "2021-06-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b", + "name": "21300918-b2e3-0346-785f-c77ff57d243b", + "type": "Microsoft.Security/assessmentMetadata", + "properties": { + "displayName": "Install endpoint protection solution on virtual machine scale sets", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", + "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.", + "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set", + "categories": [ + "Compute" + ], + "severity": "Medium", + "userImpact": "Low", + "implementationEffort": "Low", + "threats": [ + "dataExfiltration", + "dataSpillage", + "maliciousInsider" + ], + "publishDates": { + "GA": "06/01/2021", + "public": "06/01/2021" + }, + "plannedDeprecationDate": "03/2022", + "tactics": [ + "Credential Access", + "Persistence", + "Execution", + "Defense Evasion", + "Collection", + "Discovery", + "Privilege Escalation" + ], + "techniques": [ + "Obuscated Files or Information", + "Ingress Tool Transfer", + "Phishing", + "User Execution" + ], + "assessmentType": "BuiltIn" + } + }, + { + "id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe", + "name": "bc303248-3d14-44c2-96a0-55f5c326b5fe", + "type": "Microsoft.Security/assessmentMetadata", + "properties": { + "displayName": "Close management ports on your virtual machines", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917", + "description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.", + "remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.
To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'", + "categories": [ + "Networking" + ], + "severity": "Medium", + "userImpact": "High", + "implementationEffort": "Low", + "threats": [ + "dataExfiltration", + "dataSpillage", + "maliciousInsider" + ], + "publishDates": { + "GA": "06/01/2021", + "public": "06/01/2021" + }, + "preview": true, + "assessmentType": "CustomPolicy" + } + }, + { + "id": "/providers/Microsoft.Security/assessmentMetadata/ca039e75-a276-4175-aebc-bcd41e4b14b7", + "name": "ca039e75-a276-4175-aebc-bcd41e4b14b7", + "type": "Microsoft.Security/assessmentMetadata", + "properties": { + "displayName": "My organization security assessment", + "description": "Assessment that my organization created to view our security assessment in Azure Security Center", + "remediationDescription": "Fix it with these remediation instructions", + "categories": [ + "Compute" + ], + "severity": "Medium", + "userImpact": "Low", + "implementationEffort": "Low", + "threats": [], + "publishDates": { + "GA": "06/01/2021", + "public": "06/01/2021" + }, + "assessmentType": "CustomerManaged" + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json new file mode 100644 index 000000000000..652a8c6eca31 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json @@ -0,0 +1,85 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "subscriptionId": "0980887d-03d6-408c-9566-532f3456804e" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b", + "name": "21300918-b2e3-0346-785f-c77ff57d243b", + "type": "Microsoft.Security/assessmentMetadata", + "properties": { + "displayName": "Install endpoint protection solution on virtual machine scale sets", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", + "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.", + "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set", + "categories": [ + "Compute" + ], + "severity": "Medium", + "userImpact": "Low", + "implementationEffort": "Low", + "threats": [ + "dataExfiltration", + "dataSpillage", + "maliciousInsider" + ], + "publishDates": { + "GA": "06/01/2021", + "public": "06/01/2021" + }, + "plannedDeprecationDate": "03/2022", + "tactics": [ + "Credential Access", + "Persistence", + "Execution", + "Defense Evasion", + "Collection", + "Discovery", + "Privilege Escalation" + ], + "techniques": [ + "Obuscated Files or Information", + "Ingress Tool Transfer", + "Phishing", + "User Execution" + ], + "assessmentType": "BuiltIn" + } + }, + { + "id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe", + "name": "bc303248-3d14-44c2-96a0-55f5c326b5fe", + "type": "Microsoft.Security/assessmentMetadata", + "properties": { + "displayName": "Close management ports on your virtual machines", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917", + "description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.", + "remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.
To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'", + "categories": [ + "Networking" + ], + "severity": "Medium", + "userImpact": "High", + "implementationEffort": "Low", + "threats": [ + "dataExfiltration", + "dataSpillage", + "maliciousInsider" + ], + "publishDates": { + "GA": "06/01/2021", + "public": "06/01/2021" + }, + "preview": true, + "assessmentType": "CustomPolicy" + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md index d4b674a1eb50..af7c25d76a62 100644 --- a/specification/security/resource-manager/readme.md +++ b/specification/security/resource-manager/readme.md @@ -175,8 +175,8 @@ input-file: - Microsoft.Security/preview/2019-01-01-preview/automations.json - Microsoft.Security/preview/2019-01-01-preview/alertsSuppressionRules.json - Microsoft.Security/stable/2020-01-01/serverVulnerabilityAssessments.json -- Microsoft.Security/stable/2020-01-01/assessmentMetadata.json -- Microsoft.Security/stable/2020-01-01/assessments.json +- Microsoft.Security/stable/2021-06-01/assessmentMetadata.json +- Microsoft.Security/stable/2021-06-01/assessments.json - Microsoft.Security/stable/2020-01-01/applicationWhitelistings.json - Microsoft.Security/stable/2020-01-01/adaptiveNetworkHardenings.json - Microsoft.Security/stable/2020-01-01/allowedConnections.json @@ -421,6 +421,8 @@ These settings apply only when `--tag=package-2021-06-only` is specified on the ``` yaml $(tag) == 'package-2021-06-only' input-file: - Microsoft.Security/stable/2021-06-01/settings.json +- Microsoft.Security/stable/2021-06-01/assessmentMetadata.json +- Microsoft.Security/stable/2021-06-01/assessments.json # Needed when there is more than one input file override-info: