diff --git a/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/alertTypes.json b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/alertTypes.json new file mode 100644 index 000000000000..1b767d3ecda1 --- /dev/null +++ b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/alertTypes.json @@ -0,0 +1,313 @@ +{ + "swagger": "2.0", + "info": { + "title": "Azure Defender for IoT", + "description": "API spec for Microsoft.IoTSecurity (Azure Defender for IoT) resource provider", + "version": "2021-07-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.IoTSecurity/alertTypes": { + "get": { + "x-ms-examples": { + "Get IoT Alert Types": { + "$ref": "./examples/AlertTypes/GetAlertTypeList.json" + } + }, + "tags": [ + "IoT Security Alert Types" + ], + "description": "List IoT alert types", + "operationId": "AlertTypes_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertTypeList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.IoTSecurity/alertTypes/{alertTypeName}": { + "get": { + "x-ms-examples": { + "Get IoT Alert Type": { + "$ref": "./examples/AlertTypes/GetAlertType.json" + } + }, + "tags": [ + "IoT Security Alert Types" + ], + "operationId": "AlertTypes_Get", + "description": "Get IoT alert type", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "in": "path", + "name": "alertTypeName", + "required": true, + "type": "string", + "description": "Name of the alert type" + } + ], + "responses": { + "200": { + "description": "IoT alert type", + "schema": { + "$ref": "#/definitions/AlertType" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "AlertTypeList": { + "type": "object", + "description": "List of alert types", + "properties": { + "value": { + "type": "array", + "description": "List data", + "items": { + "$ref": "#/definitions/AlertType" + } + } + } + }, + "AlertType": { + "type": "object", + "description": "IoT alert type.", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Alert type properties", + "$ref": "#/definitions/AlertTypeProperties" + }, + "systemData": { + "readOnly": true, + "type": "object", + "description": "Azure Resource Manager metadata containing createdBy and modifiedBy information.", + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/systemData" + } + }, + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ProxyResource" + } + ] + }, + "AlertTypeProperties": { + "type": "object", + "description": "IoT alert type information.", + "properties": { + "alertDisplayName": { + "readOnly": true, + "type": "string", + "example": "Privileged container detected", + "description": "The display name of the alert" + }, + "severity": { + "readOnly": true, + "type": "string", + "example": "Medium", + "description": "The severity of the alert", + "enum": [ + "Informational", + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "alertSeverity", + "modelAsString": true, + "values": [ + { + "value": "Informational" + }, + { + "value": "Low" + }, + { + "value": "Medium" + }, + { + "value": "High" + } + ] + } + }, + "description": { + "readOnly": true, + "type": "string", + "description": "Description of the suspected vulnerability and meaning.", + "example": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine." + }, + "providerName": { + "readOnly": true, + "type": "string", + "example": "IoTSecurity", + "description": "The name of the alert provider or internal partner" + }, + "productName": { + "readOnly": true, + "type": "string", + "example": "Azure Security Center for IoT", + "description": "The name of the product which published this alert" + }, + "productComponentName": { + "readOnly": true, + "type": "string", + "example": "IoT Hub", + "description": "The name of a component inside the product which generated the alert" + }, + "vendorName": { + "readOnly": true, + "type": "string", + "example": "Microsoft", + "description": "The name of the vendor that raise the alert" + }, + "intent": { + "readOnly": true, + "type": "string", + "example": "Exploitation,Execution", + "description": "Kill chain related intent behind the alert. Could contain multiple enum values (separated by commas)", + "enum": [ + "Unknown", + "PreAttack", + "InitialAccess", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Execution", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact", + "Probing", + "Exploitation" + ], + "x-ms-enum": { + "name": "alertIntent", + "modelAsString": true, + "values": [ + { + "value": "Unknown" + }, + { + "value": "PreAttack" + }, + { + "value": "InitialAccess" + }, + { + "value": "Persistence" + }, + { + "value": "PrivilegeEscalation" + }, + { + "value": "DefenseEvasion" + }, + { + "value": "CredentialAccess" + }, + { + "value": "Discovery" + }, + { + "value": "LateralMovement" + }, + { + "value": "Execution" + }, + { + "value": "Collection" + }, + { + "value": "Exfiltration" + }, + { + "value": "CommandAndControl" + }, + { + "value": "Impact" + }, + { + "value": "Probing" + }, + { + "value": "Exploitation" + } + ] + } + }, + "remediationSteps": { + "readOnly": true, + "description": "Manual