diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/assessmentMetadata.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/assessmentMetadata.json
new file mode 100644
index 000000000000..cd2adb339f49
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/assessmentMetadata.json
@@ -0,0 +1,530 @@
+{
+ "swagger": "2.0",
+ "info": {
+ "title": "Security Center",
+ "description": "API spec for Microsoft.Security (Azure Security Center) resource provider",
+ "version": "2019-01-01-preview"
+ },
+ "host": "management.azure.com",
+ "schemes": [
+ "https"
+ ],
+ "consumes": [
+ "application/json"
+ ],
+ "produces": [
+ "application/json"
+ ],
+ "security": [
+ {
+ "azure_auth": [
+ "user_impersonation"
+ ]
+ }
+ ],
+ "securityDefinitions": {
+ "azure_auth": {
+ "type": "oauth2",
+ "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
+ "flow": "implicit",
+ "description": "Azure Active Directory OAuth2 Flow",
+ "scopes": {
+ "user_impersonation": "impersonate your user account"
+ }
+ }
+ },
+ "paths": {
+ "/providers/Microsoft.Security/assessmentMetadata": {
+ "get": {
+ "x-ms-examples": {
+ "List security assessment metadata": {
+ "$ref": "./examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json"
+ }
+ },
+ "tags": [
+ "Assessments Metadata"
+ ],
+ "description": "Get metadata information on all assessment types",
+ "operationId": "AssessmentsMetadata_List",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/SecurityAssessmentMetadataList"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ },
+ "x-ms-pageable": {
+ "nextLinkName": "nextLink"
+ }
+ }
+ },
+ "/providers/Microsoft.Security/assessmentMetadata/{assessmentMetadataName}": {
+ "get": {
+ "x-ms-examples": {
+ "Get security assessment metadata": {
+ "$ref": "./examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json"
+ }
+ },
+ "tags": [
+ "Assessments Metadata"
+ ],
+ "description": "Get metadata information on an assessment type",
+ "operationId": "AssessmentsMetadata_Get",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "#/parameters/AssessmentsMetadataName"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/SecurityAssessmentMetadata"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ }
+ }
+ },
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata": {
+ "get": {
+ "x-ms-examples": {
+ "List security assessment metadata for subscription": {
+ "$ref": "./examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json"
+ }
+ },
+ "tags": [
+ "Assessments Metadata"
+ ],
+ "description": "Get metadata information on all assessment types in a specific subscription",
+ "operationId": "AssessmentsMetadataSubscription_List",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/SecurityAssessmentMetadataList"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ },
+ "x-ms-pageable": {
+ "nextLinkName": "nextLink"
+ }
+ }
+ },
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata/{assessmentMetadataName}": {
+ "get": {
+ "x-ms-examples": {
+ "Get security assessment metadata for subscription": {
+ "$ref": "./examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json"
+ }
+ },
+ "tags": [
+ "Assessments Metadata"
+ ],
+ "description": "Get metadata information on an assessment type in a specific subscription",
+ "operationId": "AssessmentsMetadataSubscription_Get",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "#/parameters/AssessmentsMetadataName"
+ },
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/SecurityAssessmentMetadata"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ }
+ },
+ "put": {
+ "x-ms-examples": {
+ "Create security assessment metadata for subscription": {
+ "$ref": "./examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json"
+ }
+ },
+ "tags": [
+ "Assessments Metadata"
+ ],
+ "description": "Create metadata information on an assessment type in a specific subscription",
+ "operationId": "AssessmentsMetadataSubscription_Create",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "#/parameters/AssessmentsMetadataName"
+ },
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId"
+ },
+ {
+ "$ref": "#/parameters/SecurityAssessmentMetadata"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/SecurityAssessmentMetadata"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ }
+ },
+ "delete": {
+ "x-ms-examples": {
+ "Delete a security assessment metadata for subscription": {
+ "$ref": "./examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json"
+ }
+ },
+ "tags": [
+ "Assessments Metadata"
+ ],
+ "description": "Delete metadata information on an assessment type in a specific subscription, will cause the deletion of all the assessments of that type in that subscription",
+ "operationId": "AssessmentsMetadataSubscription_Delete",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "#/parameters/AssessmentsMetadataName"
+ },
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK"
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ }
+ }
+ }
+ },
+ "definitions": {
+ "SecurityAssessmentMetadataList": {
+ "type": "object",
+ "description": "List of security assessment metadata",
+ "properties": {
+ "value": {
+ "readOnly": true,
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/SecurityAssessmentMetadata"
+ }
+ },
+ "nextLink": {
+ "readOnly": true,
+ "type": "string",
+ "description": "The URI to fetch the next page."
+ }
+ }
+ },
+ "SecurityAssessmentMetadata": {
+ "type": "object",
+ "description": "Security assessment metadata",
+ "properties": {
+ "properties": {
+ "x-ms-client-flatten": true,
+ "$ref": "#/definitions/SecurityAssessmentMetadataProperties"
+ }
+ },
+ "allOf": [
+ {
+ "$ref": "../../../common/v1/types.json#/definitions/Resource"
+ }
+ ]
+ },
+ "SecurityAssessmentMetadataProperties": {
+ "type": "object",
+ "description": "Describes properties of an assessment metadata.",
+ "properties": {
+ "displayName": {
+ "type": "string",
+ "description": "User friendly display name of the assessment"
+ },
+ "policyDefinitionId": {
+ "readOnly": true,
+ "type": "string",
+ "description": "Azure resource ID of the policy definition that turns this assessment calculation on"
+ },
+ "description": {
+ "type": "string",
+ "description": "Human readable description of the assessment"
+ },
+ "remediationDescription": {
+ "type": "string",
+ "description": "Human readable description of what you should do to mitigate this security issue"
+ },
+ "category": {
+ "type": "array",
+ "items": {
+ "type": "string",
+ "description": "The category of resource that is at risk when the assessment is unhealthy",
+ "enum": [
+ "Compute",
+ "Networking",
+ "Data",
+ "IdentityAndAccess",
+ "IoT"
+ ],
+ "x-ms-enum": {
+ "name": "category",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "Compute"
+ },
+ {
+ "value": "Networking"
+ },
+ {
+ "value": "Data"
+ },
+ {
+ "value": "IdentityAndAccess"
+ },
+ {
+ "value": "IoT"
+ }
+ ]
+ }
+ }
+ },
+ "severity": {
+ "type": "string",
+ "description": "The severity level of the assessment",
+ "enum": [
+ "Low",
+ "Medium",
+ "High"
+ ],
+ "x-ms-enum": {
+ "name": "severity",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "Low"
+ },
+ {
+ "value": "Medium"
+ },
+ {
+ "value": "High"
+ }
+ ]
+ }
+ },
+ "userImpact": {
+ "type": "string",
+ "description": "The user impact of the assessment",
+ "enum": [
+ "Low",
+ "Moderate",
+ "High"
+ ],
+ "x-ms-enum": {
+ "name": "userImpact",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "Low"
+ },
+ {
+ "value": "Moderate"
+ },
+ {
+ "value": "High"
+ }
+ ]
+ }
+ },
+ "implementationEffort": {
+ "type": "string",
+ "description": "The implementation effort required to remediate this assessment",
+ "enum": [
+ "Low",
+ "Moderate",
+ "High"
+ ],
+ "x-ms-enum": {
+ "name": "implementationEffort",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "Low"
+ },
+ {
+ "value": "Moderate"
+ },
+ {
+ "value": "High"
+ }
+ ]
+ }
+ },
+ "threats": {
+ "type": "array",
+ "items": {
+ "type": "string",
+ "description": "Threats impact of the assessment",
+ "enum": [
+ "accountBreach",
+ "dataExfiltration",
+ "dataSpillage",
+ "maliciousInsider",
+ "elevationOfPrivilege",
+ "threatResistance",
+ "missingCoverage",
+ "denialOfService"
+ ],
+ "x-ms-enum": {
+ "name": "threats",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "accountBreach"
+ },
+ {
+ "value": "dataExfiltration"
+ },
+ {
+ "value": "dataSpillage"
+ },
+ {
+ "value": "maliciousInsider"
+ },
+ {
+ "value": "elevationOfPrivilege"
+ },
+ {
+ "value": "threatResistance"
+ },
+ {
+ "value": "missingCoverage"
+ },
+ {
+ "value": "denialOfService"
+ }
+ ]
+ }
+ }
+ },
+ "preview": {
+ "type": "boolean",
+ "description": "True if this assessment is in preview release status"
+ },
+ "assessmentType": {
+ "type": "string",
+ "description": "BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition",
+ "enum": [
+ "BuiltIn",
+ "CustomPolicy",
+ "CustomerManaged"
+ ],
+ "x-ms-enum": {
+ "name": "assessmentType",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "BuiltIn",
+ "description": "Azure Security Center managed assessments"
+ },
+ {
+ "value": "CustomPolicy",
+ "description": "User defined policies that are automatically ingested from Azure Policy to Azure Security Center"
+ },
+ {
+ "value": "CustomerManaged",
+ "description": "User assessments pushed directly by the user or other third party to Azure Security Center"
+ }
+ ]
+ }
+ }
+ },
+ "required": [
+ "displayName",
+ "severity",
+ "assessmentType"
+ ]
+ }
+ },
+ "parameters": {
+ "AssessmentsMetadataName": {
+ "name": "assessmentMetadataName",
+ "in": "path",
+ "required": true,
+ "type": "string",
+ "description": "The Assessment Key - Unique key for the assessment type",
+ "x-ms-parameter-location": "method"
+ },
+ "SecurityAssessmentMetadata": {
+ "name": "assessmentMetadata",
+ "in": "body",
+ "required": true,
+ "description": "AssessmentMetadata object",
+ "schema": {
+ "$ref": "#/definitions/SecurityAssessmentMetadata"
+ },
+ "x-ms-parameter-location": "method"
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json
new file mode 100644
index 000000000000..a4f0a54edd29
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json
@@ -0,0 +1,53 @@
+{
+ "parameters": {
+ "api-version": "2019-01-01-preview",
+ "subscriptionId": "0980887d-03d6-408c-9566-532f3456804e",
+ "assessmentMetadataName": "ca039e75-a276-4175-aebc-bcd41e4b14b7",
+ "assessmentMetadata": {
+ "properties": {
+ "displayName": "Install endpoint protection solution on virtual machine scale sets",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
+ "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
+ "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set",
+ "category": [
+ "Compute"
+ ],
+ "severity": "Medium",
+ "userImpact": "Low",
+ "implementationEffort": "Low",
+ "threats": [
+ "dataExfiltration",
+ "dataSpillage",
+ "maliciousInsider"
+ ],
+ "assessmentType": "CustomerManaged"
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/providers/Microsoft.Security/assessmentMetadata/ca039e75-a276-4175-aebc-bcd41e4b14b7",
+ "name": "ca039e75-a276-4175-aebc-bcd41e4b14b7",
+ "type": "Microsoft.Security/assessmentMetadata",
+ "properties": {
+ "displayName": "My organization security assessment",
+ "description": "Assessment that my organization created to view our security assessment in Azure Security Center",
+ "remediationDescription": "Fix it with these remediation instructions",
+ "category": [
+ "Compute"
+ ],
+ "severity": "Medium",
+ "userImpact": "Low",
+ "implementationEffort": "Low",
+ "threats": [
+ "dataExfiltration",
+ "dataSpillage",
+ "maliciousInsider"
+ ],
+ "assessmentType": "CustomerManaged"
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json
new file mode 100644
index 000000000000..797cb4674202
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json
@@ -0,0 +1,10 @@
+{
+ "parameters": {
+ "api-version": "2019-01-01-preview",
+ "subscriptionId": "0980887d-03d6-408c-9566-532f3456804e",
+ "assessmentMetadataName": "ca039e75-a276-4175-aebc-bcd41e4b14b7"
+ },
+ "responses": {
+ "200": {}
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json
new file mode 100644
index 000000000000..d97f85567e01
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json
@@ -0,0 +1,33 @@
+{
+ "parameters": {
+ "api-version": "2019-01-01-preview",
+ "assessmentMetadataName": "21300918-b2e3-0346-785f-c77ff57d243b"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
+ "name": "21300918-b2e3-0346-785f-c77ff57d243b",
+ "type": "Microsoft.Security/assessmentMetadata",
+ "properties": {
+ "displayName": "Install endpoint protection solution on virtual machine scale sets",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
+ "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
+ "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set",
+ "category": [
+ "Compute"
+ ],
+ "severity": "Medium",
+ "userImpact": "Low",
+ "implementationEffort": "Low",
+ "threats": [
+ "dataExfiltration",
+ "dataSpillage",
+ "maliciousInsider"
+ ],
+ "assessmentType": "BuiltIn"
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json
new file mode 100644
index 000000000000..fdd8f69fe296
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json
@@ -0,0 +1,34 @@
+{
+ "parameters": {
+ "api-version": "2019-01-01-preview",
+ "subscriptionId": "0980887d-03d6-408c-9566-532f3456804e",
+ "assessmentMetadataName": "21300918-b2e3-0346-785f-c77ff57d243b"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
+ "name": "21300918-b2e3-0346-785f-c77ff57d243b",
+ "type": "Microsoft.Security/assessmentMetadata",
+ "properties": {
+ "displayName": "Install endpoint protection solution on virtual machine scale sets",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
+ "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
