diff --git a/custom-words.txt b/custom-words.txt index 5f85e91781cf..857abdd9d671 100644 --- a/custom-words.txt +++ b/custom-words.txt @@ -1,4 +1,4 @@ -AADDS +AADDS aadiam AATP abcxyz @@ -316,6 +316,9 @@ customvision customvisionprediction customvisiontraining CUTOVER +CVE +CVEs +CVSS Cyrl databox Databricks diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json new file mode 100644 index 000000000000..55f50049209e --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/GetSubAssessment_example.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "assessmentName": "21300918-b2e3-0346-785f-c77ff57d243b", + "subAssessmentName": "8c98f353-8b41-4e77-979b-6adeecd5d168" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168", + "name": "8c98f353-8b41-4e77-979b-6adeecd5d168", + "type": "Microsoft.Security/assessments/subAssessments", + "properties": { + "displayName": "'Back Orifice' Backdoor", + "id": "1001", + "status": { + "code": "Unhealthy", + "cause": "", + "severity": "High", + "description": "The resource is unhealthy" + }, + "resourceDetails": { + "source": "Azure", + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/repository/myRepo/imageDigest/c186fc44-3154-4ce2-ba18-b719d895c3b0/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168" + }, + "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.", + "impact": "3", + "category": "Backdoors and trojan horses", + "description": "The backdoor 'Back Orifice' was detected on this system. The presence of this backdoor indicates that your system has already been compromised. Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data. They can steal the data or even wipe out the host.", + "timeGenerated": "2019-06-23T12:20:08.7644808Z", + "additionalData": { + "assessedResourceType": "ContainerRegistryVulnerability", + "imageDigest": "c186fc44-3154-4ce2-ba18-b719d895c3b0", + "repositoryName": "myRepo", + "type": "Vulnerability", + "cvss": { + "2.0": { + "base": 10 + }, + "3.0": { + "base": 10 + } + }, + "patchable": true, + "cve": [{ + "title": "CVE-2019-12345", + "link": "http://contoso.com" + }], + "publishedTime": "2018-01-01T00:00:00.0000000Z", + "vendorReferences": [{ + "title": "Reference_1", + "link": "http://contoso.com" + }] + } + } + } + } + } +} \ No newline at end of file diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json new file mode 100644 index 000000000000..6aef5055ee25 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/SubAssessments/ListSubAssessments_example.json @@ -0,0 +1,61 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "assessmentName": "21300918-b2e3-0346-785f-c77ff57d243b" + }, + "responses": { + "200": { + "body": { + "value": [{ + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168", + "name": "8c98f353-8b41-4e77-979b-6adeecd5d168", + "type": "Microsoft.Security/assessments/subAssessments", + "properties": { + "displayName": "'Back Orifice' Backdoor", + "id": "1001", + "status": { + "code": "Unhealthy", + "cause": "", + "severity": "High", + "description": "The resource is unhealthy" + }, + "resourceDetails": { + "source": "Azure", + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.ContainerRegistry/registries/myRegistry/repository/myRepo/imageDigest/c186fc44-3154-4ce2-ba18-b719d895c3b0/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b/subAssessments/8c98f353-8b41-4e77-979b-6adeecd5d168" + }, + "remediation": "Use a recent anti-virus program to remove this backdoor and check your system regularly with anti-virus software.", + "impact": "3", + "category": "Backdoors and trojan horses", + "description": "The backdoor 'Back Orifice' was detected on this system. The presence of this backdoor indicates that your system has already been compromised. Unauthorized users can access your host at any time. Unauthorized users can take complete control of the host and manipulate data. They can steal the data or even wipe out the host.", + "timeGenerated": "2019-06-23T12:20:08.7644808Z", + "additionalData": { + "assessedResourceType": "ContainerRegistryVulnerability", + "imageDigest": "c186fc44-3154-4ce2-ba18-b719d895c3b0", + "repositoryName": "myRepo", + "type": "Vulnerability", + "cvss": { + "2.0": { + "base": 10 + }, + "3.0": { + "base": 10 + } + }, + "patchable": true, + "cve": [{ + "title": "CVE-2019-12345", + "link": "http://contoso.com" + }], + "publishedTime": "2018-01-01T00:00:00.0000000Z", + "vendorReferences": [{ + "title": "Reference_1", + "link": "http://contoso.com" + }] + } + } + }] + } + } + } +} \ No newline at end of file diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/subAssessments.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/subAssessments.json new file mode 100644 index 000000000000..da8c6a7b95ed --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/subAssessments.json @@ -0,0 +1,539 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "version": "2019-01-01-preview" + }, + "host": "management.azure.com", + "schemes": ["https"], + "consumes": ["application/json"], + "produces": ["application/json"], + "security": [{ + "azure_auth": ["user_impersonation"] + }], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments": { + "get": { + "x-ms-examples": { + "List security sub-assessments": { + "$ref": "./examples/SubAssessments/ListSubAssessments_example.json" + } + }, + "tags": ["SubAssessments"], + "description": "Get security sub-assessments on all your scanned resources inside a