diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlertTypes/GetIoTAlertType.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlertTypes/GetIoTAlertType.json new file mode 100644 index 000000000000..87ce81ea38b0 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlertTypes/GetIoTAlertType.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2020-08-06-preview", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "iotAlertTypeName": "IoT_PrivilegedContainer" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/iotAlertTypes/IoT_PrivilegedContainer", + "name": "IoT_PrivilegedContainer", + "type": "Microsoft.Security/iotAlertTypes", + "properties": { + "alertDisplayName": "Privileged container detected", + "severity": "Medium", + "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.", + "providerName": "IoTSecurity", + "remediationSteps": [ + "If the container doesn't need to run in privileged mode, remove the privileges from the container." + ], + "intent": "Exploitation,Execution", + "vendorName": "Microsoft", + "productName": "Azure Security Center for IoT", + "productComponentName": "IoT Hub" + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlertTypes/GetIoTAlertTypeList.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlertTypes/GetIoTAlertTypeList.json new file mode 100644 index 000000000000..80e82e38a730 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlertTypes/GetIoTAlertTypeList.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2020-08-06-preview", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/iotAlertTypes", + "name": "IoT_PrivilegedContainer", + "type": "Microsoft.Security/iotAlertTypes", + "properties": { + "alertDisplayName": "Privileged container detected", + "severity": "Medium", + "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.", + "providerName": "IoTSecurity", + "remediationSteps": [ + "If the container doesn't need to run in privileged mode, remove the privileges from the container." + ], + "intent": "Exploitation,Execution", + "vendorName": "Microsoft", + "productName": "Azure Security Center for IoT", + "productComponentName": "IoT Hub" + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlerts/GetIoTAlert.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlerts/GetIoTAlert.json new file mode 100644 index 000000000000..cc79de173fdf --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlerts/GetIoTAlert.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2020-08-06-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Devices/IotHubs/myIotHub", + "iotAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8" + }, + "responses": { + "200": { + "body": { + "properties": { + "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "compromisedEntity": "device-1", + "alertType": "IoT_PrivilegedContainer", + "startTimeUtc": "2020-05-13T06:32:25Z", + "endTimeUtc": "2020-05-13T06:32:25Z", + "entities": [ + { + "$id": "1", + "CommandLine": "docker run --privileged", + "Type": "process" + } + ], + "extendedProperties": { + "CommandLine": "docker run --privileged", + "User Name": "aUser", + "UserId": "", + "ParentProcessId": 1593, + "DeviceId": "device-1" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlerts/GetIoTAlertList.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlerts/GetIoTAlertList.json new file mode 100644 index 000000000000..fb551a2c7ef1 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlerts/GetIoTAlertList.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2020-08-06-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Devices/IotHubs/myIotHub", + "alertType": "IoT_PrivilegedContainer", + "startTimeUtc>": "2020-05-12T06:32:25Z", + "startTimeUtc<": "2020-05-14T06:32:25Z", + "compromisedEntity": "device-1", + "$limit": 1 + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "compromisedEntity": "device-1", + "alertType": "IoT_PrivilegedContainer", + "startTimeUtc": "2020-05-13T06:32:25Z", + "endTimeUtc": "2020-05-13T06:32:25Z", + "entities": [ + { + "$id": "1", + "CommandLine": "docker run --privileged", + "Type": "process" + } + ], + "extendedProperties": { + "CommandLine": "docker run --privileged", + "User Name": "aUser", + "UserId": "", + "ParentProcessId": 1593, + "DeviceId": "device-1" + } + } + } + ], + "nextLink": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Devices/iotHubs/myIotHub/providers/Microsoft.Security/iotAlerts?api-version=2020-08-06-preview&alertType=IoT_PrivilegedContainer&startTimeUtc>=2020-05-12T06:32:25Z&startTimeUtc<=2020-05-14T06:32:25Z&compromisedEntity=device-1&$limit=1&$skipToken=903e76ff-17eb-4bac-ac8a-2bc31ab68fd8" + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotRecommendationTypes/GetIoTRecommendationType.