+ "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set",
+ "category": [
+ "Compute"
+ ],
+ "severity": "Medium",
+ "userImpact": "Low",
+ "implementationEffort": "Low",
+ "threats": [
+ "dataExfiltration",
+ "dataSpillage",
+ "maliciousInsider"
+ ],
+ "assessmentType": "BuiltIn"
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json
new file mode 100644
index 000000000000..3e0ab9018412
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json
@@ -0,0 +1,78 @@
+{
+ "parameters": {
+ "api-version": "2019-01-01-preview"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "value": [
+ {
+ "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
+ "name": "21300918-b2e3-0346-785f-c77ff57d243b",
+ "type": "Microsoft.Security/assessmentMetadata",
+ "properties": {
+ "displayName": "Install endpoint protection solution on virtual machine scale sets",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
+ "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
+ "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set",
+ "category": [
+ "Compute"
+ ],
+ "severity": "Medium",
+ "userImpact": "Low",
+ "implementationEffort": "Low",
+ "threats": [
+ "dataExfiltration",
+ "dataSpillage",
+ "maliciousInsider"
+ ],
+ "assessmentType": "BuiltIn"
+ }
+ },
+ {
+ "id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe",
+ "name": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
+ "type": "Microsoft.Security/assessmentMetadata",
+ "properties": {
+ "displayName": "Close management ports on your virtual machines",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
+ "description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.",
+ "remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.
To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'",
+ "category": [
+ "Networking"
+ ],
+ "severity": "Medium",
+ "userImpact": "High",
+ "implementationEffort": "Low",
+ "threats": [
+ "dataExfiltration",
+ "dataSpillage",
+ "maliciousInsider"
+ ],
+ "preview": true,
+ "assessmentType": "CustomPolicy"
+ }
+ },
+ {
+ "id": "/providers/Microsoft.Security/assessmentMetadata/ca039e75-a276-4175-aebc-bcd41e4b14b7",
+ "name": "ca039e75-a276-4175-aebc-bcd41e4b14b7",
+ "type": "Microsoft.Security/assessmentMetadata",
+ "properties": {
+ "displayName": "My organization security assessment",
+ "description": "Assessment that my organization created to view our security assessment in Azure Security Center",
+ "remediationDescription": "Fix it with these remediation instructions",
+ "category": [
+ "Compute"
+ ],
+ "severity": "Medium",
+ "userImpact": "Low",
+ "implementationEffort": "Low",
+ "threats": [],
+ "assessmentType": "CustomerManaged"
+ }
+ }
+ ]
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json
new file mode 100644
index 000000000000..9fb42c0ddeec
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json
@@ -0,0 +1,61 @@
+{
+ "parameters": {
+ "api-version": "2019-01-01-preview",
+ "subscriptionId": "0980887d-03d6-408c-9566-532f3456804e"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "value": [
+ {
+ "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
+ "name": "21300918-b2e3-0346-785f-c77ff57d243b",
+ "type": "Microsoft.Security/assessmentMetadata",
+ "properties": {
+ "displayName": "Install endpoint protection solution on virtual machine scale sets",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
+ "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
+ "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set",
+ "category": [
+ "Compute"
+ ],
+ "severity": "Medium",
+ "userImpact": "Low",
+ "implementationEffort": "Low",
+ "threats": [
+ "dataExfiltration",
+ "dataSpillage",
+ "maliciousInsider"
+ ],
+ "assessmentType": "BuiltIn"
+ }
+ },
+ {
+ "id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe",
+ "name": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
+ "type": "Microsoft.Security/assessmentMetadata",
+ "properties": {
+ "displayName": "Close management ports on your virtual machines",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
+ "description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.",
+ "remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.
To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'",
+ "category": [
+ "Networking"
+ ],
+ "severity": "Medium",
+ "userImpact": "High",
+ "implementationEffort": "Low",
+ "threats": [
+ "dataExfiltration",
+ "dataSpillage",
+ "maliciousInsider"
+ ],
+ "preview": true,
+ "assessmentType": "CustomPolicy"
+ }
+ }
+ ]
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md
index 360d406cca9b..4270a4a5f421 100644
--- a/specification/security/resource-manager/readme.md
+++ b/specification/security/resource-manager/readme.md
@@ -157,6 +157,7 @@ input-file:
- Microsoft.Security/preview/2019-01-01-preview/serverVulnerabilityAssessments.json
- Microsoft.Security/preview/2019-01-01-preview/subAssessments.json
- Microsoft.Security/preview/2019-01-01-preview/automations.json
+- Microsoft.Security/preview/2019-01-01-preview/assessmentMetadata.json
# Needed when there is more than one input file
override-info:
@@ -325,46 +326,46 @@ AutoRest V3 generators require the use of `--tag=all-api-versions` to select api
This block is updated by an automatic script. Edits may be lost!
-``` yaml $(tag) == 'all-api-versions' /* autogenerated */
-# include the azure profile definitions from the standard location
-require: $(this-folder)/../../../profiles/readme.md
-
-# all the input files across all versions
-input-file:
- - $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/automations.json
- - $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/subAssessments.json
- - $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/regulatoryCompliance.json
- - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/pricings.json
- - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/securityContacts.json
- - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/workspaceSettings.json
- - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/autoProvisioningSettings.json
- - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/compliances.json
- - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/advancedThreatProtectionSettings.json
- - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/deviceSecurityGroups.json
- - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/settings.json
- - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/informationProtectionPolicies.json
- - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/operations.json
- - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/locations.json
- - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/tasks.json
- - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/alerts.json
- - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/discoveredSecuritySolutions.json
- - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/jitNetworkAccessPolicies.json
- - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/applicationWhitelistings.json
- - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/externalSecuritySolutions.json
- - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/topologies.json
- - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/allowedConnections.json
- - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/adaptiveNetworkHardenings.json
- - $(this-folder)/Microsoft.Security/stable/2018-06-01/pricings.json
- - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutions.json
- - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutionAnalytics.json
- - $(this-folder)/Microsoft.Security/stable/2019-01-01/alerts.json
- - $(this-folder)/Microsoft.Security/stable/2017-08-01/complianceResults.json
- - $(this-folder)/Microsoft.Security/stable/2019-01-01/settings.json
- - $(this-folder)/Microsoft.Security/stable/2019-08-01/deviceSecurityGroups.json
- - $(this-folder)/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json
- - $(this-folder)/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json
- - $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/serverVulnerabilityAssessments.json
-
+``` yaml $(tag) == 'all-api-versions' /* autogenerated */
+# include the azure profile definitions from the standard location
+require: $(this-folder)/../../../profiles/readme.md
+
+# all the input files across all versions
+input-file:
+ - $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/automations.json
+ - $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/subAssessments.json
+ - $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/regulatoryCompliance.json
+ - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/pricings.json
+ - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/securityContacts.json
+ - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/workspaceSettings.json
+ - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/autoProvisioningSettings.json
+ - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/compliances.json
+ - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/advancedThreatProtectionSettings.json
+ - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/deviceSecurityGroups.json
+ - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/settings.json
+ - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/informationProtectionPolicies.json
+ - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/operations.json
+ - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/locations.json
+ - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/tasks.json
+ - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/alerts.json
+ - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/discoveredSecuritySolutions.json
+ - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/jitNetworkAccessPolicies.json
+ - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/applicationWhitelistings.json
+ - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/externalSecuritySolutions.json
+ - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/topologies.json
+ - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/allowedConnections.json
+ - $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/adaptiveNetworkHardenings.json
+ - $(this-folder)/Microsoft.Security/stable/2018-06-01/pricings.json
+ - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutions.json
+ - $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutionAnalytics.json
+ - $(this-folder)/Microsoft.Security/stable/2019-01-01/alerts.json
+ - $(this-folder)/Microsoft.Security/stable/2017-08-01/complianceResults.json
+ - $(this-folder)/Microsoft.Security/stable/2019-01-01/settings.json
+ - $(this-folder)/Microsoft.Security/stable/2019-08-01/deviceSecurityGroups.json
+ - $(this-folder)/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json
+ - $(this-folder)/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json
+ - $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/serverVulnerabilityAssessments.json
+
```
If there are files that should not be in the `all-api-versions` set,
@@ -373,4 +374,4 @@ uncomment the `exclude-file` section below and add the file paths.
``` yaml $(tag) == 'all-api-versions'
#exclude-file:
# - $(this-folder)/Microsoft.Example/stable/2010-01-01/somefile.json
-```
+```
\ No newline at end of file