diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/customRecommedations.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/customRecommedations.json new file mode 100644 index 000000000000..6c38c09a213c --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/customRecommedations.json @@ -0,0 +1,380 @@ +{ + "swagger": "2.0", + "info": { + "title": "Microsoft Defender for Cloud", + "description": "API spec for Microsoft.Security (Microsoft Defender for Cloud) resource provider", + "version": "2023-05-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Security/customRecommendations": { + "get": { + "x-ms-examples": { + "List custom recommendations by subscription scope": { + "$ref": "./examples/CustomRecommendations/ListBySubscriptionCustomRecommendations_example.json" + }, + "List custom recommendations by security connector scope": { + "$ref": "./examples/CustomRecommendations/ListBySecurityConnectorCustomRecommendations_example.json" + }, + "List custom recommendations by management group scope": { + "$ref": "./examples/CustomRecommendations/ListByManagementGroupCustomRecommendations_example.json" + } + }, + "tags": [ + "CustomRecommendations" + ], + "description": "Get a list of all relevant custom recommendations over a scope", + "operationId": "CustomRecommendations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/Scope" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/CustomRecommendationsList" + } + }, + "default": { + "description": "Error response describing why the operation failed", + "schema": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/{scope}/providers/Microsoft.Security/customRecommendations/{customRecommendationName}": { + "get": { + "x-ms-examples": { + "Get a custom recommendation over subscription scope": { + "$ref": "./examples/CustomRecommendations/GetBySubscriptionCustomRecommendation_example.json" + }, + "Get a custom recommendation over security connector scope": { + "$ref": "./examples/CustomRecommendations/GetBySecurityConnectorCustomRecommendation_example.json" + }, + "Get a custom recommendation over management group scope": { + "$ref": "./examples/CustomRecommendations/GetByManagementGroupCustomRecommendation_example.json" + } + }, + "tags": [ + "CustomRecommendations" + ], + "description": "Get a specific custom recommendation for the requested scope by customRecommendationName", + "operationId": "CustomRecommendations_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/Scope" + }, + { + "$ref": "#/parameters/customRecommendationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/CustomRecommendation" + } + }, + "default": { + "description": "Error response describing why the operation failed", + "schema": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create or update custom recommendation over subscription scope": { + "$ref": "./examples/CustomRecommendations/PutBySubscriptionCustomRecommendation_example.json" + }, + "Create or update custom recommendation over security connector scope": { + "$ref": "./examples/CustomRecommendations/PutBySecurityConnectorCustomRecommendation_example.json" + }, + "Create or update custom recommendation over management group scope": { + "$ref": "./examples/CustomRecommendations/PutByManagementGroupCustomRecommendation_example.json" + } + }, + "tags": [ + "CustomRecommendations" + ], + "description": "Creates or updates a custom recommendation over a given scope", + "operationId": "CustomRecommendations_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/Scope" + }, + { + "$ref": "#/parameters/customRecommendationName" + }, + { + "$ref": "#/parameters/customRecommendationBody" + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/CustomRecommendation" + } + }, + "200": { + "description": "OK - Updated", + "schema": { + "$ref": "#/definitions/CustomRecommendation" + } + }, + "default": { + "description": "Error response describing why the operation failed", + "schema": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a custom recommendation over subscription scope": { + "$ref": "./examples/CustomRecommendations/DeleteBySubscriptionCustomRecommendation_example.json" + }, + "Delete a custom recommendation over security connector scope": { + "$ref": "./examples/CustomRecommendations/DeleteBySecurityConnectorCustomRecommendation_example.json" + }, + "Delete a custom recommendation over management group scope": { + "$ref": "./examples/CustomRecommendations/DeleteByManagementGroupCustomRecommendation_example.json" + } + }, + "tags": [ + "CustomRecommendations" + ], + "description": "Delete a custom recommendation over a given scope", + "operationId": "CustomRecommendations_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/Scope" + }, + { + "$ref": "#/parameters/customRecommendationName" + } + ], + "responses": { + "200": { + "description": "OK - custom recommendation was deleted" + }, + "204": { + "description": "No Content - custom recommendation does not exist" + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "CustomRecommendationsList": { + "type": "object", + "description": "A list of Custom Recommendations", + "properties": { + "value": { + "description": "Collection of Custom Recommendations", + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/CustomRecommendation" + } + }, + "nextLink": { + "description": "The link used to get the next page of operations.", + "type": "string" + } + } + }, + "CustomRecommendation": { + "type": "object", + "description": "Custom Recommendation", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "describes Custom Recommendation properties.", + "$ref": "#/definitions/CustomRecommendationProperties" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] + }, + "CustomRecommendationProperties": { + "type": "object", + "description": "describes the Custom Recommendation properties", + "properties": { + "query": { + "description": "KQL query representing the Recommendation results required.", + "type": "string" + }, + "cloudProviders": { + "description": "List of all standard supported clouds.", + "type": "array", + "items": { + "$ref": "#/definitions/RecommendationSupportedCloud" + } + }, + "severity": { + "description": "The severity to relate to the assessments generated by this Recommendation.", + "type": "string", + "enum": [ + "High", + "Medium", + "Low" + ], + "x-ms-enum": { + "name": "severityEnum", + "modelAsString": true + }, + "x-ms-client-default": "Low" + }, + "displayName": { + "description": "The display name of the assessments generated by this Recommendation.", + "type": "string" + }, + "description": { + "description": "The description to relate to the assessments generated by this Recommendation.", + "type": "string" + }, + "remediationDescription": { + "description": "The remediation description to relate to the assessments generated by this Recommendation.", + "type": "string" + }, + "assessmentKey": { + "description": "The assessment metadata key used when an assessment is generated for this Recommendation.", + "type": "string", + "readOnly": true + }, + "metadata": { + "$ref": "#/definitions/CustomRecommendationMetaData" + } + } + }, + "CustomRecommendationMetaData": { + "type": "object", + "description": "The recommendation metadata", + "properties": { + "createdBy": { + "description": "recommendation Created by object id (GUID)", + "type": "string", + "readOnly": true + }, + "createdOn": { + "description": "recommendation creation date", + "type": "string", + "format": "date-time", + "readOnly": true + }, + "lastUpdatedBy": { + "description": "recommendation last updated by object id (GUID)", + "type": "string", + "readOnly": true + }, + "lastUpdatedOn": { + "description": "recommendation last update date", + "type": "string", + "format": "date-time", + "readOnly": true + } + } + }, + "RecommendationSupportedCloud": { + "type": "string", + "description": "The cloud that the recommendation is supported on.", + "enum": [ + "Azure", + "AWS", + "GCP" + ], + "x-ms-enum": { + "name": "RecommendationSupportedClouds", + "modelAsString": true + } + } + }, + "parameters": { + "customRecommendationName": { + "name": "customRecommendationName", + "in": "path", + "required": true, + "type": "string", + "pattern": "[{]?