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotRecommendationTypes/GetIoTRecommendationType.json new file mode 100644 index 000000000000..ecc8b4b4b15e --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotRecommendationTypes/GetIoTRecommendationType.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2020-08-06-preview", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "iotRecommendationTypeName": "IoT_VulnerableTLSCipherSuite" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/iotRecommendationTypes/IoT_VulnerableTLSCipherSuite", + "name": "IoT_VulnerableTLSCipherSuite", + "type": "Microsoft.Security/iotRecommendationTypes", + "properties": { + "recommendationDisplayName": "TLS cipher suite upgrade needed", + "severity": "Medium", + "description": "Insecure TLS configurations detected. Immediate TLS cipher suite upgrade recommended.", + "remediationSteps": [ + "Upgrade your TLS cipher suite to a secure configuration. See the Guide to TLS Standards Compliance for more information." + ], + "vendorName": "Microsoft", + "control": "Communication between device and IoT Hub is not optimized", + "productName": "Azure Security Center for IoT", + "productComponentName": "IoT Hub" + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotRecommendationTypes/GetIoTRecommendationTypeList.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotRecommendationTypes/GetIoTRecommendationTypeList.json new file mode 100644 index 000000000000..ba7a86b41b0b --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotRecommendationTypes/GetIoTRecommendationTypeList.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2020-08-06-preview", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/iotRecommendationTypes/IoT_VulnerableTLSCipherSuite", + "name": "IoT_VulnerableTLSCipherSuite", + "type": "Microsoft.Security/iotRecommendationTypes", + "properties": { + "recommendationDisplayName": "TLS cipher suite upgrade needed", + "severity": "Medium", + "description": "Insecure TLS configurations detected. Immediate TLS cipher suite upgrade recommended.", + "remediationSteps": [ + "Upgrade your TLS cipher suite to a secure configuration. See the Guide to TLS Standards Compliance for more information." + ], + "vendorName": "Microsoft", + "control": "Communication between device and IoT Hub is not optimized", + "productName": "Azure Security Center for IoT", + "productComponentName": "IoT Hub" + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotRecommendations/GetIoTRecommendation.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotRecommendations/GetIoTRecommendation.json new file mode 100644 index 000000000000..4c12cfdae65b --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotRecommendations/GetIoTRecommendation.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2020-08-06-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Devices/IotHubs/myIotHub", + "iotRecommendationId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8" + }, + "responses": { + "200": { + "body": { + "name": "IoT_Baseline|device-1", + "properties": { + "recommendationType": "IoT_Baseline", + "deviceId": "device-1", + "discoveredTimeUtc": "2020-05-13T06:32:25Z", + "recommendationAdditionalData": { + "SnapshotId": "48519d58-4e35-46cd-aed5-6251af95ed50", + "TotalFailedRules": "7", + "TotalRulesFailedDuoToError": "1", + "TotalInformationalFailedRules": "2", + "TotalCriticalFailedRules": "3", + "TotalWarningFailedRules": "1" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotRecommendations/GetIoTRecommendationList.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotRecommendations/GetIoTRecommendationList.json new file mode 100644 index 000000000000..b6f909d395bc --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotRecommendations/GetIoTRecommendationList.