scope", + "operationId": "SubAssessments_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/Scope" + }, + { + "$ref": "#/parameters/AssessmentName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecuritySubAssessmentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments/{subAssessmentName}": { + "get": { + "x-ms-examples": { + "Get security recommendation task from security data location": { + "$ref": "./examples/SubAssessments/GetSubAssessment_example.json" + } + }, + "tags": ["SubAssessments"], + "description": "Get a security sub-assessment on your scanned resource", + "operationId": "SubAssessments_Get", + "parameters": [{ + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/Scope" + }, + { + "$ref": "#/parameters/AssessmentName" + }, + { + "$ref": "#/parameters/SubAssessmentName" + }], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecuritySubAssessment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "SecuritySubAssessmentList": { + "type": "object", + "description": "List of security sub-assessments", + "properties": { + "value": { + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/SecuritySubAssessment" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "SecuritySubAssessment": { + "type": "object", + "description": "Security sub-assessment on a resource", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/SecuritySubAssessmentProperties" + } + }, + "allOf": [{ + "$ref": "../../../common/v1/types.json#/definitions/Resource" + }] + }, + "SecuritySubAssessmentProperties": { + "type": "object", + "description": "Describes properties of an sub-assessment.", + "properties": { + "id": { + "readOnly": true, + "type": "string", + "description": "Vulnerability ID" + }, + "displayName": { + "readOnly": true, + "type": "string", + "description": "User friendly display name of the sub-assessment" + }, + "status": { + "$ref": "#/definitions/SubAssessmentStatus" + + }, + "remediation": { + "readOnly": true, + "type": "string", + "description": "Information on how to remediate this sub-assessment" + }, + "impact": { + "readOnly": true, + "type": "string", + "description": "Description of the impact of this sub-assessment" + }, + "category": { + "readOnly": true, + "type": "string", + "description": "Category of the sub-assessment" + }, + "description": { + "readOnly": true, + "type": "string", + "description": "Human readable description of the assessment status" + }, + "timeGenerated": { + "readOnly": true, + "type": "string", + "format": "date-time", + "description": "The date and time the sub-assessment was generated" + }, + "resourceDetails": { + "$ref": "#/definitions/ResourceDetails" + }, + "additionalData": { + "$ref": "#/definitions/AdditionalData" + } + } + }, + "ResourceDetails": { + "type": "object", + "description": "Details of the resource that was assessed", + "discriminator": "source", + "properties": { + "source": { + "readOnly": true, + "type": "string", + "description": "The platform where the assessed resource resides", + "enum": ["Azure", "Aws"], + "x-ms-enum": { + "name": "Source", + "modelAsString": true, + "values": [ + { + "value": "Azure" + }, + { + "value": "Aws" + } + ] + } + } + } + }, + "AzureResourceDetails": { + "type": "object", + "description": "Details of the resource that was assessed", + "x-ms-discriminator-value": "Azure", + "allOf": [{ + "$ref": "#/definitions/ResourceDetails" + }], + "properties": { + "id": { + "readOnly": true, + "type": "string", + "description": "Azure resource ID of the assessed resource" + } + } + }, + "AwsResourceDetails": { + "type": "object", + "description": "Details of the resource that was assessed", + "x-ms-discriminator-value": "Aws", + "allOf": [{ + "$ref": "#/definitions/ResourceDetails" + }], + "properties": { + "accountId": { + "readOnly": true, + "type": "string", + "description": "AWS account ID" + }, + "awsResourceId": { + "readOnly": true, + "type": "string", + "description": "AWS resource ID. can be ARN or other" + } + } + }, + "AdditionalData": { + "type": "object", + "description": "Details of the sub-assessment", + "discriminator": "assessedResourceType", + "properties": { + "assessedResourceType": { + "readOnly": true, + "type": "string", + "description": "Sub-assessment resource type", + "enum": ["SqlServerVulnerability", "ContainerRegistryVulnerability", "ServerVulnerability"], + "x-ms-enum": { + "name": "AssessedResourceType", + "modelAsString": true, + "values": [ + { + "value": "SqlServerVulnerability" + }, + { + "value": "ContainerRegistryVulnerability" + }, + { + "value": "ServerVulnerability" + } + ] + } + } + } + }, + "SubAssessmentStatus": { + "type": "object", + "description": "Status of the sub-assessment", + "properties": { + "code": { + "readOnly": true, + "type": "string", + "description": "Programmatic code for the status of the assessment", + "enum": ["Healthy", "Unhealthy", "NotApplicable"], + "x-ms-enum": { + "name": "SubAssessmentStatusCode", + "modelAsString": true, + "values": [ + { + "value": "Healthy", + "description": "The resource is healthy" + }, + { + "value": "Unhealthy", + "description": "The resource has a security issue that needs to be addressed" + }, + { + "value": "NotApplicable", + "description": "Assessment for this resource did not happen" + } + ] + } + }, + "cause": { + "readOnly": true, + "type": "string", + "description": "Programmatic code for the cause of the assessment status" + }, + "description": { + "readOnly": true, + "type": "string", + "description": "Human