Skip to content

Assessment metadata API (Azure Security Center) #7622

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
erich-wang merged 8 commits into from
Dec 5, 2019
Merged

Assessment metadata API (Azure Security Center) #7622

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
4cbdaf8
create assessmentMetadata.json
tarosler Jun 20, 2019
04f06cc
prettier fix
eliagrady Nov 12, 2019
c097b7d
review fixes
Nov 24, 2019
8e41558
add userImpact, implementationEffort, threat fields to assessmentMeta…
eliagrady Dec 1, 2019
01872a1
cleanup readme.md
eliagrady Dec 1, 2019
45b94bf
Fix property name
Dec 2, 2019
09a96f7
prettier fixes
Dec 2, 2019
0a6667f
Property casing fix
Dec 2, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
530 changes: 530 additions & 0 deletions ...ty/resource-manager/Microsoft.Security/preview/2019-01-01-preview/assessmentMetadata.json
View file
Open in desktop

Large diffs are not rendered by default.

53 changes: 53 additions & 0 deletions ...-preview/examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{
"parameters": {
"api-version": "2019-01-01-preview",
"subscriptionId": "0980887d-03d6-408c-9566-532f3456804e",
"assessmentMetadataName": "ca039e75-a276-4175-aebc-bcd41e4b14b7",
"assessmentMetadata": {
"properties": {
"displayName": "Install endpoint protection solution on virtual machine scale sets",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
"description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
"remediationDescription": "To install an endpoint protection solution: 1. <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
"category": [
"Compute"
],
"severity": "Medium",
"userImpact": "Low",
"implementationEffort": "Low",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"assessmentType": "CustomerManaged"
}
}
},
"responses": {
"200": {
"body": {
"id": "/providers/Microsoft.Security/assessmentMetadata/ca039e75-a276-4175-aebc-bcd41e4b14b7",
"name": "ca039e75-a276-4175-aebc-bcd41e4b14b7",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "My organization security assessment",
"description": "Assessment that my organization created to view our security assessment in Azure Security Center",
"remediationDescription": "Fix it with these remediation instructions",
"category": [
"Compute"
],
"severity": "Medium",
"userImpact": "Low",
"implementationEffort": "Low",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"assessmentType": "CustomerManaged"
}
}
}
}
}
10 changes: 10 additions & 0 deletions ...-preview/examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"parameters": {
"api-version": "2019-01-01-preview",
"subscriptionId": "0980887d-03d6-408c-9566-532f3456804e",
"assessmentMetadataName": "ca039e75-a276-4175-aebc-bcd41e4b14b7"
},
"responses": {
"200": {}
}
}
33 changes: 33 additions & 0 deletions ...eview/2019-01-01-preview/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
{
"parameters": {
"api-version": "2019-01-01-preview",
"assessmentMetadataName": "21300918-b2e3-0346-785f-c77ff57d243b"
},
"responses": {
"200": {
"body": {
"id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
"name": "21300918-b2e3-0346-785f-c77ff57d243b",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "Install endpoint protection solution on virtual machine scale sets",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
"description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
"remediationDescription": "To install an endpoint protection solution: 1. <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
"category": [
"Compute"
],
"severity": "Medium",
"userImpact": "Low",
"implementationEffort": "Low",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"assessmentType": "BuiltIn"
}
}
}
}
}
34 changes: 34 additions & 0 deletions ...-01-preview/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
{
"parameters": {
"api-version": "2019-01-01-preview",
"subscriptionId": "0980887d-03d6-408c-9566-532f3456804e",
"assessmentMetadataName": "21300918-b2e3-0346-785f-c77ff57d243b"
},
"responses": {
"200": {
"body": {
"id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
"name": "21300918-b2e3-0346-785f-c77ff57d243b",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "Install endpoint protection solution on virtual machine scale sets",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
"description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
"remediationDescription": "To install an endpoint protection solution: 1. <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
"category": [
"Compute"
],
"severity": "Medium",
"userImpact": "Low",
"implementationEffort": "Low",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"assessmentType": "BuiltIn"
}
}
}
}
}
78 changes: 78 additions & 0 deletions ...view/2019-01-01-preview/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
{
"parameters": {
"api-version": "2019-01-01-preview"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
"name": "21300918-b2e3-0346-785f-c77ff57d243b",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "Install endpoint protection solution on virtual machine scale sets",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
"description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
"remediationDescription": "To install an endpoint protection solution: 1. <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
"category": [
"Compute"
],
"severity": "Medium",
"userImpact": "Low",
"implementationEffort": "Low",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"assessmentType": "BuiltIn"
}
},
{
"id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe",
"name": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "Close management ports on your virtual machines",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
"description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.",
"remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.<br>To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'",
"category": [
"Networking"
],
"severity": "Medium",
"userImpact": "High",
"implementationEffort": "Low",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"preview": true,
"assessmentType": "CustomPolicy"
}
},
{
"id": "/providers/Microsoft.Security/assessmentMetadata/ca039e75-a276-4175-aebc-bcd41e4b14b7",
"name": "ca039e75-a276-4175-aebc-bcd41e4b14b7",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "My organization security assessment",
"description": "Assessment that my organization created to view our security assessment in Azure Security Center",
"remediationDescription": "Fix it with these remediation instructions",
"category": [
"Compute"
],
"severity": "Medium",
"userImpact": "Low",
"implementationEffort": "Low",
"threats": [],
"assessmentType": "CustomerManaged"
}
}
]
}
}
}
}
61 changes: 61 additions & 0 deletions ...01-preview/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
{
"parameters": {
"api-version": "2019-01-01-preview",
"subscriptionId": "0980887d-03d6-408c-9566-532f3456804e"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
"name": "21300918-b2e3-0346-785f-c77ff57d243b",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "Install endpoint protection solution on virtual machine scale sets",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
"description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
"remediationDescription": "To install an endpoint protection solution: 1. <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
"category": [
"Compute"
],
"severity": "Medium",
"userImpact": "Low",
"implementationEffort": "Low",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"assessmentType": "BuiltIn"
}
},
{
"id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe",
"name": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "Close management ports on your virtual machines",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
"description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.",
"remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.<br>To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'",
"category": [
"Networking"
],
"severity": "Medium",
"userImpact": "High",
"implementationEffort": "Low",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"preview": true,
"assessmentType": "CustomPolicy"
}
}
]
}
}
}
}
83 changes: 42 additions & 41 deletions specification/security/resource-manager/readme.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,7 @@ input-file:
- Microsoft.Security/preview/2019-01-01-preview/serverVulnerabilityAssessments.json
- Microsoft.Security/preview/2019-01-01-preview/subAssessments.json
- Microsoft.Security/preview/2019-01-01-preview/automations.json
- Microsoft.Security/preview/2019-01-01-preview/assessmentMetadata.json