action items to take to remediate the alert", + "type": "array", + "items": { + "type": "string", + "example": "If the container doesn't need to run in privileged mode, remove the privileges from the container." + } + } + } + } + } +} diff --git a/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/alerts.json b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/alerts.json new file mode 100644 index 000000000000..af231b53ccbd --- /dev/null +++ b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/alerts.json @@ -0,0 +1,371 @@ +{ + "swagger": "2.0", + "info": { + "title": "Azure Defender for IoT", + "description": "API spec for Microsoft.IoTSecurity (Azure Defender for IoT) resource provider", + "version": "2021-07-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.IoTSecurity/locations/{iotDefenderLocation}/deviceGroups/{deviceGroupName}/alerts": { + "get": { + "x-ms-examples": { + "List IoT Alerts": { + "$ref": "./examples/Alerts/GetAlertList.json" + } + }, + "tags": [ + "IoT Security Alerts" + ], + "description": "List IoT alerts", + "operationId": "IotAlerts_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/IotDefenderLocation" + }, + { + "$ref": "#/parameters/DeviceGroupName" + }, + { + "in": "query", + "name": "$skipToken", + "required": false, + "type": "string", + "description": "Skip token used for pagination" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertListModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.IoTSecurity/locations/{iotDefenderLocation}/deviceGroups/{deviceGroupName}/alerts/{alertId}": { + "get": { + "x-ms-examples": { + "Get IoT Alert": { + "$ref": "./examples/Alerts/GetAlert.json" + } + }, + "tags": [ + "IoT Security Alerts" + ], + "operationId": "IotAlerts_Get", + "description": "Get IoT alert", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/IotDefenderLocation" + }, + { + "$ref": "#/parameters/DeviceGroupName" + }, + { + "$ref": "#/parameters/AlertId" + } + ], + "responses": { + "200": { + "description": "IoT alert", + "schema": { + "$ref": "#/definitions/AlertModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "AlertListModel": { + "description": "List of IoT alerts", + "type": "object", + "properties": { + "value": { + "description": "List data", + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/AlertModel" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "When available, follow the URI to get the next page of data" + } + } + }, + "AlertModel": { + "type": "object", + "description": "IoT alert", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Alert properties", + "$ref": "#/definitions/AlertPropertiesModel" + }, + "systemData": { + "readOnly": true, + "type": "object", + "description": "Azure Resource Manager metadata containing createdBy and modifiedBy information.", + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/systemData" + } + }, + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ProxyResource" + } + ] + }, + "AlertPropertiesModel": { + "type": "object", + "description": "IoT alert properties", + "properties": { + "systemAlertId": { + "description": "Holds the product canonical identifier of the alert within the scope of a product", + "readOnly": true, + "type": "string", + "example": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8" + }, + "azureResourceId": { + "description": "Display name of the device entity being reported on", + "readOnly": true, + "type": "string", + "example": "device-1" + }, + "alertType": { + "description": "The type name of the alert", + "readOnly": true, + "type": "string", + "example": "IoT_PrivilegedContainer" + }, + "startTimeUtc": { + "description": "The impact start time of the alert (the time of the first event or activity included in the alert)", + "readOnly": true, + "type": "string", + "example": "2020-05-13T06:32:25Z" + }, + "endTimeUtc": { + "description": "The impact end time of the alert (the time of the last event or activity included in the alert)", + "readOnly": true, + "type": "string", + "example": "2020-05-13T06:32:25Z" + }, + "entities": { + "description": "A list of entities related to the alert", + "type": "array", + "items": { + "type": "object" + }, + "example": [ + { + "$id": "1", + "CommandLine": "docker run --privileged", + "Type": "process" + } + ] + }, + "extendedProperties": { + "type": "object", + "description": "A bag of fields which extends the alert information", + "example": { + "CommandLine": "docker run --privileged", + "User Name": "aUser", + "UserId": "", + "ParentProcessId": 1593, + "DeviceId": "device-1" + } + }, + "severity": { + "readOnly": true, + "type": "string", + "example": "Medium", + "description": "The severity of the alert", + "enum": [ + "Informational", + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "alertSeverity", + "modelAsString": true, + "values": [ + { + "value": "Informational" + }, + { + "value": "Low" + }, + { + "value": "Medium" + }, + { + "value": "High" + } + ] + } + }, + "intent": { + "readOnly": true, + "type": "string", + "example": "Exploitation,Execution", + "description": "Kill chain related intent behind the alert. Could contain multiple enum values (separated by commas)", + "enum": [ + "Unknown", + "PreAttack", + "InitialAccess", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Execution", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact", + "Probing", + "Exploitation" + ], + "x-ms-enum": { + "name": "alertIntent", + "modelAsString": true, + "values": [ + { + "value": "Unknown" + }, + { + "value": "PreAttack" + }, + { + "value": "InitialAccess" + }, + { + "value": "Persistence" + }, + { + "value": "PrivilegeEscalation" + }, + { + "value": "DefenseEvasion" + }, + { + "value": "CredentialAccess" + }, + { + "value": "Discovery" + }, + { + "value": "LateralMovement" + }, + { + "value": "Execution" + }, + { + "value": "Collection" + }, + { + "value": "Exfiltration" + }, + { + "value": "CommandAndControl" + }, + { + "value": "Impact" + }, + { + "value": "Probing" + }, + { + "value": "Exploitation" + } + ] + } + }, + "productComponentName": { + "readOnly": true, + "type": "string", + "example": "IoT Hub", + "description": "The name of a component inside the product which generated the alert" + } + } + } + }, + "parameters": { + "DeviceGroupName": { + "name": "deviceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "Device group name", + "x-ms-parameter-location": "method" + }, + "AlertId": { + "name": "alertId", + "in": "path", + "required": true, + "description": "Alert Id", + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/AlertTypes/GetAlertType.json b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/AlertTypes/GetAlertType.json new file mode 100644 index 000000000000..847067ecf311 --- /dev/null +++ b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/AlertTypes/GetAlertType.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2021-07-01-preview", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "alertTypeName": "IoT_PrivilegedContainer" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.IoTSecurity/alertTypes/IoT_PrivilegedContainer", + "name": "IoT_PrivilegedContainer", + "type": "Microsoft.IoTSecurity/alertTypes", + "properties": { + "alertDisplayName": "Privileged container detected", + "severity": "Medium", + "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.", + "providerName": "IoTSecurity", + "remediationSteps": [ + "If the container doesn't need to run in privileged mode, remove the privileges from the container." + ], + "intent": "Exploitation,Execution", + "vendorName": "Microsoft", + "productName": "Azure Defender for IoT", + "productComponentName": "IoT Hub" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/AlertTypes/GetAlertTypeList.json b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/AlertTypes/GetAlertTypeList.json new file mode 100644 index 000000000000..fc74b6951499 --- /dev/null +++ b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/AlertTypes/GetAlertTypeList.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "api-version": "2021-07-01-preview", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.IoTSecurity/alertTypes", + "name": "IoT_PrivilegedContainer", + "type": "Microsoft.IoTSecurity/alertTypes", + "properties": { + "alertDisplayName": "Privileged container detected", + "severity": "Medium", + "description": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine.", + "providerName": "IoTSecurity", + "remediationSteps": [ + "If the container doesn't need to run in privileged mode, remove the privileges from the container." + ], + "intent": "Exploitation,Execution", + "vendorName": "Microsoft", + "productName": "Azure Defender for IoT", + "productComponentName": "IoT Hub" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ] + } + } + } +} diff --git a/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/Alerts/GetAlert.json b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/Alerts/GetAlert.json new file mode 100644 index 000000000000..b5ef69c69c14 --- /dev/null +++ b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/Alerts/GetAlert.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2021-07-01-preview", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "iotDefenderLocation": "eastus", + "deviceGroupName": "default", + "alertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/alerts/903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "name": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "type": "Microsoft.IoTSecurity/alerts", + "properties": { + "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "azureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/devices/device-1", + "alertType": "IoT_PrivilegedContainer", + "startTimeUtc": "2020-05-13T06:32:25Z", + "endTimeUtc": "2020-05-13T06:32:25Z", + "entities": [ + { + "$id": "1", + "CommandLine": "docker run --privileged", + "Type": "process" + } + ], + "extendedProperties": { + "CommandLine": "docker run --privileged", + "User Name": "aUser", + "UserId": "", + "ParentProcessId": 1593, + "DeviceId": "device-1" + }, + "severity": "Medium", + "intent": "PreAttack", + "productComponentName": "IoT Hub" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/Alerts/GetAlertList.json b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/Alerts/GetAlertList.json new file mode 100644 index 000000000000..2428839f23b9 --- /dev/null +++ b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/Alerts/GetAlertList.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "api-version": "2021-07-01-preview", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "iotDefenderLocation": "eastus", + "deviceGroupName": "default" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/alerts/903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "name": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "type": "Microsoft.IoTSecurity/alerts", + "properties": { + "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "azureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/devices/device-1", + "alertType": "IoT_PrivilegedContainer", + "startTimeUtc": "2020-05-13T06:32:25Z", + "endTimeUtc": "2020-05-13T06:32:25Z", + "entities": [ + { + "$id": "1", + "CommandLine": "docker run --privileged", + "Type": "process" + } + ], + "extendedProperties": { + "CommandLine": "docker run --privileged", + "User Name": "aUser", + "UserId": "", + "ParentProcessId": 1593, + "DeviceId": "device-1" + }, + "severity": "Medium", + "intent": "PreAttack", + "productComponentName": "IoT Hub" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ], + "nextLink": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/alerts?api-version=2021-07-01-preview&$skipToken=903e76ff-17eb-4bac-ac8a-2bc31ab68fd8" + } + } + } +} diff --git a/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/RecommendationTypes/GetRecommendationType.json b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/RecommendationTypes/GetRecommendationType.json new file mode 100644 index 000000000000..36f268aefd8f --- /dev/null +++ b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/RecommendationTypes/GetRecommendationType.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2021-07-01-preview", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "recommendationTypeName": "IoT_VulnerableTLSCipherSuite" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.IoTSecurity/recommendationTypes/IoT_VulnerableTLSCipherSuite", + "name": "IoT_VulnerableTLSCipherSuite", + "type": "Microsoft.IoTSecurity/recommendationTypes", + "properties": { + "recommendationDisplayName": "TLS cipher suite upgrade needed", + "severity": "Medium", + "description": "Insecure TLS configurations detected. Immediate TLS cipher suite upgrade recommended.", + "remediationSteps": [ + "Upgrade your TLS cipher suite to a secure configuration. See the Guide to TLS Standards Compliance for more information." + ], + "vendorName": "Microsoft", + "control": "Communication between device and IoT Hub is not optimized", + "productName": "Azure Defender for IoT", + "productComponentName": "IoT Hub" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/RecommendationTypes/GetRecommendationTypeList.json b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/RecommendationTypes/GetRecommendationTypeList.json new file mode 100644 index 000000000000..271adf3f4c37 --- /dev/null +++ b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/RecommendationTypes/GetRecommendationTypeList.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "api-version": "2021-07-01-preview", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.IoTSecurity/recommendationTypes/IoT_VulnerableTLSCipherSuite", + "name": "IoT_VulnerableTLSCipherSuite", + "type": "Microsoft.IoTSecurity/recommendationTypes", + "properties": { + "recommendationDisplayName": "TLS cipher suite upgrade needed", + "severity": "Medium", + "description": "Insecure TLS configurations detected. Immediate TLS cipher suite upgrade recommended.", + "remediationSteps": [ + "Upgrade your TLS cipher suite to a secure configuration. See the Guide to TLS Standards Compliance for more information." + ], + "vendorName": "Microsoft", + "control": "Communication between device and IoT Hub is not optimized", + "productName": "Azure Defender for IoT", + "productComponentName": "IoT Hub" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ] + } + } + } +} diff --git a/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/Recommendations/GetRecommendation.json b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/Recommendations/GetRecommendation.json new file mode 100644 index 000000000000..2713d9b0ce4a --- /dev/null +++ b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/Recommendations/GetRecommendation.