[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$", + "description": "Name of the Custom Recommendation.", + "x-ms-parameter-location": "method" + }, + "customRecommendationBody": { + "name": "customRecommendationBody", + "in": "body", + "description": "Custom Recommendation body", + "required": true, + "schema": { + "$ref": "#/definitions/CustomRecommendation" + }, + "x-ms-parameter-location": "method" + }, + "Scope": { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the custom recommendation. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/DeleteByManagementGroupCustomRecommendation_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/DeleteByManagementGroupCustomRecommendation_example.json new file mode 100644 index 000000000000..fde0c7248a2d --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/DeleteByManagementGroupCustomRecommendation_example.json @@ -0,0 +1,11 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "providers/Microsoft.Management/managementGroups/contoso", + "customRecommendationName": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/DeleteBySecurityConnectorCustomRecommendation_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/DeleteBySecurityConnectorCustomRecommendation_example.json new file mode 100644 index 000000000000..bf6844718cb0 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/DeleteBySecurityConnectorCustomRecommendation_example.json @@ -0,0 +1,11 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector", + "customRecommendationName": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/DeleteBySubscriptionCustomRecommendation_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/DeleteBySubscriptionCustomRecommendation_example.json new file mode 100644 index 000000000000..0d19aaedc9af --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/DeleteBySubscriptionCustomRecommendation_example.json @@ -0,0 +1,11 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "customRecommendationName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/GetByManagementGroupCustomRecommendation_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/GetByManagementGroupCustomRecommendation_example.json new file mode 100644 index 000000000000..eb4ec44598c3 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/GetByManagementGroupCustomRecommendation_example.json @@ -0,0 +1,33 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "providers/Microsoft.Management/managementGroups/contoso", + "customRecommendationName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "responses": { + "200": { + "body": { + "id": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/customRecommendations/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Security/customRecommendations", + "properties": { + "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')", + "cloudProviders": [ + "AWS" + ], + "severity": "Medium", + "displayName": "Password Policy", + "description": "organization passwords policy", + "remediationDescription": "Change password policy to...", + "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/GetBySecurityConnectorCustomRecommendation_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/GetBySecurityConnectorCustomRecommendation_example.json new file mode 100644 index 000000000000..9939234309a8 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/GetBySecurityConnectorCustomRecommendation_example.json @@ -0,0 +1,33 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector", + "customRecommendationName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/customRecommendations/MycustomRecommendation1", + "name": "MycustomRecommendation1", + "type": "Microsoft.Security/customRecommendations", + "properties": { + "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')", + "cloudProviders": [ + "AWS" + ], + "severity": "Medium", + "displayName": "Password Policy", + "description": "organization passwords policy", + "remediationDescription": "Change password policy to...", + "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/GetBySubscriptionCustomRecommendation_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/GetBySubscriptionCustomRecommendation_example.json new file mode 100644 index 000000000000..558a97b8d3f5 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/GetBySubscriptionCustomRecommendation_example.json @@ -0,0 +1,33 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "customRecommendationName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/customRecommendations/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Security/customRecommendations", + "properties": { + "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')", + "cloudProviders": [ + "AWS" + ], + "severity": "Medium", + "displayName": "Password Policy", + "description": "organization passwords policy", + "remediationDescription": "Change password policy to...", + "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/ListByManagementGroupCustomRecommendations_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/ListByManagementGroupCustomRecommendations_example.json new file mode 100644 index 000000000000..0e6902ca2403 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/ListByManagementGroupCustomRecommendations_example.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "providers/Microsoft.Management/managementGroups/contoso" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/customRecommendations/MycustomRecommendation1", + "name": "MycustomRecommendation1", + "type": "Microsoft.Security/customRecommendations", + "properties": { + "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')", + "cloudProviders": [ + "AWS" + ], + "severity": "Medium", + "displayName": "Password Policy", + "description": "organization passwords policy", + "remediationDescription": "Change password policy to...", + "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + }, + { + "id": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/customRecommendations/MycustomRecommendation2", + "name": "MycustomRecommendation2", + "type": "Microsoft.Security/customRecommendations", + "properties": { + "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')", + "cloudProviders": [ + "AWS" + ], + "severity": "Medium", + "displayName": "Password Policy", + "description": "organization passwords policy", + "remediationDescription": "Change password policy to...", + "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/ListBySecurityConnectorCustomRecommendations_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/ListBySecurityConnectorCustomRecommendations_example.json new file mode 100644 index 000000000000..5ec36036969a --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/ListBySecurityConnectorCustomRecommendations_example.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/customRecommendations/MycustomRecommendation1", + "name": "MycustomRecommendation1", + "type": "Microsoft.Security/customRecommendations", + "properties": { + "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')", + "cloudProviders": [ + "AWS" + ], + "severity": "Medium", + "displayName": "Password Policy", + "description": "organization passwords policy", + "remediationDescription": "Change password policy to...", + "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + }, + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/customRecommendations/MycustomRecommendation2", + "name": "MycustomRecommendation2", + "type": "Microsoft.Security/customRecommendations", + "properties": { + "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')", + "cloudProviders": [ + "AWS" + ], + "severity": "Medium", + "displayName": "Password Policy", + "description": "organization passwords policy", + "remediationDescription": "Change password policy to...", + "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/ListBySubscriptionCustomRecommendations_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/ListBySubscriptionCustomRecommendations_example.json new file mode 100644 index 000000000000..40450f54a819 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/ListBySubscriptionCustomRecommendations_example.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/customRecommendations/MycustomRecommendation1", + "name": "MycustomRecommendation1", + "type": "Microsoft.Security/customRecommendations", + "properties": { + "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')", + "cloudProviders": [ + "AWS" + ], + "severity": "Medium", + "displayName": "Password Policy", + "description": "organization passwords policy", + "remediationDescription": "Change password policy to...", + "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + }, + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/customRecommendations/MycustomRecommendation2", + "name": "MycustomRecommendation2", + "type": "Microsoft.Security/customRecommendations", + "properties": { + "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')", + "cloudProviders": [ + "AWS" + ], + "severity": "Medium", + "displayName": "Password Policy", + "description": "organization passwords policy", + "remediationDescription": "Change password policy to...", + "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/PutByManagementGroupCustomRecommendation_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/PutByManagementGroupCustomRecommendation_example.json new file mode 100644 index 000000000000..1d04fea8a8ad --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/PutByManagementGroupCustomRecommendation_example.json @@ -0,0 +1,69 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "providers/Microsoft.Management/managementGroups/contoso", + "customRecommendationName": "33e7cc6e-a139-4723-a0e5-76993aee0771", + "customRecommendationBody": { + "properties": { + "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')", + "cloudProviders": [ + "AWS" + ], + "severity": "Medium", + "displayName": "Password Policy", + "description": "organization passwords policy", + "remediationDescription": "Change password policy to..." + } + } + }, + "responses": { + "200": { + "body": { + "id": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/customAssessmentAutomations/33e7cc6e-a139-4723-a0e5-76993aee0771", + "name": "33e7cc6e-a139-4723-a0e5-76993aee0771", + "type": "Microsoft.Security/customAssessmentAutomations", + "properties": { + "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')", + "cloudProviders": [ + "AWS" + ], + "severity": "Medium", + "displayName": "Password Policy", + "description": "organization passwords policy", + "remediationDescription": "Change password policy to...", + "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + }, + "201": { + "body": { + "id": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/customAssessmentAutomations/33e7cc6e-a139-4723-a0e5-76993aee0771", + "name": "33e7cc6e-a139-4723-a0e5-76993aee0771", + "type": "Microsoft.Security/customAssessmentAutomations", + "properties": { + "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')", + "cloudProviders": [ + "AWS" + ], + "severity": "Medium", + "displayName": "Password Policy", + "description": "organization passwords policy", + "remediationDescription": "Change password policy to...", + "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/PutBySecurityConnectorCustomRecommendation_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/PutBySecurityConnectorCustomRecommendation_example.json new file mode 100644 index 000000000000..1e91c1d49a23 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/PutBySecurityConnectorCustomRecommendation_example.json @@ -0,0 +1,69 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector", + "customRecommendationName": "33e7cc6e-a139-4723-a0e5-76993aee0771", + "customRecommendationBody": { + "properties": { + "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')", + "cloudProviders": [ + "AWS" + ], + "severity": "Medium", + "displayName": "Password Policy", + "description": "organization passwords policy", + "remediationDescription": "Change password policy to..." + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/customAssessmentAutomations/33e7cc6e-a139-4723-a0e5-76993aee0771", + "name": "33e7cc6e-a139-4723-a0e5-76993aee0771", + "type": "Microsoft.Security/customAssessmentAutomations", + "properties": { + "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')", + "cloudProviders": [ + "AWS" + ], + "severity": "Medium", + "displayName": "Password Policy", + "description": "organization passwords policy", + "remediationDescription": "Change password policy to...", + "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/customAssessmentAutomations/33e7cc6e-a139-4723-a0e5-76993aee0771", + "name": "33e7cc6e-a139-4723-a0e5-76993aee0771", + "type": "Microsoft.Security/customAssessmentAutomations", + "properties": { + "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')", + "cloudProviders": [ + "AWS" + ], + "severity": "Medium", + "displayName": "Password Policy", + "description": "organization passwords policy", + "remediationDescription": "Change password policy to...", + "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/PutBySubscriptionCustomRecommendation_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/PutBySubscriptionCustomRecommendation_example.json new file mode 100644 index 000000000000..051af93c9ffb --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/CustomRecommendations/PutBySubscriptionCustomRecommendation_example.json @@ -0,0 +1,69 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "subscriptions/e5d1b86c-3051-44d5-8802-aa65d45a279b", + "customRecommendationName": "33e7cc6e-a139-4723-a0e5-76993aee0771", + "customRecommendationBody": { + "properties": { + "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')", + "cloudProviders": [ + "AWS" + ], + "severity": "Medium", + "displayName": "Password Policy", + "description": "organization passwords policy", + "remediationDescription": "Change password policy to..." + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/e5d1b86c-3051-44d5-8802-aa65d45a279b/providers/Microsoft.Security/customAssessmentAutomations/33e7cc6e-a139-4723-a0e5-76993aee0771", + "name": "33e7cc6e-a139-4723-a0e5-76993aee0771", + "type": "Microsoft.Security/customAssessmentAutomations", + "properties": { + "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')", + "cloudProviders": [ + "AWS" + ], + "severity": "Medium", + "displayName": "Password Policy", + "description": "organization passwords policy", + "remediationDescription": "Change password policy to...", + "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/e5d1b86c-3051-44d5-8802-aa65d45a279b/providers/Microsoft.Security/customAssessmentAutomations/33e7cc6e-a139-4723-a0e5-76993aee0771", + "name": "33e7cc6e-a139-4723-a0e5-76993aee0771", + "type": "Microsoft.Security/customAssessmentAutomations", + "properties": { + "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')", + "cloudProviders": [ + "AWS" + ], + "severity": "Medium", + "displayName": "Password Policy", + "description": "organization passwords policy", + "remediationDescription": "Change password policy to...", + "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/DeleteByManagementGroupSecurityStandard_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/DeleteByManagementGroupSecurityStandard_example.json new file mode 100644 index 000000000000..e292c9b1b5f1 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/DeleteByManagementGroupSecurityStandard_example.json @@ -0,0 +1,11 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "providers/Microsoft.Management/managementGroups/contoso", + "standardId": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/DeleteBySecurityConnectorSecurityStandard_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/DeleteBySecurityConnectorSecurityStandard_example.json new file mode 100644 index 000000000000..af575d2b8fe1 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/DeleteBySecurityConnectorSecurityStandard_example.json @@ -0,0 +1,11 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector", + "standardId": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/DeleteBySubscriptionSecurityStandard_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/DeleteBySubscriptionSecurityStandard_example.json new file mode 100644 index 000000000000..e3b3da70f294 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/DeleteBySubscriptionSecurityStandard_example.json @@ -0,0 +1,11 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "standardId": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/GetByManagementGroupSecurityStandard_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/GetByManagementGroupSecurityStandard_example.json new file mode 100644 index 000000000000..5ab664c2a932 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/GetByManagementGroupSecurityStandard_example.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "providers/Microsoft.Management/managementGroups/contoso", + "standardId": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "responses": { + "200": { + "body": { + "id": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/securityStandards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Security/securityStandards", + "properties": { + "displayName": "Cross cloud standard 1", + "standardType": "Custom", + "description": "Controls and security data implementing security recommendations defined in Azure Security", + "assessments": [ + { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + }, + { + "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648" + } + ], + "cloudProviders": [ + "GCP" + ], + "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/GetBySecurityConnectorSecurityStandard_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/GetBySecurityConnectorSecurityStandard_example.json new file mode 100644 index 000000000000..65e9bdbcb928 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/GetBySecurityConnectorSecurityStandard_example.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector", + "standardId": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/Microsoft.Security/securityStandards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Security/securityStandards", + "properties": { + "displayName": "Cross cloud standard 1", + "standardType": "Custom", + "description": "Controls and security data implementing security recommendations defined in Azure Security", + "assessments": [ + { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + }, + { + "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648" + } + ], + "cloudProviders": [ + "GCP" + ], + "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/GetBySubscriptionSecurityStandard_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/GetBySubscriptionSecurityStandard_example.json new file mode 100644 index 000000000000..515c4a54eb1c --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/GetBySubscriptionSecurityStandard_example.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "standardId": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/securityStandards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Security/securityStandards", + "properties": { + "displayName": "Cross cloud standard 1", + "standardType": "Custom", + "description": "Controls and security data implementing security recommendations defined in Azure Security", + "assessments": [ + { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + }, + { + "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648" + } + ], + "cloudProviders": [ + "GCP" + ], + "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/ListByManagementGroupSecurityStandards_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/ListByManagementGroupSecurityStandards_example.json new file mode 100644 index 000000000000..dfb89392f305 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/ListByManagementGroupSecurityStandards_example.json @@ -0,0 +1,70 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "providers/Microsoft.Management/managementGroups/contoso" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/securityStandards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Security/securityStandards", + "properties": { + "displayName": "Cross cloud standard 1", + "standardType": "Custom", + "description": "Controls and security data implementing security recommendations defined in Azure Security", + "assessments": [ + { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + }, + { + "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648" + } + ], + "cloudProviders": [ + "GCP" + ], + "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + }, + { + "id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/securityStandards/155afdf9-d239-4a5c-847f-89da613e7143", + "name": "155afdf9-d239-4a5c-847f-89da613e7143", + "type": "Microsoft.Security/securityStandards", + "properties": { + "displayName": "Cross cloud standard 2", + "standardType": "Custom", + "description": "Controls and security data implementing security recommendations defined in Azure Security", + "assessments": [ + { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + }, + { + "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648" + } + ], + "cloudProviders": [ + "GCP" + ], + "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/ListBySecurityConnectorSecurityStandards_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/ListBySecurityConnectorSecurityStandards_example.json new file mode 100644 index 000000000000..08aaccb0bd17 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/ListBySecurityConnectorSecurityStandards_example.json @@ -0,0 +1,70 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/securityStandards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Security/securityStandards", + "properties": { + "displayName": "Cross cloud standard 1", + "standardType": "Custom", + "description": "Controls and security data implementing security recommendations defined in Azure Security", + "assessments": [ + { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + }, + { + "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648" + } + ], + "cloudProviders": [ + "GCP" + ], + "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + }, + { + "id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/securityStandards/155afdf9-d239-4a5c-847f-89da613e7143", + "name": "155afdf9-d239-4a5c-847f-89da613e7143", + "type": "Microsoft.Security/securityStandards", + "properties": { + "displayName": "Cross cloud standard 2", + "standardType": "Custom", + "description": "Controls and security data implementing security recommendations defined in Azure Security", + "assessments": [ + { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + }, + { + "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648" + } + ], + "cloudProviders": [ + "GCP" + ], + "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/ListBySubscriptionSecurityStandards_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/ListBySubscriptionSecurityStandards_example.json new file mode 100644 index 000000000000..02ad0f29bc8d --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/ListBySubscriptionSecurityStandards_example.json @@ -0,0 +1,70 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/securityStandards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Security/securityStandards", + "properties": { + "displayName": "Cross cloud standard 1", + "standardType": "Custom", + "description": "Controls and security data implementing security recommendations defined in Azure Security", + "assessments": [ + { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + }, + { + "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648" + } + ], + "cloudProviders": [ + "GCP" + ], + "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + }, + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/securityStandards/155afdf9-d239-4a5c-847f-89da613e7143", + "name": "155afdf9-d239-4a5c-847f-89da613e7143", + "type": "Microsoft.Security/securityStandards", + "properties": { + "displayName": "Cross cloud standard 2", + "standardType": "Custom", + "description": "Controls and security data implementing security recommendations defined in Azure Security", + "assessments": [ + { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + }, + { + "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648" + } + ], + "cloudProviders": [ + "GCP" + ], + "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/PutByManagementGroupSecurityStandard_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/PutByManagementGroupSecurityStandard_example.json new file mode 100644 index 000000000000..222a6fef5e66 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/PutByManagementGroupSecurityStandard_example.json @@ -0,0 +1,87 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "providers/Microsoft.Management/managementGroups/contoso", + "standardId": "8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "standard": { + "properties": { + "displayName": "Azure Test Security Standard 1", + "description": "description of Azure Test Security Standard 1", + "assessments": [ + { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + }, + { + "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648" + } + ], + "cloudProviders": [ + "GCP" + ], + "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/providers/Microsoft.Management/managementGroups/contoso/resourceGroups/myResourceGroup/provider/Microsoft.Security/standards/8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "name": "8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "type": "Microsoft.Security/securityStandards", + "properties": { + "displayName": "Azure Test Security Standard 1", + "standardType": "Custom", + "description": "description of Azure Test Security Standard 1", + "assessments": [ + { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + }, + { + "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648" + } + ], + "cloudProviders": [ + "GCP" + ], + "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + }, + "201": { + "body": { + "id": "/providers/Microsoft.Management/managementGroups/contoso/resourceGroups/myResourceGroup/provider/Microsoft.Security/standards/8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "name": "8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "type": "Microsoft.Security/securityStandards", + "properties": { + "displayName": "Azure Test Security Standard 1", + "standardType": "Custom", + "description": "description of Azure Test Security Standard 1", + "assessments": [ + { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + }, + { + "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648" + } + ], + "cloudProviders": [ + "GCP" + ], + "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/PutBySecurityConnectorSecurityStandard_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/PutBySecurityConnectorSecurityStandard_example.json new file mode 100644 index 000000000000..61aa06bcea5f --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/PutBySecurityConnectorSecurityStandard_example.json @@ -0,0 +1,83 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector", + "standardId": "8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "standard": { + "properties": { + "displayName": "Azure Test Security Standard 1", + "description": "description of Azure Test Security Standard 1", + "assessments": [ + { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + }, + { + "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648" + } + ], + "cloudProviders": [ + "GCP" + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/resourceGroups/myResourceGroup/provider/Microsoft.Security/standards/8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "name": "8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "type": "Microsoft.Security/securityStandards", + "properties": { + "displayName": "Azure Test Security Standard 1", + "standardType": "Custom", + "description": "description of Azure Test Security Standard 1", + "assessments": [ + { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + }, + { + "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648" + } + ], + "cloudProviders": [ + "GCP" + ], + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/resourceGroups/myResourceGroup/provider/Microsoft.Security/standards/8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "name": "8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "type": "Microsoft.Security/securityStandards", + "properties": { + "displayName": "Azure Test Security Standard 1", + "description": "description of Azure Test Security Standard 1", + "assessments": [ + { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + }, + { + "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648" + } + ], + "cloudProviders": [ + "GCP" + ], + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/PutBySubscriptionSecurityStandard_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/PutBySubscriptionSecurityStandard_example.json new file mode 100644 index 000000000000..a683240afb60 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/SecurityStandards/PutBySubscriptionSecurityStandard_example.json @@ -0,0 +1,87 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "standardId": "8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "standard": { + "properties": { + "displayName": "Azure Test Security Standard 1", + "description": "description of Azure Test Security Standard 1", + "assessments": [ + { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + }, + { + "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648" + } + ], + "cloudProviders": [ + "GCP" + ], + "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myResourceGroup/provider/Microsoft.Security/standards/8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "name": "8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "type": "Microsoft.Security/securityStandards", + "properties": { + "displayName": "Azure Test Security Standard 1", + "standardType": "Custom", + "description": "description of Azure Test Security Standard 1", + "assessments": [ + { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + }, + { + "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648" + } + ], + "cloudProviders": [ + "GCP" + ], + "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myResourceGroup/provider/Microsoft.Security/standards/8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "name": "8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "type": "Microsoft.Security/securityStandards", + "properties": { + "displayName": "Azure Test Security Standard 1", + "standardType": "Custom", + "description": "description of Azure Test Security Standard 1", + "assessments": [ + { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + }, + { + "assessmentKey": "dbd0cb49-b563-45e7-9724-889e799fa648" + } + ], + "cloudProviders": [ + "GCP" + ], + "policySetDefinitionId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Authorization/policySetDefinitions/patchorchestration-applicationversions", + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/StandardAssignments/DeleteStandardAssignment.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/StandardAssignments/DeleteStandardAssignment.json new file mode 100644 index 000000000000..90eba90f18a4 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/StandardAssignments/DeleteStandardAssignment.json @@ -0,0 +1,11 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "resourceId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector", + "standardAssignmentName": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/StandardAssignments/GetStandardAssignment.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/StandardAssignments/GetStandardAssignment.json new file mode 100644 index 000000000000..38aece45c76f --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/StandardAssignments/GetStandardAssignment.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "resourceId": "providers/Microsoft.Management/managementGroups/contoso", + "standardAssignmentName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "responses": { + "200": { + "body": { + "id": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/securityStandards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Security/standardAssignments", + "properties": { + "displayName": "Test exemption", + "description": "Exemption description", + "assignedStandard": { + "id": "/providers/Microsoft.Security/Standards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "effect": "Exempt", + "expiresOn": "2022-05-01T19:50:47.083633Z", + "exemptionData": { + "exemptionCategory": "waiver", + "assignedAssessment": { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + } + }, + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/StandardAssignments/ListStandardAssignments.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/StandardAssignments/ListStandardAssignments.json new file mode 100644 index 000000000000..20befa520b71 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/StandardAssignments/ListStandardAssignments.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/standardAssignments/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Security/standardAssignments", + "properties": { + "displayName": "ASC Default", + "description": "Set of policies monitored by Azure Security Center for cross cloud", + "assignedStandard": { + "id": "/providers/Microsoft.Security/Standards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "effect": "Audit", + "excludedScopes": [], + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + }, + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/standardAssignments/1f3afdf9-d0c9-4c3d-847f-89da613e70a9", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Security/standardAssignments", + "properties": { + "displayName": "Test exemption", + "description": "Exemption description", + "assignedStandard": { + "id": "/providers/Microsoft.Security/Standards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "effect": "Exempt", + "expiresOn": "2022-05-01T19:50:47.083633Z", + "exemptionData": { + "exemptionCategory": "waiver", + "assignedAssessment": { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + } + }, + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/StandardAssignments/PutExemptionStandardAssignment.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/StandardAssignments/PutExemptionStandardAssignment.json new file mode 100644 index 000000000000..6ebede37f5b6 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/StandardAssignments/PutExemptionStandardAssignment.json @@ -0,0 +1,82 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "resourceId": "subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ANAT_TEST_RG/providers/Microsoft.Compute/virtualMachines/anatTestE2LA", + "standardAssignmentName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "standardAssignment": { + "properties": { + "displayName": "Test exemption", + "description": "Exemption description", + "assignedStandard": { + "id": "/providers/Microsoft.Security/Standards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "effect": "Exempt", + "expiresOn": "2022-05-01T19:50:47.083633Z", + "exemptionData": { + "exemptionCategory": "waiver", + "assignedAssessment": { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ANAT_TEST_RG/providers/Microsoft.Compute/virtualMachines/anatTestE2LA/Microsoft.Security/standardAssignments/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Security/standardAssignments", + "properties": { + "displayName": "Test exemption", + "description": "Exemption description", + "assignedStandard": { + "id": "/providers/Microsoft.Security/Standards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "effect": "Exempt", + "expiresOn": "2022-05-01T19:50:47.083633Z", + "exemptionData": { + "exemptionCategory": "waiver", + "assignedAssessment": { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + } + }, + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ANAT_TEST_RG/providers/Microsoft.Compute/virtualMachines/anatTestE2LA/Microsoft.Security/standardAssignments/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Security/standardAssignments", + "properties": { + "displayName": "Test exemption", + "description": "Exemption description", + "assignedStandard": { + "id": "/providers/Microsoft.Security/Standards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "effect": "Exempt", + "expiresOn": "2022-05-01T19:50:47.083633Z", + "exemptionData": { + "exemptionCategory": "waiver", + "assignedAssessment": { + "assessmentKey": "1195afff-c881-495e-9bc5-1486211ae03f" + } + }, + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/StandardAssignments/PutStandardAssignment.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/StandardAssignments/PutStandardAssignment.json new file mode 100644 index 000000000000..023a97e52ed8 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/examples/StandardAssignments/PutStandardAssignment.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "api-version": "2023-05-01-preview", + "resourceId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "standardAssignmentName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "standardAssignment": { + "properties": { + "displayName": "ASC Default", + "description": "Set of policies monitored by Azure Security Center for cross cloud", + "assignedStandard": { + "id": "/providers/Microsoft.Security/Standards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "effect": "Audit", + "excludedScopes": [] + } + } + }, + "responses": { + "200": { + "body": { + "id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/standardAssignments/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Security/standardAssignments", + "properties": { + "displayName": "ASC Default", + "description": "Set of policies monitored by Azure Security Center for cross cloud", + "assignedStandard": { + "id": "/providers/Microsoft.Security/Standards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "effect": "Audit", + "excludedScopes": [], + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + }, + "201": { + "body": { + "id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/standardAssignments/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Security/standardAssignments", + "properties": { + "displayName": "ASC Default", + "description": "Set of policies monitored by Azure Security Center for cross cloud", + "assignedStandard": { + "id": "/providers/Microsoft.Security/Standards/1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "effect": "Audit", + "excludedScopes": [], + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "lastUpdatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "lastUpdatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/securityStandards.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/securityStandards.json new file mode 100644 index 000000000000..e2c6d6420445 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/securityStandards.json @@ -0,0 +1,391 @@ +{ + "swagger": "2.0", + "info": { + "title": "Microsoft Defender for Cloud", + "description": "API spec for Microsoft.Security (Microsoft Defender for Cloud) resource provider", + "version": "2023-05-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Security/securityStandards": { + "get": { + "x-ms-examples": { + "List security standards by subscription scope": { + "$ref": "./examples/SecurityStandards/ListBySubscriptionSecurityStandards_example.json" + }, + "List security standards by security connector scope": { + "$ref": "./examples/SecurityStandards/ListBySecurityConnectorSecurityStandards_example.json" + }, + "List security standards by management group scope": { + "$ref": "./examples/SecurityStandards/ListByManagementGroupSecurityStandards_example.json" + } + }, + "tags": [ + "SecurityStandards" + ], + "description": "Get a list of all relevant security standards over a scope", + "operationId": "SecurityStandards_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/Scope" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityStandardList" + } + }, + "default": { + "description": "Error response describing why the operation failed", + "schema": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/{scope}/providers/Microsoft.Security/securityStandards/{standardId}": { + "get": { + "x-ms-examples": { + "Get a security standard over subscription scope": { + "$ref": "./examples/SecurityStandards/GetBySubscriptionSecurityStandard_example.json" + }, + "Get a security standard over security connector scope": { + "$ref": "./examples/SecurityStandards/GetBySecurityConnectorSecurityStandard_example.json" + }, + "Get a security standard over management group scope": { + "$ref": "./examples/SecurityStandards/GetByManagementGroupSecurityStandard_example.json" + } + }, + "tags": [ + "SecurityStandards" + ], + "description": "Get a specific security standard for the requested scope by standardId", + "operationId": "SecurityStandards_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/Scope" + }, + { + "$ref": "#/parameters/StandardId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityStandard" + } + }, + "default": { + "description": "Error response describing why the operation failed", + "schema": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create or update security standard over subscription scope": { + "$ref": "./examples/SecurityStandards/PutBySubscriptionSecurityStandard_example.json" + }, + "Create or update security standard over security connector scope": { + "$ref": "./examples/SecurityStandards/PutBySecurityConnectorSecurityStandard_example.json" + }, + "Create or update security standard over management group scope": { + "$ref": "./examples/SecurityStandards/PutByManagementGroupSecurityStandard_example.json" + } + }, + "tags": [ + "SecurityStandards" + ], + "description": "Creates or updates a security standard over a given scope", + "operationId": "SecurityStandards_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/Scope" + }, + { + "$ref": "#/parameters/StandardId" + }, + { + "$ref": "#/parameters/SecurityStandardBody" + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/SecurityStandard" + } + }, + "200": { + "description": "OK - Updated", + "schema": { + "$ref": "#/definitions/SecurityStandard" + } + }, + "default": { + "description": "Error response describing why the operation failed", + "schema": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a security standard over subscription scope": { + "$ref": "./examples/SecurityStandards/DeleteBySubscriptionSecurityStandard_example.json" + }, + "Delete a security standard over security connector scope": { + "$ref": "./examples/SecurityStandards/DeleteBySecurityConnectorSecurityStandard_example.json" + }, + "Delete a security standard over management group scope": { + "$ref": "./examples/SecurityStandards/DeleteByManagementGroupSecurityStandard_example.json" + } + }, + "tags": [ + "SecurityStandards" + ], + "description": "Delete a security standard over a given scope", + "operationId": "SecurityStandards_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/Scope" + }, + { + "$ref": "#/parameters/StandardId" + } + ], + "responses": { + "200": { + "description": "OK - security standard was deleted" + }, + "204": { + "description": "No Content - security standard does not exist" + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "SecurityStandardList": { + "type": "object", + "description": "Page of a Standard list", + "properties": { + "value": { + "description": "Collection of standards in this page", + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/SecurityStandard" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page" + } + } + }, + "SecurityStandard": { + "type": "object", + "description": "Security Standard on a resource", + "properties": { + "properties": { + "description": "Properties of a security standard", + "x-ms-client-flatten": true, + "$ref": "#/definitions/StandardProperties" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] + }, + "StandardProperties": { + "type": "object", + "description": "Describes properties of a standard.", + "properties": { + "displayName": { + "description": "display name of the standard, equivalent to the standardId", + "type": "string" + }, + "standardType": { + "description": "standard type (Custom or Default or Compliance only currently)", + "type": "string", + "readOnly": true, + "enum": [ + "Custom", + "Default", + "Compliance" + ], + "x-ms-enum": { + "name": "standardType", + "modelAsString": true + } + }, + "description": { + "description": "description of the standard", + "type": "string" + }, + "assessments": { + "description": "List of assessment keys to apply to standard scope.", + "type": "array", + "items": { + "$ref": "#/definitions/AssessmentProperties" + }, + "x-ms-identifiers": [] + }, + "cloudProviders": { + "description": "List of all standard supported clouds.", + "type": "array", + "items": { + "$ref": "#/definitions/StandardSupportedCloud" + } + }, + "policySetDefinitionId": { + "description": "The policy set definition id associated with the standard.", + "type": "string" + }, + "metadata": { + "$ref": "#/definitions/StandardMetadata", + "description": "The security standard metadata." + } + } + }, + "StandardMetadata": { + "type": "object", + "description": "The standard metadata", + "properties": { + "createdBy": { + "description": "standard Created by object id (GUID)", + "type": "string", + "readOnly": true + }, + "createdOn": { + "description": "standard creation date", + "type": "string", + "format": "date-time", + "readOnly": true + }, + "lastUpdatedBy": { + "description": "standard last updated by object id (GUID)", + "type": "string", + "readOnly": true + }, + "lastUpdatedOn": { + "description": "standard last update date", + "type": "string", + "format": "date-time", + "readOnly": true + } + } + }, + "AssessmentProperties": { + "type": "object", + "description": "Describes properties of an assessment as related to the standard", + "properties": { + "assessmentKey": { + "description": "the assessment key", + "type": "string" + } + } + }, + "StandardSupportedCloud": { + "type": "string", + "description": "The cloud that the standard is supported on.", + "enum": [ + "Azure", + "AWS", + "GCP" + ], + "x-ms-enum": { + "name": "StandardSupportedCloud", + "modelAsString": true + } + } + }, + "parameters": { + "StandardId": { + "name": "standardId", + "in": "path", + "required": true, + "type": "string", + "pattern": "[{]?[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$", + "description": "The Security Standard key - unique key for the standard type", + "x-ms-parameter-location": "method" + }, + "SecurityStandardBody": { + "name": "standard", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/SecurityStandard" + }, + "description": "Custom security standard over a pre-defined scope", + "x-ms-parameter-location": "method" + }, + "Scope": { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the security standard. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/standardAssignments.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/standardAssignments.json new file mode 100644 index 000000000000..df8051e41471 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-05-01-preview/standardAssignments.json @@ -0,0 +1,389 @@ +{ + "swagger": "2.0", + "info": { + "title": "Microsoft Defender for Cloud", + "description": "API spec for Microsoft.Security (Microsoft Defender for Cloud) resource provider", + "version": "2023-05-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{resourceId}/providers/Microsoft.Security/standardAssignments/{standardAssignmentName}": { + "delete": { + "tags": [ + "StandardAssignments" + ], + "operationId": "StandardAssignments_Delete", + "summary": "Deletes a standard assignment.", + "description": "This operation deletes a standard assignment, given its name and the scope it was created in. The scope of a standard assignment is the part of its ID preceding '/providers/Microsoft.Security/standardAssignments/{standardAssignmentName}'.", + "x-ms-examples": { + "Delete a standard assignment": { + "$ref": "./examples/StandardAssignments/DeleteStandardAssignment.json" + } + }, + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceId" + }, + { + "$ref": "#/parameters/StandardAssignmentName" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - standard assignments was deleted" + }, + "204": { + "description": "No Content - standard assignments does not exist" + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "tags": [ + "StandardAssignments" + ], + "operationId": "StandardAssignments_Create", + "summary": "Creates or updates a standard assignment.", + "description": " This operation creates or updates a standard assignment with the given scope and name. standard assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.", + "x-ms-examples": { + "Put an audit standard assignment": { + "$ref": "./examples/StandardAssignments/PutStandardAssignment.json" + }, + "Put exemption standard assignment": { + "$ref": "./examples/StandardAssignments/PutExemptionStandardAssignment.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/StandardAssignmentName" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceId" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/StandardsAssignmentBody" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the new standard assignment.", + "schema": { + "$ref": "#/definitions/StandardAssignment" + } + }, + "200": { + "description": "OK - Updated", + "schema": { + "$ref": "#/definitions/StandardAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "StandardAssignments" + ], + "operationId": "StandardAssignments_Get", + "summary": "Retrieves a standard assignment.", + "description": "This operation retrieves a single standard assignment, given its name and the scope it was created at.", + "x-ms-examples": { + "Retrieve a standard assignment": { + "$ref": "./examples/StandardAssignments/GetStandardAssignment.json" + } + }, + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceId" + }, + { + "$ref": "#/parameters/StandardAssignmentName" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the standard assignment.", + "schema": { + "$ref": "#/definitions/StandardAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/{scope}/providers/Microsoft.Security/standardAssignments": { + "get": { + "x-ms-examples": { + "List standard assignments": { + "$ref": "./examples/StandardAssignments/ListStandardAssignments.json" + } + }, + "tags": [ + "StandardAssignments" + ], + "description": "Get a list of all relevant standard assignments over a scope", + "operationId": "StandardAssignments_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/Scope" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/StandardAssignmentsList" + } + }, + "default": { + "description": "Error response describing why the operation failed", + "schema": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "StandardAssignmentsList": { + "type": "object", + "description": "Page of a standard assignment list", + "properties": { + "value": { + "description": "Collection of standardAssignments in this page", + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/StandardAssignment" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page" + } + } + }, + "StandardAssignment": { + "type": "object", + "description": "Security Assignment on a resource group over a given scope", + "properties": { + "properties": { + "description": "Properties of a standard assignments assignment", + "x-ms-client-flatten": true, + "$ref": "#/definitions/StandardAssignmentProperties" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] + }, + "StandardAssignmentProperties": { + "type": "object", + "description": "Describes the properties of a standardAssignment", + "properties": { + "displayName": { + "description": "display name of the standardAssignment", + "type": "string" + }, + "description": { + "description": "description of the standardAssignment", + "type": "string" + }, + "assignedStandard": { + "description": "Standard item with key as applied to this standard assignment over the given scope", + "$ref": "#/definitions/AssignedStandardItem" + }, + "effect": { + "description": "expected effect of this assignment (Audit/Exempt)", + "type": "string", + "enum": [ + "Audit", + "Exempt" + ], + "x-ms-enum": { + "name": "effect", + "modelAsString": true + } + }, + "excludedScopes": { + "type": "array", + "description": "Excluded scopes, filter out the descendants of the scope (on management scopes)", + "items": { + "description": "The excluded scope", + "type": "string" + }, + "x-ms-identifiers": [] + }, + "expiresOn": { + "description": "Expiration date of this assignment as a full ISO date", + "type": "string", + "format": "date-time" + }, + "exemptionData": { + "description": "Additional data about assignment that has Exempt effect", + "type": "object", + "properties": { + "exemptionCategory": { + "description": "Exemption category of this assignment", + "type": "string", + "enum": [ + "waiver", + "mitigated" + ], + "x-ms-enum": { + "name": "exemptionCategory", + "modelAsString": true + } + }, + "assignedAssessment": { + "description": "Component item with key as applied to this standard assignment over the given scope", + "$ref": "#/definitions/AssignedAssessmentItem" + } + } + }, + "metadata": { + "$ref": "#/definitions/StandardAssignmentMetadata", + "description": "The standard assignment metadata." + } + } + }, + "StandardAssignmentMetadata": { + "type": "object", + "description": "The standard assignment metadata", + "properties": { + "createdBy": { + "description": "standard assignment Created by object id (GUID)", + "type": "string", + "readOnly": true + }, + "createdOn": { + "description": "standard assignment creation date", + "type": "string", + "format": "date-time", + "readOnly": true + }, + "lastUpdatedBy": { + "description": "standard assignment last updated by object id (GUID)", + "type": "string", + "readOnly": true + }, + "lastUpdatedOn": { + "description": "standard assignment last update date", + "type": "string", + "format": "date-time", + "readOnly": true + } + } + }, + "AssignedStandardItem": { + "type": "object", + "description": "describe the properties of a of a standard assignments object reference", + "properties": { + "id": { + "description": "full resourceId of the Microsoft.Security/standard object", + "type": "string" + } + } + }, + "AssignedAssessmentItem": { + "type": "object", + "description": "describe the properties of a security assessment object reference (by key)", + "properties": { + "assessmentKey": { + "description": "unique key to a security assessment object", + "type": "string" + } + } + } + }, + "parameters": { + "StandardAssignmentName": { + "name": "standardAssignmentName", + "in": "path", + "required": true, + "type": "string", + "pattern": "[{]?[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$", + "description": "The standard assignments assignment key - unique key for the standard assignment", + "x-ms-parameter-location": "method" + }, + "StandardsAssignmentBody": { + "name": "standardAssignment", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/StandardAssignment" + }, + "description": "Custom standard assignment over a pre-defined scope", + "x-ms-parameter-location": "method" + }, + "Scope": { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the standard assignment. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md index 2085fe72bace..8cceee715cb3 100644 --- a/specification/security/resource-manager/readme.md +++ b/specification/security/resource-manager/readme.md @@ -93,6 +93,9 @@ These settings apply only when `--tag=package-preview-2023-05` is specified on t ```yaml $(tag) == 'package-preview-2023-05' input-file: - Microsoft.Security/preview/2023-05-01-preview/healthReports.json + - Microsoft.Security/preview/2023-05-01-preview/customRecommedations.json + - Microsoft.Security/preview/2023-05-01-preview/securityStandards.json + - Microsoft.Security/preview/2023-05-01-preview/standardAssignments.json ``` ### Tag: package-preview-2023-03-only @@ -402,6 +405,9 @@ input-file: - Microsoft.Security/preview/2023-03-01-preview/securityConnectors.json - Microsoft.Security/preview/2023-01-01-preview/securityOperators.json - Microsoft.Security/stable/2023-05-01/ServerVulnerabilityAssessmentsSettings.json +- Microsoft.Security/preview/2023-05-01-preview/customRecommedations.json +- Microsoft.Security/preview/2023-05-01-preview/securityStandards.json +- Microsoft.Security/preview/2023-05-01-preview/standardAssignments.json - Microsoft.Security/preview/2023-05-01-preview/healthReports.json - Microsoft.Security/preview/2022-12-01-preview/defenderForStorageSettings.json