# Needed when there is more than one input file
override-info:
Expand Down Expand Up @@ -325,46 +326,46 @@ AutoRest V3 generators require the use of `--tag=all-api-versions` to select api

This block is updated by an automatic script. Edits may be lost!

``` yaml $(tag) == 'all-api-versions' /* autogenerated */
# include the azure profile definitions from the standard location
require: $(this-folder)/../../../profiles/readme.md

# all the input files across all versions
input-file:
- $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/automations.json
- $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/subAssessments.json
- $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/regulatoryCompliance.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/pricings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/securityContacts.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/workspaceSettings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/autoProvisioningSettings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/compliances.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/advancedThreatProtectionSettings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/deviceSecurityGroups.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/settings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/informationProtectionPolicies.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/operations.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/locations.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/tasks.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/alerts.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/discoveredSecuritySolutions.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/jitNetworkAccessPolicies.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/applicationWhitelistings.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/externalSecuritySolutions.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/topologies.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/allowedConnections.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/adaptiveNetworkHardenings.json
- $(this-folder)/Microsoft.Security/stable/2018-06-01/pricings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutions.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutionAnalytics.json
- $(this-folder)/Microsoft.Security/stable/2019-01-01/alerts.json
- $(this-folder)/Microsoft.Security/stable/2017-08-01/complianceResults.json
- $(this-folder)/Microsoft.Security/stable/2019-01-01/settings.json
- $(this-folder)/Microsoft.Security/stable/2019-08-01/deviceSecurityGroups.json
- $(this-folder)/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json
- $(this-folder)/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json
- $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/serverVulnerabilityAssessments.json

``` yaml $(tag) == 'all-api-versions' /* autogenerated */
# include the azure profile definitions from the standard location
require: $(this-folder)/../../../profiles/readme.md
# all the input files across all versions
input-file:
- $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/automations.json
- $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/subAssessments.json
- $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/regulatoryCompliance.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/pricings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/securityContacts.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/workspaceSettings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/autoProvisioningSettings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/compliances.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/advancedThreatProtectionSettings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/deviceSecurityGroups.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/settings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/informationProtectionPolicies.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/operations.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/locations.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/tasks.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/alerts.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/discoveredSecuritySolutions.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/jitNetworkAccessPolicies.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/applicationWhitelistings.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/externalSecuritySolutions.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/topologies.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/allowedConnections.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/adaptiveNetworkHardenings.json
- $(this-folder)/Microsoft.Security/stable/2018-06-01/pricings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutions.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutionAnalytics.json
- $(this-folder)/Microsoft.Security/stable/2019-01-01/alerts.json
- $(this-folder)/Microsoft.Security/stable/2017-08-01/complianceResults.json
- $(this-folder)/Microsoft.Security/stable/2019-01-01/settings.json
- $(this-folder)/Microsoft.Security/stable/2019-08-01/deviceSecurityGroups.json
- $(this-folder)/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json
- $(this-folder)/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json
- $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/serverVulnerabilityAssessments.json
```

If there are files that should not be in the `all-api-versions` set,
Expand All @@ -373,4 +374,4 @@ uncomment the `exclude-file` section below and add the file paths.
``` yaml $(tag) == 'all-api-versions'
#exclude-file:
# - $(this-folder)/Microsoft.Example/stable/2010-01-01/somefile.json
```
```