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2020-08-06-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Devices/IotHubs/myIotHub", + "recommendationType": "IoT_Baseline", + "deviceId": "device-1", + "$limit": 1 + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "IoT_Baseline|device-1", + "properties": { + "recommendationType": "IoT_Baseline", + "deviceId": "device-1", + "discoveredTimeUtc": "2020-05-13T06:32:25Z", + "recommendationAdditionalData": { + "SnapshotId": "48519d58-4e35-46cd-aed5-6251af95ed50", + "TotalFailedRules": "7", + "TotalRulesFailedDuoToError": "1", + "TotalInformationalFailedRules": "2", + "TotalCriticalFailedRules": "3", + "TotalWarningFailedRules": "1" + } + } + } + ], + "nextLink": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Devices/iotHubs/myIotHub/providers/Microsoft.Security/iotRecommendations?api-version=2020-08-06-preview&recommendationType=IoT_Baseline&deviceId=device-1&$limit=1&$skipToken=903e76ff-17eb-4bac-ac8a-2bc31ab68fd8" + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/iotAlertTypes.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/iotAlertTypes.json new file mode 100644 index 000000000000..a1dd8e2d4361 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/iotAlertTypes.json @@ -0,0 +1,307 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "version": "2020-08-06-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/iotAlertTypes": { + "get": { + "x-ms-examples": { + "Get IoT Alert Types": { + "$ref": "./examples/IotAlertTypes/GetIoTAlertTypeList.json" + } + }, + "tags": [ + "IoT Security Alert Types" + ], + "description": "List IoT alert types", + "operationId": "IotAlertTypes_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IotAlertTypeList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/iotAlertTypes/{iotAlertTypeName}": { + "get": { + "x-ms-examples": { + "Get IoT Alert Type": { + "$ref": "./examples/IotAlertTypes/GetIoTAlertType.json" + } + }, + "tags": [ + "IoT Security Alert Types" + ], + "operationId": "IotAlertTypes_Get", + "description": "Get IoT alert type", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "in": "path", + "name": "iotAlertTypeName", + "required": true, + "type": "string", + "description": "Name of the alert type" + } + ], + "responses": { + "200": { + "description": "IoT alert type", + "schema": { + "$ref": "#/definitions/IotAlertType" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "IotAlertTypeList": { + "type": "object", + "description": "List of alert types", + "properties": { + "value": { + "type": "array", + "description": "List data", + "items": { + "$ref": "#/definitions/IotAlertType" + } + } + } + }, + "IotAlertType": { + "type": "object", + "description": "IoT alert type.", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Alert type properties", + "$ref": "#/definitions/IotAlertTypeProperties" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] + }, + "IotAlertTypeProperties": { + "type": "object", + "description": "IoT alert type information.", + "properties": { + "alertDisplayName": { + "readOnly": true, + "type": "string", + "example": "Privileged container detected", + "description": "The display name of the alert" + }, + "severity": { + "readOnly": true, + "type": "string", + "example": "Medium", + "description": "The severity of the alert", + "enum": [ + "Informational", + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "alertSeverity", + "modelAsString": true, + "values": [ + { + "value": "Informational" + }, + { + "value": "Low" + }, + { + "value": "Medium" + }, + { + "value": "High" + } + ] + } + }, + "description": { + "readOnly": true, + "type": "string", + "description": "Description of the suspected vulnerability and meaning.", + "example": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine." + }, + "providerName": { + "readOnly": true, + "type": "string", + "example": "IoTSecurity", + "description": "The name of the alert provider or internal partner" + }, + "productName": { + "readOnly": true, + "type": "string", + "example": "Azure Security Center for IoT", + "description": "The name of the product which published this alert" + }, + "productComponentName": { + "readOnly": true, + "type": "string", + "example": "IoT Hub", + "description": "The name of a component inside the product which generated the alert" + }, + "vendorName": { + "readOnly": true, + "type": "string", + "example": "Microsoft", + "description": "The name of the vendor that raise the alert" + }, + "intent": { + "readOnly": true, + "type": "string", + "example": "Exploitation,Execution", + "description": "Kill chain related intent behind the alert. Could contain multiple enum values (separated by commas)", + "enum": [ + "Unknown", + "PreAttack", + "InitialAccess", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Execution", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact", + "Probing", + "Exploitation" + ], + "x-ms-enum": { + "name": "alertIntent", + "modelAsString": true, + "values": [ + { + "value": "Unknown" + }, + { + "value": "PreAttack" + }, + { + "value": "InitialAccess" + }, + { + "value": "Persistence" + }, + { + "value": "PrivilegeEscalation" + }, + { + "value": "DefenseEvasion" + }, + { + "value": "CredentialAccess" + }, + { + "value": "Discovery" + }, + { + "value": "LateralMovement" + }, + { + "value": "Execution" + }, + { + "value": "Collection" + }, + { + "value": "Exfiltration" + }, + { + "value": "CommandAndControl" + }, + { + "value": "Impact" + }, + { + "value": "Probing" + }, + { + "value": "Exploitation" + } + ] + } + }, + "remediationSteps": { + "readOnly": true, + "description": "Manual action items to take to remediate the alert", + "type": "array", + "items": { + "type": "string", + "example": "If the container doesn't need to run in privileged mode, remove the privileges from the container." + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/iotAlerts.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/iotAlerts.json new file mode 100644 index 000000000000..3c6af28c9e93 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/iotAlerts.json @@ -0,0 +1,284 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "version": "2020-08-06-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Security/iotAlerts": { + "get": { + "x-ms-examples": { + "List IoT Alerts": { + "$ref": "./examples/IotAlerts/GetIoTAlertList.json" + } + }, + "tags": [ + "IoT Security Alerts" + ], + "description": "List IoT alerts", + "operationId": "IotAlerts_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/IotAlertScope" + }, + { + "in": "query", + "name": "startTimeUtc>", + "x-ms-client-name": "minStartTimeUtc", + "required": false, + "type": "string", + "description": "Filter by minimum startTimeUtc (ISO 8601 format)" + }, + { + "in": "query", + "name": "startTimeUtc<", + "x-ms-client-name": "maxStartTimeUtc", + "required": false, + "type": "string", + "description": "Filter by maximum startTimeUtc (ISO 8601 format)" + }, + { + "in": "query", + "name": "alertType", + "required": false, + "type": "string", + "description": "Filter by alert type" + }, + { + "in": "query", + "name": "deviceManagementType", + "required": false, + "type": "string", + "enum": [ + "Managed", + "Unmanaged" + ], + "description": "Get devices only from specific type, Managed or Unmanaged.", + "x-ms-enum": { + "name": "ManagementState", + "modelAsString": true + } + }, + { + "in": "query", + "name": "compromisedEntity", + "required": false, + "type": "string", + "description": "Filter by compromised device" + }, + { + "in": "query", + "name": "$limit", + "required": false, + "type": "integer", + "format": "int32", + "description": "Limit the number of items returned in a single page" + }, + { + "in": "query", + "name": "$skipToken", + "required": false, + "type": "string", + "description": "Skip token used for pagination" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IotAlertListModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/{scope}/providers/Microsoft.Security/iotAlerts/{iotAlertId}": { + "get": { + "x-ms-examples": { + "Get IoT Alert": { + "$ref": "./examples/IotAlerts/GetIoTAlert.json" + } + }, + "tags": [ + "IoT Security Alerts" + ], + "operationId": "IotAlerts_Get", + "description": "Get IoT alert", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/IotAlertScope" + }, + { + "in": "path", + "name": "iotAlertId", + "required": true, + "type": "string", + "description": "Id of the alert" + } + ], + "responses": { + "200": { + "description": "IoT alert", + "schema": { + "$ref": "#/definitions/IotAlertModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "IotAlertListModel": { + "description": "List of IoT alerts", + "type": "object", + "properties": { + "value": { + "description": "List data", + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/IotAlertModel" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "When available, follow the URI to get the next page of data" + } + } + }, + "IotAlertModel": { + "type": "object", + "description": "IoT alert", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Alert properties", + "$ref": "#/definitions/IotAlertPropertiesModel" + } + } + }, + "IotAlertPropertiesModel": { + "type": "object", + "description": "IoT alert properties", + "properties": { + "systemAlertId": { + "description": "Holds the product canonical identifier of the alert within the scope of a product", + "readOnly": true, + "type": "string", + "example": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8" + }, + "compromisedEntity": { + "description": "Display name of the main entity being reported on", + "readOnly": true, + "type": "string", + "example": "device-1" + }, + "alertType": { + "description": "The type name of the alert", + "readOnly": true, + "type": "string", + "example": "IoT_PrivilegedContainer" + }, + "startTimeUtc": { + "description": "The impact start time of the alert (the time of the first event or activity included in the alert)", + "readOnly": true, + "type": "string", + "example": "2020-05-13T06:32:25Z" + }, + "endTimeUtc": { + "description": "The impact end time of the alert (the time of the last event or activity included in the alert)", + "readOnly": true, + "type": "string", + "example": "2020-05-13T06:32:25Z" + }, + "entities": { + "description": "A list of entities related to the alert", + "type": "array", + "items": { + "type": "object" + }, + "example": [ + { + "$id": "1", + "CommandLine": "docker run --privileged", + "Type": "process" + } + ] + }, + "extendedProperties": { + "type": "object", + "description": "A bag of fields which extends the alert information", + "example": { + "CommandLine": "docker run --privileged", + "User Name": "aUser", + "UserId": "", + "ParentProcessId": 1593, + "DeviceId": "device-1" + } + } + } + } + }, + "parameters": { + "IotAlertScope": { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "Scope of the query: Subscription (i.e. /subscriptions/{subscriptionId}) or IoT Hub (i.e. /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Devices/iotHubs/{iotHubName})", + "x-ms-parameter-location": "method", + "x-ms-skip-url-encoding": true + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/iotRecommendationTypes.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/iotRecommendationTypes.json new file mode 100644 index 000000000000..9299fa3006e2 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/iotRecommendationTypes.json @@ -0,0 +1,247 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "version": "2020-08-06-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/iotRecommendationTypes": { + "get": { + "x-ms-examples": { + "Get IoT Recommendation Types": { + "$ref": "./examples/IotRecommendationTypes/GetIoTRecommendationTypeList.json" + } + }, + "tags": [ + "IoT Security Recommendation Types" + ], + "description": "List IoT recommendation types", + "operationId": "IotRecommendationTypes_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IotRecommendationTypeList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/iotRecommendationTypes/{iotRecommendationTypeName}": { + "get": { + "x-ms-examples": { + "Get IoT Recommendation Type": { + "$ref": "./examples/IotRecommendationTypes/GetIoTRecommendationType.json" + } + }, + "tags": [ + "IoT Security Recommendation Types" + ], + "operationId": "IotRecommendationTypes_Get", + "description": "Get IoT recommendation type", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "in": "path", + "name": "iotRecommendationTypeName", + "required": true, + "type": "string", + "description": "Name of the recommendation type" + } + ], + "responses": { + "200": { + "description": "IoT recommendation type", + "schema": { + "$ref": "#/definitions/IotRecommendationType" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "IotRecommendationTypeList": { + "type": "object", + "description": "List of recommendation types", + "properties": { + "value": { + "type": "array", + "description": "List data", + "items": { + "$ref": "#/definitions/IotRecommendationType" + } + } + } + }, + "IotRecommendationType": { + "type": "object", + "description": "IoT recommendation type.", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Recommendation type properties", + "$ref": "#/definitions/IotRecommendationTypeProperties" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] + }, + "IotRecommendationTypeProperties": { + "type": "object", + "description": "IoT recommendation type information.", + "properties": { + "recommendationDisplayName": { + "readOnly": true, + "type": "string", + "example": "TLS cipher suite upgrade needed", + "description": "The display name of the recommendation" + }, + "severity": { + "readOnly": true, + "type": "string", + "example": "Medium", + "description": "The