readable description of the assessment status" + }, + "severity": { + "readOnly": true, + "type": "string", + "enum": [ + "Low", + "Medium", + "High"], + "x-ms-enum": { + "name": "severity", + "modelAsString": true, + "values": [ + { + "value": "Low" + }, + { + "value": "Medium" + }, + { + "value": "High" + } + ] + }, + "description": "The sub-assessment severity level" + } + } + }, + "SqlServerVulnerabilityProperties": { + "type": "object", + "description": "Details of the resource that was assessed", + "x-ms-discriminator-value": "SqlServerVulnerability", + "allOf": [{ + "$ref": "#/definitions/AdditionalData" + }], + "properties": { + "type": { + "readOnly": true, + "type": "string", + "description": "The resource type the sub assessment refers to in its resource details" + }, + "query": { + "readOnly": true, + "type": "string", + "description": "The T-SQL query that runs on your SQL database to perform the particular check" + } + } + }, + "ContainerRegistryVulnerabilityProperties": { + "type": "object", + "description": "Additional context fields for container registry Vulnerability assessment", + "x-ms-discriminator-value": "ContainerRegistryVulnerability", + "allOf": [{ + "$ref": "#/definitions/AdditionalData" + }], + "properties": { + "type": { + "readOnly": true, + "type": "string", + "description": "Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered, Vulnerability" + }, + "cvss": { + "readOnly": true, + "type": "object", + "description": "Dictionary from cvss version to cvss details object", + "additionalProperties": + { + "$ref": "#/definitions/CVSS" + } + }, + "patchable": { + "readOnly": true, + "type": "boolean", + "description": "Indicates whether a patch is available or not" + }, + "cve": { + "readOnly": true, + "type": "array", + "description": "List of CVEs", + "items": { + "$ref": "#/definitions/CVE" + } + }, + "publishedTime": { + "readOnly": true, + "type": "string", + "format": "date-time", + "description": "Published time" + }, + "vendorReferences": { + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/VendorReference" + } + }, + "repositoryName": { + "readOnly": true, + "type": "string", + "description": "Name of the repository which the vulnerable image belongs to" + }, + "imageDigest": { + "readOnly": true, + "type": "string", + "description": "Digest of the vulnerable image" + } + } + }, + "ServerVulnerabilityProperties": { + "type": "object", + "description": "Additional context fields for server vulnerability assessment", + "x-ms-discriminator-value": "ServerVulnerabilityAssessment", + "allOf": [{ + "$ref": "#/definitions/AdditionalData" + }], + "properties": { + "type": { + "readOnly": true, + "type": "string", + "description": "Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered" + }, + "cvss": { + "readOnly": true, + "type": "object", + "description": "Dictionary from cvss version to cvss details object", + "additionalProperties": + { + "$ref": "#/definitions/CVSS" + } + }, + "patchable": { + "readOnly": true, + "type": "boolean", + "description": "Indicates whether a patch is available or not" + }, + "cve": { + "readOnly": true, + "type": "array", + "description": "List of CVEs", + "items": { + "$ref": "#/definitions/CVE" + } + }, + "threat": { + "readOnly": true, + "type": "string", + "description": "Threat name" + }, + "publishedTime": { + "readOnly": true, + "type": "string", + "format": "date-time", + "description": "Published time" + }, + "vendorReferences": { + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/VendorReference" + } + } + } + }, + "CVSS": { + "type": "object", + "description": "CVSS details", + "properties": { + "base": { + "readOnly": true, + "type": "number", + "description": "CVSS base" + } + } + }, + "CVE": { + "type": "object", + "description": "CVE details", + "properties": { + "title": { + "readOnly": true, + "type": "string", + "description": "CVE title" + }, + "link": { + "readOnly": true, + "type": "string", + "description": "Link url" + } + } + }, + "VendorReference": { + "type": "object", + "description": "Vendor reference", + "properties": { + "title": { + "readOnly": true, + "type": "string", + "description": "Link title" + }, + "link": { + "readOnly": true, + "type": "string", + "description": "Link url" + } + } + } + }, + "parameters": { + "AssessmentName": { + "name": "assessmentName", + "in": "path", + "required": true, + "type": "string", + "description": "The Assessment Key - Unique key for the assessment type", + "x-ms-parameter-location": "method" + }, + "SubAssessmentName": { + "name": "subAssessmentName", + "in": "path", + "required": true, + "type": "string", + "description": "The Sub-Assessment Key - Unique key for the sub-assessment type", + "x-ms-parameter-location": "method" + } + } +} \ No newline at end of file diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md index 511a7d9162f4..54b7ba90522d 100644 --- a/specification/security/resource-manager/readme.md +++ b/specification/security/resource-manager/readme.md @@ -142,6 +142,7 @@ input-file: - Microsoft.Security/preview/2017-08-01-preview/workspaceSettings.json - Microsoft.Security/preview/2019-01-01-preview/regulatoryCompliance.json - Microsoft.Security/preview/2019-01-01-preview/serverVulnerabilityAssessments.json +- Microsoft.Security/preview/2019-01-01-preview/subAssessments.json # Needed when there is more than one input file override-info: