diff --git a/custom-words.txt b/custom-words.txt index 902a5f75105f..7b71b5318d79 100644 --- a/custom-words.txt +++ b/custom-words.txt @@ -124,6 +124,7 @@ autogenerate autogenerated Autogrow autokey +automations autopatching autopool autorest diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json new file mode 100644 index 000000000000..ef918b5598df --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json @@ -0,0 +1,725 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "version": "2019-01-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/automations": { + "get": { + "x-ms-examples": { + "List all security automations of a specified subscription": { + "$ref": "./examples/Automations/GetAutomationsSubscription_example.json" + } + }, + "tags": [ + "Automations" + ], + "description": "Lists all the security automations in the specified subscription. Use the 'nextLink' property in the response to get the next page of security automations for the specified subscription.", + "operationId": "Automations_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AutomationList" + } + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/automations": { + "get": { + "x-ms-examples": { + "List all security automations of a specified resource group": { + "$ref": "./examples/Automations/GetAutomationsResourceGroup_example.json" + } + }, + "tags": [ + "Automations" + ], + "description": "Lists all the security automations in the specified resource group. Use the 'nextLink' property in the response to get the next page of security automations for the specified resource group.", + "operationId": "Automations_ListByResourceGroup", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AutomationList" + } + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/automations/{automationName}": { + "get": { + "x-ms-examples": { + "Retrieve a security automation": { + "$ref": "./examples/Automations/GetAutomationResourceGroup_example.json" + } + }, + "tags": [ + "Automations" + ], + "description": "Retrieves information about the model of a security automation.", + "operationId": "Automations_Get", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/AutomationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Automation" + } + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create or update a security automation": { + "$ref": "./examples/Automations/PutAutomation_example.json" + }, + "Disable or enable a security automation": { + "$ref": "./examples/Automations/PutDisableAutomation_example.json" + } + }, + "tags": [ + "Automations" + ], + "description": "Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.", + "operationId": "Automations_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/AutomationName" + }, + { + "$ref": "#/parameters/AutomationInBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Automation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Automation" + } + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a security automation": { + "$ref": "./examples/Automations/DeleteAutomation_example.json" + } + }, + "tags": [ + "Automations" + ], + "operationId": "Automations_Delete", + "description": "Deletes a security automation.", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/AutomationName" + } + ], + "responses": { + "204": { + "description": "NoContent" + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/automations/{automationName}/validate": { + "post": { + "x-ms-examples": { + "Validate the security automation model before create or update": { + "$ref": "./examples/Automations/ValidateAutomation_example.json" + } + }, + "tags": [ + "Automations" + ], + "description": "Validates the security automation model before create or update. Any validation errors are returned to the client.", + "operationId": "Automations_Validate", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/AutomationName" + }, + { + "$ref": "#/parameters/AutomationInBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AutomationValidationStatus" + } + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "AutomationList": { + "description": "List of security automations response.", + "required": [ + "value" + ], + "properties": { + "value": { + "type": "array", + "description": "The list of security automations under the given scope.", + "items": { + "$ref": "#/definitions/Automation" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "Automation": { + "type": "object", + "description": "The security automation resource.", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Security automation data", + "$ref": "#/definitions/AutomationProperties" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/TrackedResource" + } + ] + }, + "AutomationProperties": { + "type": "object", + "description": "A set of properties that defines the behavior of the automation configuration. To learn more about the supported security events data models schemas - please visit https://aka.ms/ASCAutomationSchemas.", + "properties": { + "description": { + "type": "string", + "description": "The security automation description." + }, + "isEnabled": { + "type": "boolean", + "description": "Indicates whether the security automation is enabled." + }, + "metadata": { + "type": "object", + "description": "The metadata of the security automation resource.", + "$ref": "#/definitions/AutomationMetadata" + }, + "scopes": { + "type": "array", + "description": "A collection of scopes on which the security automations logic is applied. Supported scopes are the subscription itself or a resource group under that subscription. The automation will only apply on defined scopes.", + "items": { + "$ref": "#/definitions/AutomationScope" + } + }, + "sources": { + "type": "array", + "description": "A collection of the source event types which evaluate the security automation set of rules.", + "items": { + "$ref": "#/definitions/AutomationSource" + } + }, + "actions": { + "type": "array", + "description": "A collection of the actions which are triggered if all the configured rules evaluations, within at least one rule set, are true.", + "items": { + "$ref": "#/definitions/AutomationAction" + } + } + } + }, + "AutomationMetadata": { + "type": "object", + "description": "The metadata of the security automation resource.", + "properties": { + "createdDateTimeUtc": { + "readOnly": true, + "type": "string", + "format": "date-time", + "description": "The security automation creation date." + }, + "createdBy": { + "readOnly": true, + "type": "string", + "description": "The AAD object ID of the entity that created the security automation." + }, + "lastUpdatedDateTimeUtc": { + "readOnly": true, + "type": "string", + "format": "date-time", + "description": "The security automation last updated date." + }, + "lastUpdatedBy": { + "readOnly": true, + "type": "string", + "description": "The AAD object ID of the entity that last updated the security automation." + } + } + }, + "AutomationSource": { + "type": "object", + "description": "The source event types which evaluate the security automation set of rules. For example - security alerts and security assessments. To learn more about the supported security events data models schemas - please visit https://aka.ms/ASCAutomationSchemas.", + "properties": { + "eventSource": { + "type": "string", + "description": "A valid event source type.", + "enum": [ + "Assessments", + "Alerts" + ], + "x-ms-enum": { + "name": "EventSource", + "modelAsString": true, + "values": [ + { + "value": "Assessments" + }, + { + "value": "Alerts" + } + ] + } + }, + "ruleSets": { + "type": "array", + "description": "A set of rules which evaluate upon event interception. A logical disjunction is applied between defined rule sets (logical 'or').", + "items": { + "$ref": "#/definitions/AutomationRuleSet" + } + } + } + }, + "AutomationScope": { + "type": "object", + "description": "A single automation scope.", + "properties": { + "description": { + "type": "string", + "description": "The resources scope description." + }, + "scopePath": { + "type": "string", + "description": "The resources scope path. Can be the subscription on which the automation is defined on or a resource group under that subscription (fully qualified Azure resource IDs)." + } + } + }, + "AutomationAction": { + "type": "object", + "description": "The action that should be triggered.", + "discriminator": "actionType", + "required": [ + "actionType" + ], + "properties": { + "actionType": { + "type": "string", + "description": "The type of the action that will be triggered by the Automation", + "enum": [ + "LogicApp", + "EventHub", + "Workspace" + ], + "x-ms-enum": { + "name": "ActionType", + "modelAsString": true, + "values": [ + { + "value": "LogicApp" + }, + { + "value": "EventHub" + }, + { + "value": "Workspace" + } + ] + } + } + } + }, + "AutomationActionLogicApp": { + "type": "object", + "description": "The logic app action that should be triggered.", + "x-ms-discriminator-value": "LogicApp", + "allOf": [ + { + "$ref": "#/definitions/AutomationAction" + } + ], + "properties": { + "logicAppResourceId": { + "type": "string", + "description": "The triggered Logic App Azure Resource ID. This can also reside on other subscriptions, given that you have permissions to trigger the Logic App" + } + } + }, + "AutomationActionLogicAppInput": { + "type": "object", + "description": "The logic app action that should be triggered.", + "x-ms-discriminator-value": "LogicApp", + "allOf": [ + { + "$ref": "#/definitions/AutomationActionLogicApp" + } + ], + "properties": { + "uri": { + "type": "string", + "description": "The Logic App trigger URI endpoint.", + "format": "uri" + } + } + }, + "AutomationActionLogicAppOutput": { + "type": "object", + "description": "The logic app action that should be triggered.", + "x-ms-discriminator-value": "LogicApp", + "allOf": [ + { + "$ref": "#/definitions/AutomationActionLogicApp" + } + ] + }, + "AutomationActionEventHub": { + "type": "object", + "description": "The target Event Hub to which event data will be exported.", + "x-ms-discriminator-value": "EventHub", + "allOf": [ + { + "$ref": "#/definitions/AutomationAction" + } + ], + "properties": { + "eventHubResourceId": { + "type": "string", + "description": "The target Event Hub Azure Resource ID." + } + } + }, + "AutomationActionEventHubInput": { + "type": "object", + "description": "The target Event Hub to which event data will be exported.", + "x-ms-discriminator-value": "EventHub", + "allOf": [ + { + "$ref": "#/definitions/AutomationActionEventHub" + } + ], + "properties": { + "connectionString": { + "type": "string", + "description": "The target Event Hub connection string" + } + } + }, + "AutomationActionEventHubOutput": { + "type": "object", + "description": "The target Event Hub to which event data will be exported.", + "x-ms-discriminator-value": "EventHub", + "allOf": [ + { + "$ref": "#/definitions/AutomationActionEventHub" + } + ], + "properties": { + "sasPolicyName": { + "type": "string", + "description": "The target Event Hub SAS policy name." + } + } + }, + "AutomationActionWorkspace": { + "type": "object", + "description": "The Log Analytics Workspace to which event data will be exported. Security alerts data will reside in the 'SecurityAlert' table and the assessments data will reside in the 'SecurityRecommendation' table (under the 'Security'/'SecurityCenterFree' solutions). Note that in order to view the data in the workspace, the Security Center Log Analytics free/standard solution needs to be enabled on that workspace.", + "x-ms-discriminator-value": "Workspace", + "allOf": [ + { + "$ref": "#/definitions/AutomationAction" + } + ], + "properties": { + "workspaceResourceId": { + "type": "string", + "description": "The fully qualified Log Analytics Workspace Azure Resource ID." + } + } + }, + "AutomationRuleSet": { + "type": "object", + "description": "A rule set which evaluates all its rules upon an event interception. Only when all the included rules in the rule set will be evaluated as 'true', will the event trigger the defined actions.", + "properties": { + "rules": { + "type": "array", + "items": { + "$ref": "#/definitions/AutomationTriggeringRule" + } + } + } + }, + "AutomationTriggeringRule": { + "type": "object", + "description": "A rule which is evaluated upon event interception. The rule is configured by comparing a specific value from the event model to an expected value. This comparison is done by using one of the supported operators set.", + "properties": { + "propertyJPath": { + "type": "string", + "description": "The JPath of the entity model property that should be checked." + }, + "propertyType": { + "type": "string", + "description": "The data type of the compared operands (string, integer, floating point number or a boolean [true/false]]", + "enum": [ + "String", + "Integer", + "Number", + "Boolean" + ], + "x-ms-enum": { + "name": "PropertyType", + "modelAsString": true, + "values": [ + { + "value": "String" + }, + { + "value": "Integer" + }, + { + "value": "Number" + }, + { + "value": "Boolean" + } + ] + } + }, + "expectedValue": { + "type": "string", + "description": "The expected value." + }, + "operator": { + "type": "string", + "description": "A valid comparer operator to use.", + "enum": [ + "Equals", + "GreaterThan", + "GreaterThanOrEqualTo", + "LesserThan", + "LesserThanOrEqualTo", + "NotEquals", + "Contains", + "StartsWith", + "EndsWith" + ], + "x-ms-enum": { + "name": "Operator", + "modelAsString": true, + "values": [ + { + "value": "Equals" + }, + { + "value": "GreaterThan" + }, + { + "value": "GreaterThanOrEqualTo" + }, + { + "value": "LesserThan" + }, + { + "value": "LesserThanOrEqualTo" + }, + { + "value": "NotEquals" + }, + { + "value": "Contains" + }, + { + "value": "StartsWith" + }, + { + "value": "EndsWith" + } + ] + } + } + } + }, + "AutomationValidationStatus": { + "type": "object", + "description": "The security automation model state property bag.", + "properties": { + "isValid": { + "type": "boolean", + "description": "Indicates whether the model is valid or not." + }, + "message": { + "type": "string", + "description": "The validation message." + } + } + } + }, + "parameters": { + "AutomationName": { + "name": "automationName", + "in": "path", + "required": true, + "type": "string", + "description": "The security automation name.", + "x-ms-parameter-location": "method" + }, + "AutomationInBody": { + "name": "Automation", + "in": "body", + "required": true, + "description": "The security automation resource", + "schema": { + "$ref": "#/definitions/Automation" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/DeleteAutomation_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/DeleteAutomation_example.json new file mode 100644 index 000000000000..50bddc04473a --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/DeleteAutomation_example.json @@ -0,0 +1,11 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "myRg", + "automationName": "myAutomationName" + }, + "responses": { + "204": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/GetAutomationResourceGroup_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/GetAutomationResourceGroup_example.json new file mode 100644 index 000000000000..ce82129f96ae --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/GetAutomationResourceGroup_example.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "e4272367-5645-4c4e-9c67-3b74b59a6982", + "resourceGroupName": "exampleResourceGroup", + "automationName": "exampleAutomation" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/e4272367-5645-4c4e-9c67-3b74b59a6982/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation", + "name": "exampleAutomation", + "type": "Microsoft.Security/automations", + "etag": "etag value", + "location": "Central US", + "tags": {}, + "properties": { + "description": "An example of a security automation that triggers two LogicApp resources (myTest1 and myTest2) on any security assessment of type customAssessment", + "isEnabled": true, + "metadata": { + "createdDateTimeUtc": "2019-03-27T08:43:54.5755094Z", + "createdBy": "2c429ed8-089f-42aa-9bb9-92312b8c9f72", + "lastUpdatedDateTimeUtc": "2019-03-28T08:43:54.5755094Z", + "lastUpdatedBy": "2c429ed8-089f-42aa-9bb9-92312b8c9f72" + }, + "scopes": [ + { + "description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription 212f9889-769e-45ae-ab43-6da33674bd26", + "scopePath": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/myResourceGroup" + } + ], + "sources": [ + { + "eventSource": "Assessments", + "ruleSets": [ + { + "rules": [ + { + "propertyJPath": "$.Entity.AssessmentType", + "propertyType": "String", + "expectedValue": "customAssessment", + "operator": "Equals" + } + ] + } + ] + } + ], + "actions": [ + { + "logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1", + "actionType": "LogicApp" + } + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/GetAutomationsResourceGroup_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/GetAutomationsResourceGroup_example.json new file mode 100644 index 000000000000..5bfad1958985 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/GetAutomationsResourceGroup_example.json @@ -0,0 +1,62 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "e4272367-5645-4c4e-9c67-3b74b59a6982", + "resourceGroupName": "exampleResourceGroup" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/e4272367-5645-4c4e-9c67-3b74b59a6982/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation", + "name": "exampleAutomation", + "type": "Microsoft.Security/automations", + "etag": "etag value", + "location": "Central US", + "tags": {}, + "properties": { + "description": "An example of a security automation that triggers two LogicApp resources (myTest1 and myTest2) on any security assessment of type customAssessment", + "isEnabled": true, + "metadata": { + "createdDateTimeUtc": "2019-03-27T08:43:54.5755094Z", + "createdBy": "2c429ed8-089f-42aa-9bb9-92312b8c9f72", + "lastUpdatedDateTimeUtc": "2019-03-28T08:43:54.5755094Z", + "lastUpdatedBy": "2c429ed8-089f-42aa-9bb9-92312b8c9f72" + }, + "scopes": [ + { + "description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription 212f9889-769e-45ae-ab43-6da33674bd26", + "scopePath": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/myResourceGroup" + } + ], + "sources": [ + { + "eventSource": "Assessments", + "ruleSets": [ + { + "rules": [ + { + "propertyJPath": "$.Entity.AssessmentType", + "propertyType": "String", + "expectedValue": "customAssessment", + "operator": "Equals" + } + ] + } + ] + } + ], + "actions": [ + { + "logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1", + "actionType": "LogicApp" + } + ] + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/GetAutomationsSubscription_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/GetAutomationsSubscription_example.json new file mode 100644 index 000000000000..93b95b64d9ab --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/GetAutomationsSubscription_example.json @@ -0,0 +1,61 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "e4272367-5645-4c4e-9c67-3b74b59a6982" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/e4272367-5645-4c4e-9c67-3b74b59a6982/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation", + "name": "exampleAutomation", + "type": "Microsoft.Security/automations", + "etag": "etag value", + "location": "Central US", + "tags": {}, + "properties": { + "description": "An example of a security automation that triggers two LogicApp resources (myTest1 and myTest2) on any security assessment of type customAssessment", + "isEnabled": true, + "metadata": { + "createdDateTimeUtc": "2019-03-27T08:43:54.5755094Z", + "createdBy": "2c429ed8-089f-42aa-9bb9-92312b8c9f72", + "lastUpdatedDateTimeUtc": "2019-03-28T08:43:54.5755094Z", + "lastUpdatedBy": "2c429ed8-089f-42aa-9bb9-92312b8c9f72" + }, + "scopes": [ + { + "description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription 212f9889-769e-45ae-ab43-6da33674bd26", + "scopePath": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/myResourceGroup" + } + ], + "sources": [ + { + "eventSource": "Assessments", + "ruleSets": [ + { + "rules": [ + { + "propertyJPath": "$.Entity.AssessmentType", + "propertyType": "String", + "expectedValue": "customAssessment", + "operator": "Equals" + } + ] + } + ] + } + ], + "actions": [ + { + "logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1", + "actionType": "LogicApp" + } + ] + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomation_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomation_example.json new file mode 100644 index 000000000000..4b5dc66b0fd2 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomation_example.json @@ -0,0 +1,147 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "e4272367-5645-4c4e-9c67-3b74b59a6982", + "automationName": "exampleAutomation", + "resourceGroupName": "exampleResourceGroup", + "Automation": { + "location": "Central US", + "etag": "etag value (must be supplied for update)", + "tags": {}, + "properties": { + "description": "An example of a security automation that triggers two LogicApp resources (myTest1 and myTest2) on any security assessment of type customAssessment", + "isEnabled": true, + "scopes": [ + { + "description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription 212f9889-769e-45ae-ab43-6da33674bd26", + "scopePath": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/myResourceGroup" + } + ], + "sources": [ + { + "eventSource": "Assessments", + "ruleSets": [ + { + "rules": [ + { + "propertyJPath": "$.Entity.AssessmentType", + "propertyType": "String", + "expectedValue": "customAssessment", + "operator": "Equals" + } + ] + } + ] + } + ], + "actions": [ + { + "logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1", + "actionType": "LogicApp", + "uri": "https://exampleTriggerUri1.com" + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/e4272367-5645-4c4e-9c67-3b74b59a6982/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation", + "name": "exampleAutomation", + "type": "Microsoft.Security/automations", + "location": "Central US", + "etag": "new etag value", + "tags": {}, + "properties": { + "description": "An example of a security automation that triggers two LogicApp resources (myTest1 and myTest2) on any security assessment of type customAssessment", + "isEnabled": true, + "metadata": { + "createdDateTimeUtc": "2019-03-27T08:43:54.5755094Z", + "createdBy": "2c429ed8-089f-42aa-9bb9-92312b8c9f72", + "lastUpdatedDateTimeUtc": "2019-03-28T08:43:54.5755094Z", + "lastUpdatedBy": "2c429ed8-089f-42aa-9bb9-92312b8c9f72" + }, + "scopes": [ + { + "description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription 212f9889-769e-45ae-ab43-6da33674bd26", + "scopePath": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/myResourceGroup" + } + ], + "sources": [ + { + "eventSource": "Assessments", + "ruleSets": [ + { + "rules": [ + { + "propertyJPath": "$.Entity.AssessmentType", + "propertyType": "String", + "expectedValue": "customAssessment", + "operator": "Equals" + } + ] + } + ] + } + ], + "actions": [ + { + "logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1", + "actionType": "LogicApp" + } + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/e4272367-5645-4c4e-9c67-3b74b59a6982/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/SecurityAutomations/exampleAutomation", + "name": "exampleAutomation", + "type": "Microsoft.Security/SecurityAutomations", + "location": "Central US", + "etag": "new etag value", + "tags": {}, + "properties": { + "description": "An example of a security automation that triggers two LogicApp resources (myTest1 and myTest2) on any security assessment of type customAssessment", + "isEnabled": true, + "metadata": { + "createdDateTimeUtc": "2019-03-27T08:43:54.5755094Z", + "createdBy": "2c429ed8-089f-42aa-9bb9-92312b8c9f72", + "lastUpdatedDateTimeUtc": "2019-03-28T08:43:54.5755094Z", + "lastUpdatedBy": "2c429ed8-089f-42aa-9bb9-92312b8c9f72" + }, + "scopes": [ + { + "description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription 212f9889-769e-45ae-ab43-6da33674bd26", + "scopePath": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/myResourceGroup" + } + ], + "sources": [ + { + "eventSource": "Assessments", + "ruleSets": [ + { + "rules": [ + { + "propertyJPath": "$.Entity.AssessmentType", + "propertyType": "String", + "expectedValue": "customAssessment", + "operator": "Equals" + } + ] + } + ] + } + ], + "actions": [ + { + "logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1", + "actionType": "LogicApp" + } + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutDisableAutomation_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutDisableAutomation_example.json new file mode 100644 index 000000000000..ab918869b977 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutDisableAutomation_example.json @@ -0,0 +1,147 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "e4272367-5645-4c4e-9c67-3b74b59a6982", + "automationName": "exampleAutomation", + "resourceGroupName": "exampleResourceGroup", + "Automation": { + "location": "Central US", + "etag": "etag value (must be supplied for update)", + "tags": {}, + "properties": { + "description": "An example of a security automation that triggers two LogicApp resources (myTest1 and myTest2) on any security assessment of type customAssessment", + "isEnabled": false, + "scopes": [ + { + "description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription 212f9889-769e-45ae-ab43-6da33674bd26", + "scopePath": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/myResourceGroup" + } + ], + "sources": [ + { + "eventSource": "Assessments", + "ruleSets": [ + { + "rules": [ + { + "propertyJPath": "$.Entity.AssessmentType", + "propertyType": "String", + "expectedValue": "customAssessment", + "operator": "Equals" + } + ] + } + ] + } + ], + "actions": [ + { + "logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1", + "actionType": "LogicApp", + "uri": "https://exampleTriggerUri1.com" + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/e4272367-5645-4c4e-9c67-3b74b59a6982/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation", + "name": "exampleAutomation", + "type": "Microsoft.Security/automations", + "location": "Central US", + "etag": "new etag value", + "tags": {}, + "properties": { + "description": "An example of a security automation that triggers two LogicApp resources (myTest1 and myTest2) on any security assessment of type customAssessment", + "isEnabled": false, + "metadata": { + "createdDateTimeUtc": "2019-03-27T08:43:54.5755094Z", + "createdBy": "2c429ed8-089f-42aa-9bb9-92312b8c9f72", + "lastUpdatedDateTimeUtc": "2019-03-28T08:43:54.5755094Z", + "lastUpdatedBy": "2c429ed8-089f-42aa-9bb9-92312b8c9f72" + }, + "scopes": [ + { + "description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription 212f9889-769e-45ae-ab43-6da33674bd26", + "scopePath": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/myResourceGroup" + } + ], + "sources": [ + { + "eventSource": "Assessments", + "ruleSets": [ + { + "rules": [ + { + "propertyJPath": "$.Entity.AssessmentType", + "propertyType": "String", + "expectedValue": "customAssessment", + "operator": "Equals" + } + ] + } + ] + } + ], + "actions": [ + { + "logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1", + "actionType": "LogicApp" + } + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/e4272367-5645-4c4e-9c67-3b74b59a6982/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/SecurityAutomations/exampleAutomation", + "name": "exampleAutomation", + "type": "Microsoft.Security/SecurityAutomations", + "location": "Central US", + "etag": "new etag value", + "tags": {}, + "properties": { + "description": "An example of a security automation that triggers two LogicApp resources (myTest1 and myTest2) on any security assessment of type customAssessment", + "isEnabled": false, + "metadata": { + "createdDateTimeUtc": "2019-03-27T08:43:54.5755094Z", + "createdBy": "2c429ed8-089f-42aa-9bb9-92312b8c9f72", + "lastUpdatedDateTimeUtc": "2019-03-28T08:43:54.5755094Z", + "lastUpdatedBy": "2c429ed8-089f-42aa-9bb9-92312b8c9f72" + }, + "scopes": [ + { + "description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription 212f9889-769e-45ae-ab43-6da33674bd26", + "scopePath": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/myResourceGroup" + } + ], + "sources": [ + { + "eventSource": "Assessments", + "ruleSets": [ + { + "rules": [ + { + "propertyJPath": "$.Entity.AssessmentType", + "propertyType": "String", + "expectedValue": "customAssessment", + "operator": "Equals" + } + ] + } + ] + } + ], + "actions": [ + { + "logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1", + "actionType": "LogicApp" + } + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/ValidateAutomation_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/ValidateAutomation_example.json new file mode 100644 index 000000000000..29da866c9437 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/ValidateAutomation_example.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "e4272367-5645-4c4e-9c67-3b74b59a6982", + "automationName": "exampleAutomation", + "resourceGroupName": "exampleResourceGroup", + "Automation": { + "location": "Central US", + "tags": {}, + "properties": { + "description": "An example of a security automation that triggers two LogicApp resources (myTest1 and myTest2) on any security assessment of type customAssessment", + "isEnabled": true, + "metadata": { + "createdDateTimeUtc": "2019-03-27T08:43:54.5755094Z", + "createdBy": "2c429ed8-089f-42aa-9bb9-92312b8c9f72", + "lastUpdatedDateTimeUtc": "2019-03-28T08:43:54.5755094Z", + "lastUpdatedBy": "2c429ed8-089f-42aa-9bb9-92312b8c9f72" + }, + "scopes": [ + { + "description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription 212f9889-769e-45ae-ab43-6da33674bd26", + "scopePath": "/subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/myResourceGroup" + } + ], + "sources": [ + { + "eventSource": "Assessments", + "ruleSets": [ + { + "rules": [ + { + "propertyJPath": "$.Entity.AssessmentType", + "propertyType": "String", + "expectedValue": "customAssessment", + "operator": "Equals" + } + ] + } + ] + } + ], + "actions": [ + { + "logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1", + "actionType": "LogicApp", + "uri": "https://exampleTriggerUri1.com" + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "isValid": true, + "message": "Validation Successful" + } + } + } +} diff --git a/specification/security/resource-manager/common/v1/types.json b/specification/security/resource-manager/common/v1/types.json index 6afed51f7d77..876690153551 100644 --- a/specification/security/resource-manager/common/v1/types.json +++ b/specification/security/resource-manager/common/v1/types.json @@ -57,6 +57,50 @@ }, "x-ms-azure-resource": true }, + "TrackedResource": { + "type": "object", + "description": "Describes an Azure tracked resource.", + "allOf": [ + { + "$ref": "#/definitions/Resource" + }, + { + "$ref": "#/definitions/Location" + }, + { + "$ref": "#/definitions/Kind" + }, + { + "$ref": "#/definitions/ETag" + }, + { + "$ref": "#/definitions/Tags" + } + ] + }, + "ETag": { + "type": "object", + "description": "Entity tag is used for comparing two or more entities from the same requested resource.", + "properties": { + "etag": { + "type": "string", + "description": "Entity tag is used for comparing two or more entities from the same requested resource." + } + } + }, + "Tags": { + "type": "object", + "description": "A list of key value pairs that describe the resource.", + "properties": { + "tags": { + "type": "object", + "description": "A list of key value pairs that describe the resource.", + "additionalProperties": { + "type": "string" + } + } + } + }, "Kind": { "type": "object", "description": "Describes an Azure resource with kind", diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md index add89d61fde1..360d406cca9b 100644 --- a/specification/security/resource-manager/readme.md +++ b/specification/security/resource-manager/readme.md @@ -28,6 +28,10 @@ directive: from: securityContacts.json where: $.definitions.SecurityContactProperties.properties.email.format reason: email format is allowed + - suppress: ValidFormats + from: automations.json + where: $.definitions.AutomationActionLogicAppInput.properties.uri.format + reason: uri format is allowed - suppress: PageableOperation from: iotSecuritySolutionAnalytics.json where: '$.paths["/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels"].get' @@ -55,6 +59,7 @@ These settings apply only when `--tag=package-composite-v1` is specified on the ``` yaml $(tag) == 'package-composite-v1' input-file: +- Microsoft.Security/preview/2019-01-01-preview/automations.json - Microsoft.Security/preview/2019-01-01-preview/subAssessments.json - Microsoft.Security/preview/2019-01-01-preview/regulatoryCompliance.json - Microsoft.Security/preview/2017-08-01-preview/pricings.json @@ -89,6 +94,7 @@ These settings apply only when `--tag=package-composite-v2` is specified on the ``` yaml $(tag) == 'package-composite-v2' input-file: +- Microsoft.Security/preview/2019-01-01-preview/automations.json - Microsoft.Security/preview/2019-01-01-preview/subAssessments.json - Microsoft.Security/preview/2019-01-01-preview/regulatoryCompliance.json - Microsoft.Security/stable/2018-06-01/pricings.json @@ -150,6 +156,7 @@ input-file: - Microsoft.Security/preview/2019-01-01-preview/regulatoryCompliance.json - Microsoft.Security/preview/2019-01-01-preview/serverVulnerabilityAssessments.json - Microsoft.Security/preview/2019-01-01-preview/subAssessments.json +- Microsoft.Security/preview/2019-01-01-preview/automations.json # Needed when there is more than one input file override-info: @@ -324,6 +331,7 @@ require: $(this-folder)/../../../profiles/readme.md # all the input files across all versions input-file: + - $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/automations.json - $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/subAssessments.json - $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/regulatoryCompliance.json - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/pricings.json