severity of the recommendation", + "enum": [ + "Unknown", + "NotApplicable", + "Healthy", + "OffByPolicy", + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "recommendationSeverity", + "modelAsString": true, + "values": [ + { + "value": "Unknown" + }, + { + "value": "NotApplicable" + }, + { + "value": "Healthy" + }, + { + "value": "OffByPolicy" + }, + { + "value": "Low" + }, + { + "value": "Medium" + }, + { + "value": "High" + } + ] + } + }, + "description": { + "readOnly": true, + "type": "string", + "description": "Description of the suspected vulnerability and meaning.", + "example": "Insecure TLS configurations detected. Immediate TLS cipher suite upgrade recommended." + }, + "productName": { + "readOnly": true, + "type": "string", + "example": "Azure Security Center for IoT", + "description": "The name of the product which published this recommendation" + }, + "productComponentName": { + "readOnly": true, + "type": "string", + "example": "IoT Hub", + "description": "The name of a component inside the product which generated the recommendation" + }, + "vendorName": { + "readOnly": true, + "type": "string", + "example": "Microsoft", + "description": "The name of the vendor that raised the recommendation" + }, + "control": { + "readOnly": true, + "type": "string", + "example": "Communication between device and IoT Hub is not optimized", + "description": "The name of the recommendation's control category " + }, + "remediationSteps": { + "readOnly": true, + "description": "Manual action items to take to resolve the recommendation", + "type": "array", + "items": { + "type": "string", + "example": "Upgrade your TLS cipher suite to a secure configuration. See the Guide to TLS Standards Compliance for more information." + } + }, + "dataSource": { + "readOnly": true, + "description": "The alert's data source", + "type": "string", + "example": "IoT Hub" + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/iotRecommendations.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/iotRecommendations.json new file mode 100644 index 000000000000..325bc059bf72 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/iotRecommendations.json @@ -0,0 +1,233 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "version": "2020-08-06-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Security/iotRecommendations": { + "get": { + "x-ms-examples": { + "Get IoT Recommendations": { + "$ref": "./examples/IotRecommendations/GetIoTRecommendationList.json" + } + }, + "tags": [ + "IoT Security Recommendations" + ], + "description": "List IoT recommendations", + "operationId": "IotRecommendations_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/IotRecommendationScope" + }, + { + "in": "query", + "name": "recommendationType", + "required": false, + "type": "string", + "description": "Filter by recommendation type" + }, + { + "in": "query", + "name": "deviceId", + "required": false, + "type": "string", + "description": "Filter by device id" + }, + { + "in": "query", + "name": "$limit", + "required": false, + "type": "integer", + "format": "int32", + "description": "Limit the number of items returned in a single page" + }, + { + "in": "query", + "name": "$skipToken", + "required": false, + "type": "string", + "description": "Skip token used for pagination" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IotRecommendationListModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/{scope}/providers/Microsoft.Security/iotRecommendations/{iotRecommendationId}": { + "get": { + "x-ms-examples": { + "Get IoT Recommendation": { + "$ref": "./examples/IotRecommendations/GetIoTRecommendation.json" + } + }, + "tags": [ + "IoT Security Recommendations" + ], + "operationId": "IotRecommendations_Get", + "description": "Get IoT recommendation", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/IotRecommendationScope" + }, + { + "in": "path", + "name": "iotRecommendationId", + "required": true, + "type": "string", + "description": "Id of the recommendation" + } + ], + "responses": { + "200": { + "description": "IoT recommendation", + "schema": { + "$ref": "#/definitions/IotRecommendationModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "IotRecommendationListModel": { + "description": "List of IoT recommendations", + "type": "object", + "properties": { + "value": { + "description": "List data", + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/IotRecommendationModel" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "When available, follow the URI to get the next page of data" + } + } + }, + "IotRecommendationModel": { + "type": "object", + "description": "IoT recommendation", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Recommendation properties", + "$ref": "#/definitions/IotRecommendationPropertiesModel" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] + }, + "IotRecommendationPropertiesModel": { + "type": "object", + "description": "IoT recommendation properties", + "properties": { + "deviceId": { + "description": "Identifier of the device being reported on", + "readOnly": true, + "type": "string", + "example": "device-1" + }, + "recommendationType": { + "description": "The type name of the recommendation", + "readOnly": true, + "type": "string", + "example": "IoT_PrivilegedContainer" + }, + "discoveredTimeUtc": { + "description": "The discovery time of the recommendation", + "readOnly": true, + "type": "string", + "example": "2020-05-13T06:32:25Z" + }, + "recommendationAdditionalData": { + "type": "object", + "description": "A bag of fields which extends the recommendation information", + "example": { + "SnapshotId": "48519d58-4e35-46cd-aed5-6251af95ed50", + "TotalFailedRules": "7", + "TotalRulesFailedDuoToError": "1", + "TotalInformationalFailedRules": "2", + "TotalCriticalFailedRules": "3", + "TotalWarningFailedRules": "1" + } + } + } + } + }, + "parameters": { + "IotRecommendationScope": { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "Scope of the query: Subscription (i.e. /subscriptions/{subscriptionId}) or IoT Hub (i.e. /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Devices/iotHubs/{iotHubName})", + "x-ms-parameter-location": "method", + "x-ms-skip-url-encoding": true + } + } +} diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md index 306b8427852e..9e8651424d97 100644 --- a/specification/security/resource-manager/readme.md +++ b/specification/security/resource-manager/readme.md @@ -188,7 +188,6 @@ input-file: - Microsoft.Security/preview/2017-08-01-preview/securityContacts.json - Microsoft.Security/preview/2017-08-01-preview/workspaceSettings.json - Microsoft.Security/preview/2019-01-01-preview/regulatoryCompliance.json - - Microsoft.Security/preview/2019-01-01-preview/subAssessments.json - Microsoft.Security/preview/2019-01-01-preview/automations.json - Microsoft.Security/preview/2019-01-01-preview/alertsSuppressionRules.json @@ -207,13 +206,17 @@ input-file: - Microsoft.Security/stable/2020-01-01/secureScore.json - Microsoft.Security/stable/2020-01-01/SecuritySolutions.json - Microsoft.Security/preview/2020-01-01-preview/connectors.json +- Microsoft.Security/preview/2020-07-01-preview/sqlVulnerabilityAssessmentsScanOperations.json +- Microsoft.Security/preview/2020-07-01-preview/sqlVulnerabilityAssessmentsScanResultsOperations.json +- Microsoft.Security/preview/2020-07-01-preview/sqlVulnerabilityAssessmentsBaselineRuleOperations.json - Microsoft.Security/preview/2020-08-06-preview/iotDefenderSettings.json - Microsoft.Security/preview/2020-08-06-preview/iotSensors.json - Microsoft.Security/preview/2020-08-06-preview/devices.json - Microsoft.Security/preview/2020-08-06-preview/onPremiseIotSensors.json -- Microsoft.Security/preview/2020-07-01-preview/sqlVulnerabilityAssessmentsScanOperations.json -- Microsoft.Security/preview/2020-07-01-preview/sqlVulnerabilityAssessmentsScanResultsOperations.json -- Microsoft.Security/preview/2020-07-01-preview/sqlVulnerabilityAssessmentsBaselineRuleOperations.json +- Microsoft.Security/preview/2020-08-06-preview/iotAlerts.json +- Microsoft.Security/preview/2020-08-06-preview/iotAlertTypes.json +- Microsoft.Security/preview/2020-08-06-preview/iotRecommendations.json +- Microsoft.Security/preview/2020-08-06-preview/iotRecommendationTypes.json # Needed when there is more than one input file override-info: @@ -417,6 +420,10 @@ input-file: - Microsoft.Security/preview/2020-08-06-preview/iotSensors.json - Microsoft.Security/preview/2020-08-06-preview/devices.json - Microsoft.Security/preview/2020-08-06-preview/onPremiseIotSensors.json +- Microsoft.Security/preview/2020-08-06-preview/iotAlerts.json +- Microsoft.Security/preview/2020-08-06-preview/iotAlertTypes.json +- Microsoft.Security/preview/2020-08-06-preview/iotRecommendations.json +- Microsoft.Security/preview/2020-08-06-preview/iotRecommendationTypes.json # Needed when there is more than one input file override-info: