Dev security microsoft.security 2020 08 06 preview (Azure#11263)

* Create iotAlerts.json

* Updated iotAlerts and example

* missing comma

* Updated all new APIs

* Add new files to readme

* updated samples

* added back newline

* moved scope to parameters section

* remove "x-ms-secret": true

* removed x-ms-secret

* Added model to all reference names

* Try adding back "x-ms-secret": true

* change line order

* another change to line order

* prettier fix

Co-authored-by: Amir Amit <amamit@microsoft.com>

specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlertTypes/GetIoTAlertType.json

@@ -0,0 +1,29 @@
+{
+  "parameters": {
+    "api-version": "2020-08-06-preview",
+    "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+    "iotAlertTypeName": "IoT_PrivilegedContainer"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/iotAlertTypes/IoT_PrivilegedContainer",
+        "name": "IoT_PrivilegedContainer",
+        "type": "Microsoft.Security/iotAlertTypes",
+        "properties": {
+          "alertDisplayName": "Privileged container detected",
+          "severity": "Medium",
+          "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host  resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.",
+          "providerName": "IoTSecurity",
+          "remediationSteps": [
+            "If the container doesn't need to run in privileged mode, remove the privileges from the container."
+          ],
+          "intent": "Exploitation,Execution",
+          "vendorName": "Microsoft",
+          "productName": "Azure Security Center for IoT",
+          "productComponentName": "IoT Hub"
+        }
+      }
+    }
+  }
+}

specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlertTypes/GetIoTAlertTypeList.json

@@ -0,0 +1,32 @@
+{
+  "parameters": {
+    "api-version": "2020-08-06-preview",
+    "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "value": [
+          {
+            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/iotAlertTypes",
+            "name": "IoT_PrivilegedContainer",
+            "type": "Microsoft.Security/iotAlertTypes",
+            "properties": {
+              "alertDisplayName": "Privileged container detected",
+              "severity": "Medium",
+              "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host  resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.",
+              "providerName": "IoTSecurity",
+              "remediationSteps": [
+                "If the container doesn't need to run in privileged mode, remove the privileges from the container."
+              ],
+              "intent": "Exploitation,Execution",
+              "vendorName": "Microsoft",
+              "productName": "Azure Security Center for IoT",
+              "productComponentName": "IoT Hub"
+            }
+          }
+        ]
+      }
+    }
+  }
+}

specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlerts/GetIoTAlert.json

@@ -0,0 +1,34 @@
+{
+  "parameters": {
+    "api-version": "2020-08-06-preview",
+    "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Devices/IotHubs/myIotHub",
+    "iotAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "properties": {
+          "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8",
+          "compromisedEntity": "device-1",
+          "alertType": "IoT_PrivilegedContainer",
+          "startTimeUtc": "2020-05-13T06:32:25Z",
+          "endTimeUtc": "2020-05-13T06:32:25Z",
+          "entities": [
+            {
+              "$id": "1",
+              "CommandLine": "docker run --privileged",
+              "Type": "process"
+            }
+          ],
+          "extendedProperties": {
+            "CommandLine": "docker run --privileged",
+            "User Name": "aUser",
+            "UserId": "",
+            "ParentProcessId": 1593,
+            "DeviceId": "device-1"
+          }
+        }
+      }
+    }
+  }
+}

specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlerts/GetIoTAlertList.json

@@ -0,0 +1,43 @@
+{
+  "parameters": {
+    "api-version": "2020-08-06-preview",
+    "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Devices/IotHubs/myIotHub",
+    "alertType": "IoT_PrivilegedContainer",
+    "startTimeUtc>": "2020-05-12T06:32:25Z",
+    "startTimeUtc<": "2020-05-14T06:32:25Z",
+    "compromisedEntity": "device-1",
+    "$limit": 1
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "value": [
+          {
+            "properties": {
+              "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8",
+              "compromisedEntity": "device-1",
+              "alertType": "IoT_PrivilegedContainer",
+              "startTimeUtc": "2020-05-13T06:32:25Z",
+              "endTimeUtc": "2020-05-13T06:32:25Z",
+              "entities": [
+                {
+                  "$id": "1",
+                  "CommandLine": "docker run --privileged",
+                  "Type": "process"
+                }
+              ],
+              "extendedProperties": {
+                "CommandLine": "docker run --privileged",
+                "User Name": "aUser",
+                "UserId": "",
+                "ParentProcessId": 1593,
+                "DeviceId": "device-1"
+              }
+            }
+          }
+        ],
+        "nextLink": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Devices/iotHubs/myIotHub/providers/Microsoft.Security/iotAlerts?api-version=2020-08-06-preview&alertType=IoT_PrivilegedContainer&startTimeUtc>=2020-05-12T06:32:25Z&startTimeUtc<=2020-05-14T06:32:25Z&compromisedEntity=device-1&$limit=1&$skipToken=903e76ff-17eb-4bac-ac8a-2bc31ab68fd8"
+      }
+    }
+  }
+}

specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotRecommendationTypes/GetIoTRecommendationType.json

@@ -0,0 +1,28 @@
+{
+  "parameters": {
+    "api-version": "2020-08-06-preview",
+    "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+    "iotRecommendationTypeName": "IoT_VulnerableTLSCipherSuite"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/iotRecommendationTypes/IoT_VulnerableTLSCipherSuite",
+        "name": "IoT_VulnerableTLSCipherSuite",
+        "type": "Microsoft.Security/iotRecommendationTypes",
+        "properties": {
+          "recommendationDisplayName": "TLS cipher suite upgrade needed",
+          "severity": "Medium",
+          "description": "Insecure TLS configurations detected. Immediate TLS cipher suite upgrade recommended.",
+          "remediationSteps": [
+            "Upgrade your TLS cipher suite to a secure configuration. See the Guide to TLS Standards Compliance for more information."
+          ],
+          "vendorName": "Microsoft",
+          "control": "Communication between device and IoT Hub is not optimized",
+          "productName": "Azure Security Center for IoT",
+          "productComponentName": "IoT Hub"
+        }
+      }
+    }
+  }
+}

specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotRecommendationTypes/GetIoTRecommendationTypeList.json

@@ -0,0 +1,31 @@
+{
+  "parameters": {
+    "api-version": "2020-08-06-preview",
+    "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "value": [
+          {
+            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/iotRecommendationTypes/IoT_VulnerableTLSCipherSuite",
+            "name": "IoT_VulnerableTLSCipherSuite",
+            "type": "Microsoft.Security/iotRecommendationTypes",
+            "properties": {
+              "recommendationDisplayName": "TLS cipher suite upgrade needed",
+              "severity": "Medium",
+              "description": "Insecure TLS configurations detected. Immediate TLS cipher suite upgrade recommended.",
+              "remediationSteps": [
+                "Upgrade your TLS cipher suite to a secure configuration. See the Guide to TLS Standards Compliance for more information."
+              ],
+              "vendorName": "Microsoft",
+              "control": "Communication between device and IoT Hub is not optimized",
+              "productName": "Azure Security Center for IoT",
+              "productComponentName": "IoT Hub"
+            }
+          }
+        ]
+      }
+    }
+  }
+}

specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotRecommendations/GetIoTRecommendation.json

@@ -0,0 +1,27 @@
+{
+  "parameters": {
+    "api-version": "2020-08-06-preview",
+    "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Devices/IotHubs/myIotHub",
+    "iotRecommendationId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "name": "IoT_Baseline|device-1",
+        "properties": {
+          "recommendationType": "IoT_Baseline",
+          "deviceId": "device-1",
+          "discoveredTimeUtc": "2020-05-13T06:32:25Z",
+          "recommendationAdditionalData": {
+            "SnapshotId": "48519d58-4e35-46cd-aed5-6251af95ed50",
+            "TotalFailedRules": "7",
+            "TotalRulesFailedDuoToError": "1",
+            "TotalInformationalFailedRules": "2",
+            "TotalCriticalFailedRules": "3",
+            "TotalWarningFailedRules": "1"
+          }
+        }
+      }
+    }
+  }
+}

specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotRecommendations/GetIoTRecommendationList.json

@@ -0,0 +1,34 @@
+{
+  "parameters": {
+    "api-version": "2020-08-06-preview",
+    "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Devices/IotHubs/myIotHub",
+    "recommendationType": "IoT_Baseline",
+    "deviceId": "device-1",
+    "$limit": 1
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "value": [
+          {
+            "name": "IoT_Baseline|device-1",
+            "properties": {
+              "recommendationType": "IoT_Baseline",
+              "deviceId": "device-1",
+              "discoveredTimeUtc": "2020-05-13T06:32:25Z",
+              "recommendationAdditionalData": {
+                "SnapshotId": "48519d58-4e35-46cd-aed5-6251af95ed50",
+                "TotalFailedRules": "7",
+                "TotalRulesFailedDuoToError": "1",
+                "TotalInformationalFailedRules": "2",
+                "TotalCriticalFailedRules": "3",
+                "TotalWarningFailedRules": "1"
+              }
+            }
+          }
+        ],
+        "nextLink": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myGroup/providers/Microsoft.Devices/iotHubs/myIotHub/providers/Microsoft.Security/iotRecommendations?api-version=2020-08-06-preview&recommendationType=IoT_Baseline&deviceId=device-1&$limit=1&$skipToken=903e76ff-17eb-4bac-ac8a-2bc31ab68fd8"
+      }
+    }
+  }
+}