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "api-version": "2021-07-01-preview", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "iotDefenderLocation": "eastus", + "deviceGroupName": "default", + "recommendationId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8" + }, + "responses": { + "200": { + "body": { + "name": "IoT_Baseline|device-1", + "properties": { + "recommendationType": "IoT_Baseline", + "azureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/devices/device-1", + "discoveredTimeUtc": "2020-05-13T06:32:25Z", + "recommendationAdditionalData": { + "SnapshotId": "48519d58-4e35-46cd-aed5-6251af95ed50", + "TotalFailedRules": "7", + "TotalRulesFailedDuoToError": "1", + "TotalInformationalFailedRules": "2", + "TotalCriticalFailedRules": "3", + "TotalWarningFailedRules": "1" + }, + "severity": "Low", + "productComponentName": "IoT Hub", + "control": "Communication between device and IoT Hub is not optimized" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/Recommendations/GetRecommendationList.json b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/Recommendations/GetRecommendationList.json new file mode 100644 index 000000000000..0afa7dd4ed21 --- /dev/null +++ b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/examples/Recommendations/GetRecommendationList.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2021-07-01-preview", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "iotDefenderLocation": "eastus", + "deviceGroupName": "default" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "IoT_Baseline|device-1", + "properties": { + "recommendationType": "IoT_Baseline", + "azureResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/devices/device-1", + "discoveredTimeUtc": "2020-05-13T06:32:25Z", + "recommendationAdditionalData": { + "SnapshotId": "48519d58-4e35-46cd-aed5-6251af95ed50", + "TotalFailedRules": "7", + "TotalRulesFailedDuoToError": "1", + "TotalInformationalFailedRules": "2", + "TotalCriticalFailedRules": "3", + "TotalWarningFailedRules": "1" + }, + "severity": "Low", + "productComponentName": "IoT Hub", + "control": "Communication between device and IoT Hub is not optimized" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ], + "nextLink": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/recommendations?api-version=2021-07-01-preview&$skipToken=903e76ff-17eb-4bac-ac8a-2bc31ab68fd8" + } + } + } +} diff --git a/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/recommendationTypes.json b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/recommendationTypes.json new file mode 100644 index 000000000000..b5bf14327085 --- /dev/null +++ b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/recommendationTypes.json @@ -0,0 +1,253 @@ +{ + "swagger": "2.0", + "info": { + "title": "Azure Defender for IoT", + "description": "API spec for Microsoft.IoTSecurity (Azure Defender for IoT) resource provider", + "version": "2021-07-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.IoTSecurity/recommendationTypes": { + "get": { + "x-ms-examples": { + "Get IoT Recommendation Types": { + "$ref": "./examples/RecommendationTypes/GetRecommendationTypeList.json" + } + }, + "tags": [ + "IoT Security Recommendation Types" + ], + "description": "List IoT recommendation types", + "operationId": "RecommendationTypes_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/RecommendationTypeList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.IoTSecurity/recommendationTypes/{recommendationTypeName}": { + "get": { + "x-ms-examples": { + "Get IoT Recommendation Type": { + "$ref": "./examples/RecommendationTypes/GetRecommendationType.json" + } + }, + "tags": [ + "IoT Security Recommendation Types" + ], + "operationId": "RecommendationTypes_Get", + "description": "Get IoT recommendation type", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "in": "path", + "name": "recommendationTypeName", + "required": true, + "type": "string", + "description": "Name of the recommendation type" + } + ], + "responses": { + "200": { + "description": "IoT recommendation type", + "schema": { + "$ref": "#/definitions/RecommendationType" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "RecommendationTypeList": { + "type": "object", + "description": "List of recommendation types", + "properties": { + "value": { + "type": "array", + "description": "List data", + "items": { + "$ref": "#/definitions/RecommendationType" + } + } + } + }, + "RecommendationType": { + "type": "object", + "description": "IoT recommendation type.", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Recommendation type properties", + "$ref": "#/definitions/RecommendationTypeProperties" + }, + "systemData": { + "readOnly": true, + "type": "object", + "description": "Azure Resource Manager metadata containing createdBy and modifiedBy information.", + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/systemData" + } + }, + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ProxyResource" + } + ] + }, + "RecommendationTypeProperties": { + "type": "object", + "description": "IoT recommendation type information.", + "properties": { + "recommendationDisplayName": { + "readOnly": true, + "type": "string", + "example": "TLS cipher suite upgrade needed", + "description": "The display name of the recommendation" + }, + "severity": { + "readOnly": true, + "type": "string", + "example": "Medium", + "description": "The severity of the recommendation", + "enum": [ + "Unknown", + "NotApplicable", + "Healthy", + "OffByPolicy", + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "recommendationSeverity", + "modelAsString": true, + "values": [ + { + "value": "Unknown" + }, + { + "value": "NotApplicable" + }, + { + "value": "Healthy" + }, + { + "value": "OffByPolicy" + }, + { + "value": "Low" + }, + { + "value": "Medium" + }, + { + "value": "High" + } + ] + } + }, + "description": { + "readOnly": true, + "type": "string", + "description": "Description of the suspected vulnerability and meaning.", + "example": "Insecure TLS configurations detected. Immediate TLS cipher suite upgrade recommended." + }, + "productName": { + "readOnly": true, + "type": "string", + "example": "Azure Security Center for IoT", + "description": "The name of the product which published this recommendation" + }, + "productComponentName": { + "readOnly": true, + "type": "string", + "example": "IoT Hub", + "description": "The name of a component inside the product which generated the recommendation" + }, + "vendorName": { + "readOnly": true, + "type": "string", + "example": "Microsoft", + "description": "The name of the vendor that raised the recommendation" + }, + "control": { + "readOnly": true, + "type": "string", + "example": "Communication between device and IoT Hub is not optimized", + "description": "The name of the recommendation's control category " + }, + "remediationSteps": { + "readOnly": true, + "description": "Manual action items to take to resolve the recommendation", + "type": "array", + "items": { + "type": "string", + "example": "Upgrade your TLS cipher suite to a secure configuration. See the Guide to TLS Standards Compliance for more information." + } + }, + "dataSource": { + "readOnly": true, + "description": "The alert's data source", + "type": "string", + "example": "IoT Hub" + } + } + } + } +} diff --git a/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/recommendations.json b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/recommendations.json new file mode 100644 index 000000000000..71133ad0f520 --- /dev/null +++ b/specification/iotsecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/recommendations.json @@ -0,0 +1,286 @@ +{ + "swagger": "2.0", + "info": { + "title": "Azure Defender for IoT", + "description": "API spec for Microsoft.IoTSecurity (Azure Defender for IoT) resource provider", + "version": "2021-07-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.IoTSecurity/locations/{iotDefenderLocation}/deviceGroups/{deviceGroupName}/recommendations": { + "get": { + "x-ms-examples": { + "Get IoT Recommendations": { + "$ref": "./examples/Recommendations/GetRecommendationList.json" + } + }, + "tags": [ + "IoT Security Recommendations" + ], + "description": "List IoT recommendations", + "operationId": "IotRecommendations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/IotDefenderLocation" + }, + { + "$ref": "#/parameters/DeviceGroupName" + }, + { + "in": "query", + "name": "$skipToken", + "required": false, + "type": "string", + "description": "Skip token used for pagination" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/RecommendationListModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.IoTSecurity/locations/{iotDefenderLocation}/deviceGroups/{deviceGroupName}/recommendations/{recommendationId}": { + "get": { + "x-ms-examples": { + "Get IoT Recommendation": { + "$ref": "./examples/Recommendations/GetRecommendation.json" + } + }, + "tags": [ + "IoT Security Recommendations" + ], + "operationId": "IotRecommendations_Get", + "description": "Get IoT recommendation", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../common/1.0/types.json#/parameters/IotDefenderLocation" + }, + { + "$ref": "#/parameters/DeviceGroupName" + }, + { + "$ref": "#/parameters/RecommendationId" + } + ], + "responses": { + "200": { + "description": "IoT recommendation", + "schema": { + "$ref": "#/definitions/RecommendationModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "RecommendationListModel": { + "description": "List of IoT recommendations", + "type": "object", + "properties": { + "value": { + "description": "List data", + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/RecommendationModel" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "When available, follow the URI to get the next page of data" + } + } + }, + "RecommendationModel": { + "type": "object", + "description": "IoT recommendation", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Recommendation properties", + "$ref": "#/definitions/RecommendationPropertiesModel" + }, + "systemData": { + "readOnly": true, + "type": "object", + "description": "Azure Resource Manager metadata containing createdBy and modifiedBy information.", + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/systemData" + } + }, + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ProxyResource" + } + ] + }, + "RecommendationPropertiesModel": { + "type": "object", + "description": "IoT recommendation properties", + "properties": { + "azureResourceId": { + "description": "Azure Resource Identifier of the device being reported on", + "readOnly": true, + "type": "string", + "example": "device-1" + }, + "recommendationType": { + "description": "The type name of the recommendation", + "readOnly": true, + "type": "string", + "example": "IoT_PrivilegedContainer" + }, + "discoveredTimeUtc": { + "description": "The discovery time of the recommendation", + "readOnly": true, + "type": "string", + "example": "2020-05-13T06:32:25Z" + }, + "recommendationAdditionalData": { + "type": "object", + "description": "A bag of fields which extends the recommendation information", + "example": { + "SnapshotId": "48519d58-4e35-46cd-aed5-6251af95ed50", + "TotalFailedRules": "7", + "TotalRulesFailedDuoToError": "1", + "TotalInformationalFailedRules": "2", + "TotalCriticalFailedRules": "3", + "TotalWarningFailedRules": "1" + } + }, + "severity": { + "readOnly": true, + "type": "string", + "example": "Medium", + "description": "The severity of the recommendation", + "enum": [ + "Unknown", + "NotApplicable", + "Healthy", + "OffByPolicy", + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "recommendationSeverity", + "modelAsString": true, + "values": [ + { + "value": "Unknown" + }, + { + "value": "NotApplicable" + }, + { + "value": "Healthy" + }, + { + "value": "OffByPolicy" + }, + { + "value": "Low" + }, + { + "value": "Medium" + }, + { + "value": "High" + } + ] + } + }, + "productComponentName": { + "readOnly": true, + "type": "string", + "example": "IoT Hub", + "description": "The name of a component inside the product which generated the recommendation" + }, + "control": { + "readOnly": true, + "type": "string", + "example": "Communication between device and IoT Hub is not optimized", + "description": "The name of the recommendation's control category " + } + } + } + }, + "parameters": { + "DeviceGroupName": { + "name": "deviceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "Device group name", + "x-ms-parameter-location": "method" + }, + "RecommendationId": { + "name": "recommendationId", + "in": "path", + "required": true, + "description": "Recommendation Id", + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/iotsecurity/resource-manager/readme.md b/specification/iotsecurity/resource-manager/readme.md index 2c31d6faad9b..a90a0ee7699f 100644 --- a/specification/iotsecurity/resource-manager/readme.md +++ b/specification/iotsecurity/resource-manager/readme.md @@ -69,6 +69,26 @@ input-file: - Microsoft.IoTSecurity/preview/2021-02-01-preview/devices.json ``` +``` yaml +title: IoTSecurity +description: API spec for Microsoft.IoTSecurity (Azure Defender for IoT) resource provider +openapi-type: arm +tag: 2021-07-01-preview +``` + +### Tag: 2021-07-01-preview + +These settings apply only when `--tag=2021-07-01-preview` is specified on the command line. + +``` yaml $(tag) == '2021-07-01-preview' +input-file: +- Microsoft.IoTSecurity/preview/2021-02-01-preview/operations.json +- Microsoft.IoTSecurity/preview/2021-07-01-preview/alerts.json +- Microsoft.IoTSecurity/preview/2021-07-01-preview/alertTypes.json +- Microsoft.IoTSecurity/preview/2021-07-01-preview/recommendations.json +- Microsoft.IoTSecurity/preview/2021-07-01-preview/recommendationTypes.json +``` + --- # Code Generation