diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/_security_center.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/_security_center.py index 03f4764ee113..6e5d20a55e1d 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/_security_center.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/_security_center.py @@ -41,6 +41,7 @@ from .operations import RegulatoryComplianceControlsOperations from .operations import RegulatoryComplianceAssessmentsOperations from .operations import ServerVulnerabilityAssessmentOperations +from .operations import SubAssessmentsOperations from . import models @@ -106,6 +107,8 @@ class SecurityCenter(SDKClient): :vartype regulatory_compliance_assessments: azure.mgmt.security.operations.RegulatoryComplianceAssessmentsOperations :ivar server_vulnerability_assessment: ServerVulnerabilityAssessment operations :vartype server_vulnerability_assessment: azure.mgmt.security.operations.ServerVulnerabilityAssessmentOperations + :ivar sub_assessments: SubAssessments operations + :vartype sub_assessments: azure.mgmt.security.operations.SubAssessmentsOperations :param credentials: Credentials needed for the client to connect to Azure. :type credentials: :mod:`A msrestazure Credentials @@ -184,3 +187,5 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.server_vulnerability_assessment = ServerVulnerabilityAssessmentOperations( self._client, self.config, self._serialize, self._deserialize) + self.sub_assessments = SubAssessmentsOperations( + self._client, self.config, self._serialize, self._deserialize) diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/__init__.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/__init__.py index d0c40691dc6b..a366a0b4789c 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/__init__.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/__init__.py @@ -13,6 +13,7 @@ from ._models_py3 import AadConnectivityState1 from ._models_py3 import AadExternalSecuritySolution from ._models_py3 import AadSolutionProperties + from ._models_py3 import AdditionalData from ._models_py3 import AdvancedThreatProtectionSetting from ._models_py3 import Alert from ._models_py3 import AlertConfidenceReason @@ -27,6 +28,8 @@ from ._models_py3 import AtaExternalSecuritySolution from ._models_py3 import AtaSolutionProperties from ._models_py3 import AutoProvisioningSetting + from ._models_py3 import AwsResourceDetails + from ._models_py3 import AzureResourceDetails from ._models_py3 import CefExternalSecuritySolution from ._models_py3 import CefSolutionProperties from ._models_py3 import Compliance @@ -35,7 +38,10 @@ from ._models_py3 import ConnectableResource from ._models_py3 import ConnectedResource from ._models_py3 import ConnectedWorkspace + from ._models_py3 import ContainerRegistryVulnerabilityProperties from ._models_py3 import CustomAlertRule + from ._models_py3 import CVE + from ._models_py3 import CVSS from ._models_py3 import DataExportSetting from ._models_py3 import DenylistCustomAlertRule from ._models_py3 import DeviceSecurityGroup @@ -47,6 +53,7 @@ from ._models_py3 import InformationProtectionPolicy from ._models_py3 import InformationType from ._models_py3 import IoTSecurityAggregatedAlert + from ._models_py3 import IoTSecurityAggregatedAlertPropertiesTopDevicesListItem from ._models_py3 import IoTSecurityAggregatedRecommendation from ._models_py3 import IoTSecurityAlertedDevice from ._models_py3 import IoTSecurityDeviceAlert @@ -73,20 +80,26 @@ from ._models_py3 import PathRecommendation from ._models_py3 import Pricing from ._models_py3 import PricingList + from ._models_py3 import ProtectionMode from ._models_py3 import PublisherInfo from ._models_py3 import RecommendationConfigurationProperties from ._models_py3 import RegulatoryComplianceAssessment from ._models_py3 import RegulatoryComplianceControl from ._models_py3 import RegulatoryComplianceStandard from ._models_py3 import Resource + from ._models_py3 import ResourceDetails from ._models_py3 import SecurityContact + from ._models_py3 import SecuritySubAssessment from ._models_py3 import SecurityTask from ._models_py3 import SecurityTaskParameters from ._models_py3 import SensitivityLabel from ._models_py3 import ServerVulnerabilityAssessment from ._models_py3 import ServerVulnerabilityAssessmentsList + from ._models_py3 import ServerVulnerabilityProperties from ._models_py3 import Setting from ._models_py3 import SettingResource + from ._models_py3 import SqlServerVulnerabilityProperties + from ._models_py3 import SubAssessmentStatus from ._models_py3 import TagsResource from ._models_py3 import ThresholdCustomAlertRule from ._models_py3 import TimeWindowCustomAlertRule @@ -97,12 +110,14 @@ from ._models_py3 import UpdateIotSecuritySolutionData from ._models_py3 import UserDefinedResourcesProperties from ._models_py3 import UserRecommendation + from ._models_py3 import VendorReference from ._models_py3 import VmRecommendation from ._models_py3 import WorkspaceSetting except (SyntaxError, ImportError): from ._models import AadConnectivityState1 from ._models import AadExternalSecuritySolution from ._models import AadSolutionProperties + from ._models import AdditionalData from ._models import AdvancedThreatProtectionSetting from ._models import Alert from ._models import AlertConfidenceReason @@ -117,6 +132,8 @@ from ._models import AtaExternalSecuritySolution from ._models import AtaSolutionProperties from ._models import AutoProvisioningSetting + from ._models import AwsResourceDetails + from ._models import AzureResourceDetails from ._models import CefExternalSecuritySolution from ._models import CefSolutionProperties from ._models import Compliance @@ -125,7 +142,10 @@ from ._models import ConnectableResource from ._models import ConnectedResource from ._models import ConnectedWorkspace + from ._models import ContainerRegistryVulnerabilityProperties from ._models import CustomAlertRule + from ._models import CVE + from ._models import CVSS from ._models import DataExportSetting from ._models import DenylistCustomAlertRule from ._models import DeviceSecurityGroup @@ -137,6 +157,7 @@ from ._models import InformationProtectionPolicy from ._models import InformationType from ._models import IoTSecurityAggregatedAlert + from ._models import IoTSecurityAggregatedAlertPropertiesTopDevicesListItem from ._models import IoTSecurityAggregatedRecommendation from ._models import IoTSecurityAlertedDevice from ._models import IoTSecurityDeviceAlert @@ -163,20 +184,26 @@ from ._models import PathRecommendation from ._models import Pricing from ._models import PricingList + from ._models import ProtectionMode from ._models import PublisherInfo from ._models import RecommendationConfigurationProperties from ._models import RegulatoryComplianceAssessment from ._models import RegulatoryComplianceControl from ._models import RegulatoryComplianceStandard from ._models import Resource + from ._models import ResourceDetails from ._models import SecurityContact + from ._models import SecuritySubAssessment from ._models import SecurityTask from ._models import SecurityTaskParameters from ._models import SensitivityLabel from ._models import ServerVulnerabilityAssessment from ._models import ServerVulnerabilityAssessmentsList + from ._models import ServerVulnerabilityProperties from ._models import Setting from ._models import SettingResource + from ._models import SqlServerVulnerabilityProperties + from ._models import SubAssessmentStatus from ._models import TagsResource from ._models import ThresholdCustomAlertRule from ._models import TimeWindowCustomAlertRule @@ -187,6 +214,7 @@ from ._models import UpdateIotSecuritySolutionData from ._models import UserDefinedResourcesProperties from ._models import UserRecommendation + from ._models import VendorReference from ._models import VmRecommendation from ._models import WorkspaceSetting from ._paged_models import AlertPaged @@ -208,6 +236,7 @@ from ._paged_models import RegulatoryComplianceControlPaged from ._paged_models import RegulatoryComplianceStandardPaged from ._paged_models import SecurityContactPaged +from ._paged_models import SecuritySubAssessmentPaged from ._paged_models import SecurityTaskPaged from ._paged_models import SettingPaged from ._paged_models import TopologyResourcePaged @@ -223,6 +252,7 @@ DataSource, RecommendationType, RecommendationConfigStatus, + UnmaskedIpLoggingStatus, SecurityFamily, AadConnectivityState, ExternalSecuritySolutionKind, @@ -233,6 +263,8 @@ AlertNotifications, AlertsToAdmins, State, + SubAssessmentStatusCode, + Severity, ConnectionType, ) @@ -240,6 +272,7 @@ 'AadConnectivityState1', 'AadExternalSecuritySolution', 'AadSolutionProperties', + 'AdditionalData', 'AdvancedThreatProtectionSetting', 'Alert', 'AlertConfidenceReason', @@ -254,6 +287,8 @@ 'AtaExternalSecuritySolution', 'AtaSolutionProperties', 'AutoProvisioningSetting', + 'AwsResourceDetails', + 'AzureResourceDetails', 'CefExternalSecuritySolution', 'CefSolutionProperties', 'Compliance', @@ -262,7 +297,10 @@ 'ConnectableResource', 'ConnectedResource', 'ConnectedWorkspace', + 'ContainerRegistryVulnerabilityProperties', 'CustomAlertRule', + 'CVE', + 'CVSS', 'DataExportSetting', 'DenylistCustomAlertRule', 'DeviceSecurityGroup', @@ -274,6 +312,7 @@ 'InformationProtectionPolicy', 'InformationType', 'IoTSecurityAggregatedAlert', + 'IoTSecurityAggregatedAlertPropertiesTopDevicesListItem', 'IoTSecurityAggregatedRecommendation', 'IoTSecurityAlertedDevice', 'IoTSecurityDeviceAlert', @@ -300,20 +339,26 @@ 'PathRecommendation', 'Pricing', 'PricingList', + 'ProtectionMode', 'PublisherInfo', 'RecommendationConfigurationProperties', 'RegulatoryComplianceAssessment', 'RegulatoryComplianceControl', 'RegulatoryComplianceStandard', 'Resource', + 'ResourceDetails', 'SecurityContact', + 'SecuritySubAssessment', 'SecurityTask', 'SecurityTaskParameters', 'SensitivityLabel', 'ServerVulnerabilityAssessment', 'ServerVulnerabilityAssessmentsList', + 'ServerVulnerabilityProperties', 'Setting', 'SettingResource', + 'SqlServerVulnerabilityProperties', + 'SubAssessmentStatus', 'TagsResource', 'ThresholdCustomAlertRule', 'TimeWindowCustomAlertRule', @@ -324,6 +369,7 @@ 'UpdateIotSecuritySolutionData', 'UserDefinedResourcesProperties', 'UserRecommendation', + 'VendorReference', 'VmRecommendation', 'WorkspaceSetting', 'ComplianceResultPaged', @@ -349,6 +395,7 @@ 'RegulatoryComplianceStandardPaged', 'RegulatoryComplianceControlPaged', 'RegulatoryComplianceAssessmentPaged', + 'SecuritySubAssessmentPaged', 'ResourceStatus', 'PricingTier', 'ReportedSeverity', @@ -359,6 +406,7 @@ 'DataSource', 'RecommendationType', 'RecommendationConfigStatus', + 'UnmaskedIpLoggingStatus', 'SecurityFamily', 'AadConnectivityState', 'ExternalSecuritySolutionKind', @@ -369,5 +417,7 @@ 'AlertNotifications', 'AlertsToAdmins', 'State', + 'SubAssessmentStatusCode', + 'Severity', 'ConnectionType', ] diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models.py index 89600c9fb8d6..efa51ccc0b7b 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models.py @@ -164,6 +164,36 @@ def __init__(self, **kwargs): self.connectivity_state = kwargs.get('connectivity_state', None) +class AdditionalData(Model): + """Details of the sub-assessment. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: SqlServerVulnerabilityProperties, + ContainerRegistryVulnerabilityProperties, ServerVulnerabilityProperties + + All required parameters must be populated in order to send to Azure. + + :param assessed_resource_type: Required. Constant filled by server. + :type assessed_resource_type: str + """ + + _validation = { + 'assessed_resource_type': {'required': True}, + } + + _attribute_map = { + 'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'}, + } + + _subtype_map = { + 'assessed_resource_type': {'SqlServerVulnerability': 'SqlServerVulnerabilityProperties', 'ContainerRegistryVulnerability': 'ContainerRegistryVulnerabilityProperties', 'ServerVulnerabilityAssessment': 'ServerVulnerabilityProperties'} + } + + def __init__(self, **kwargs): + super(AdditionalData, self).__init__(**kwargs) + self.assessed_resource_type = None + + class Resource(Model): """Describes an Azure resource. @@ -636,8 +666,11 @@ class AppWhitelistingGroup(Model): :vartype type: str :ivar location: Location where the resource is stored :vartype location: str - :param enforcement_mode: Possible values include: 'Audit', 'Enforce' + :param enforcement_mode: Possible values include: 'Audit', 'Enforce', + 'None' :type enforcement_mode: str or ~azure.mgmt.security.models.enum + :param protection_mode: + :type protection_mode: ~azure.mgmt.security.models.ProtectionMode :param configuration_status: Possible values include: 'Configured', 'NotConfigured', 'InProgress', 'Failed', 'NoStatus' :type configuration_status: str or ~azure.mgmt.security.models.enum @@ -671,6 +704,7 @@ class AppWhitelistingGroup(Model): 'type': {'key': 'type', 'type': 'str'}, 'location': {'key': 'location', 'type': 'str'}, 'enforcement_mode': {'key': 'properties.enforcementMode', 'type': 'str'}, + 'protection_mode': {'key': 'properties.protectionMode', 'type': 'ProtectionMode'}, 'configuration_status': {'key': 'properties.configurationStatus', 'type': 'str'}, 'recommendation_status': {'key': 'properties.recommendationStatus', 'type': 'str'}, 'issues': {'key': 'properties.issues', 'type': '[AppWhitelistingIssueSummary]'}, @@ -686,6 +720,7 @@ def __init__(self, **kwargs): self.type = None self.location = None self.enforcement_mode = kwargs.get('enforcement_mode', None) + self.protection_mode = kwargs.get('protection_mode', None) self.configuration_status = kwargs.get('configuration_status', None) self.recommendation_status = kwargs.get('recommendation_status', None) self.issues = kwargs.get('issues', None) @@ -738,8 +773,14 @@ def __init__(self, **kwargs): class AppWhitelistingPutGroupData(Model): """The altered data of the recommended VM/server group policy. - :param enforcement_mode: Possible values include: 'Audit', 'Enforce' + :param enforcement_mode: The enforcement mode of the group. Can also be + defined per collection type by using ProtectionMode. Possible values + include: 'Audit', 'Enforce', 'None' :type enforcement_mode: str or ~azure.mgmt.security.models.enum + :param protection_mode: The protection mode of the group per collection + type. Can also be defined for all collection types by using + EnforcementMode + :type protection_mode: ~azure.mgmt.security.models.ProtectionMode :param vm_recommendations: :type vm_recommendations: list[~azure.mgmt.security.models.VmRecommendation] @@ -750,6 +791,7 @@ class AppWhitelistingPutGroupData(Model): _attribute_map = { 'enforcement_mode': {'key': 'enforcementMode', 'type': 'str'}, + 'protection_mode': {'key': 'protectionMode', 'type': 'ProtectionMode'}, 'vm_recommendations': {'key': 'vmRecommendations', 'type': '[VmRecommendation]'}, 'path_recommendations': {'key': 'pathRecommendations', 'type': '[PathRecommendation]'}, } @@ -757,6 +799,7 @@ class AppWhitelistingPutGroupData(Model): def __init__(self, **kwargs): super(AppWhitelistingPutGroupData, self).__init__(**kwargs) self.enforcement_mode = kwargs.get('enforcement_mode', None) + self.protection_mode = kwargs.get('protection_mode', None) self.vm_recommendations = kwargs.get('vm_recommendations', None) self.path_recommendations = kwargs.get('path_recommendations', None) @@ -936,6 +979,100 @@ def __init__(self, **kwargs): self.auto_provision = kwargs.get('auto_provision', None) +class ResourceDetails(Model): + """Details of the resource that was assessed. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: AzureResourceDetails, AwsResourceDetails + + All required parameters must be populated in order to send to Azure. + + :param source: Required. Constant filled by server. + :type source: str + """ + + _validation = { + 'source': {'required': True}, + } + + _attribute_map = { + 'source': {'key': 'source', 'type': 'str'}, + } + + _subtype_map = { + 'source': {'Azure': 'AzureResourceDetails', 'Aws': 'AwsResourceDetails'} + } + + def __init__(self, **kwargs): + super(ResourceDetails, self).__init__(**kwargs) + self.source = None + + +class AwsResourceDetails(ResourceDetails): + """Details of the resource that was assessed. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param source: Required. Constant filled by server. + :type source: str + :ivar account_id: AWS account ID + :vartype account_id: str + :ivar aws_resource_id: AWS resource ID. can be ARN or other + :vartype aws_resource_id: str + """ + + _validation = { + 'source': {'required': True}, + 'account_id': {'readonly': True}, + 'aws_resource_id': {'readonly': True}, + } + + _attribute_map = { + 'source': {'key': 'source', 'type': 'str'}, + 'account_id': {'key': 'accountId', 'type': 'str'}, + 'aws_resource_id': {'key': 'awsResourceId', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AwsResourceDetails, self).__init__(**kwargs) + self.account_id = None + self.aws_resource_id = None + self.source = 'Aws' + + +class AzureResourceDetails(ResourceDetails): + """Details of the resource that was assessed. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param source: Required. Constant filled by server. + :type source: str + :ivar id: Azure resource ID of the assessed resource + :vartype id: str + """ + + _validation = { + 'source': {'required': True}, + 'id': {'readonly': True}, + } + + _attribute_map = { + 'source': {'key': 'source', 'type': 'str'}, + 'id': {'key': 'id', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AzureResourceDetails, self).__init__(**kwargs) + self.id = None + self.source = 'Azure' + + class CefExternalSecuritySolution(ExternalSecuritySolution): """Represents a security solution which sends CEF logs to an OMS workspace. @@ -1264,6 +1401,125 @@ def __init__(self, **kwargs): self.id = kwargs.get('id', None) +class ContainerRegistryVulnerabilityProperties(AdditionalData): + """Additional context fields for container registry Vulnerability assessment. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param assessed_resource_type: Required. Constant filled by server. + :type assessed_resource_type: str + :ivar type: Vulnerability Type. e.g: Vulnerability, Potential + Vulnerability, Information Gathered, Vulnerability + :vartype type: str + :ivar cvss: Dictionary from cvss version to cvss details object + :vartype cvss: dict[str, ~azure.mgmt.security.models.CVSS] + :ivar patchable: Indicates whether a patch is available or not + :vartype patchable: bool + :ivar cve: List of CVEs + :vartype cve: list[~azure.mgmt.security.models.CVE] + :ivar published_time: Published time + :vartype published_time: datetime + :ivar vendor_references: + :vartype vendor_references: + list[~azure.mgmt.security.models.VendorReference] + :ivar repository_name: Name of the repository which the vulnerable image + belongs to + :vartype repository_name: str + :ivar image_digest: Digest of the vulnerable image + :vartype image_digest: str + """ + + _validation = { + 'assessed_resource_type': {'required': True}, + 'type': {'readonly': True}, + 'cvss': {'readonly': True}, + 'patchable': {'readonly': True}, + 'cve': {'readonly': True}, + 'published_time': {'readonly': True}, + 'vendor_references': {'readonly': True}, + 'repository_name': {'readonly': True}, + 'image_digest': {'readonly': True}, + } + + _attribute_map = { + 'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'cvss': {'key': 'cvss', 'type': '{CVSS}'}, + 'patchable': {'key': 'patchable', 'type': 'bool'}, + 'cve': {'key': 'cve', 'type': '[CVE]'}, + 'published_time': {'key': 'publishedTime', 'type': 'iso-8601'}, + 'vendor_references': {'key': 'vendorReferences', 'type': '[VendorReference]'}, + 'repository_name': {'key': 'repositoryName', 'type': 'str'}, + 'image_digest': {'key': 'imageDigest', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(ContainerRegistryVulnerabilityProperties, self).__init__(**kwargs) + self.type = None + self.cvss = None + self.patchable = None + self.cve = None + self.published_time = None + self.vendor_references = None + self.repository_name = None + self.image_digest = None + self.assessed_resource_type = 'ContainerRegistryVulnerability' + + +class CVE(Model): + """CVE details. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar title: CVE title + :vartype title: str + :ivar link: Link url + :vartype link: str + """ + + _validation = { + 'title': {'readonly': True}, + 'link': {'readonly': True}, + } + + _attribute_map = { + 'title': {'key': 'title', 'type': 'str'}, + 'link': {'key': 'link', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CVE, self).__init__(**kwargs) + self.title = None + self.link = None + + +class CVSS(Model): + """CVSS details. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar base: CVSS base + :vartype base: float + """ + + _validation = { + 'base': {'readonly': True}, + } + + _attribute_map = { + 'base': {'key': 'base', 'type': 'float'}, + } + + def __init__(self, **kwargs): + super(CVSS, self).__init__(**kwargs) + self.base = None + + class SettingResource(Resource): """The kind of the security setting. @@ -1716,6 +1972,10 @@ class IoTSecurityAggregatedAlert(Model): :ivar log_analytics_query: Log analytics query for getting the list of affected devices/alerts. :vartype log_analytics_query: str + :ivar top_devices_list: 10 devices with the highest number of occurrences + of this alert type, on this day. + :vartype top_devices_list: + list[~azure.mgmt.security.models.IoTSecurityAggregatedAlertPropertiesTopDevicesListItem] """ _validation = { @@ -1734,6 +1994,7 @@ class IoTSecurityAggregatedAlert(Model): 'system_source': {'readonly': True}, 'action_taken': {'readonly': True}, 'log_analytics_query': {'readonly': True}, + 'top_devices_list': {'readonly': True}, } _attribute_map = { @@ -1753,6 +2014,7 @@ class IoTSecurityAggregatedAlert(Model): 'system_source': {'key': 'properties.systemSource', 'type': 'str'}, 'action_taken': {'key': 'properties.actionTaken', 'type': 'str'}, 'log_analytics_query': {'key': 'properties.logAnalyticsQuery', 'type': 'str'}, + 'top_devices_list': {'key': 'properties.topDevicesList', 'type': '[IoTSecurityAggregatedAlertPropertiesTopDevicesListItem]'}, } def __init__(self, **kwargs): @@ -1773,6 +2035,41 @@ def __init__(self, **kwargs): self.system_source = None self.action_taken = None self.log_analytics_query = None + self.top_devices_list = None + + +class IoTSecurityAggregatedAlertPropertiesTopDevicesListItem(Model): + """IoTSecurityAggregatedAlertPropertiesTopDevicesListItem. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar device_id: Name of the device. + :vartype device_id: str + :ivar alerts_count: Number of alerts raised for this device. + :vartype alerts_count: int + :ivar last_occurrence: Most recent time this alert was raised for this + device, on this day. + :vartype last_occurrence: str + """ + + _validation = { + 'device_id': {'readonly': True}, + 'alerts_count': {'readonly': True}, + 'last_occurrence': {'readonly': True}, + } + + _attribute_map = { + 'device_id': {'key': 'deviceId', 'type': 'str'}, + 'alerts_count': {'key': 'alertsCount', 'type': 'int'}, + 'last_occurrence': {'key': 'lastOccurrence', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(IoTSecurityAggregatedAlertPropertiesTopDevicesListItem, self).__init__(**kwargs) + self.device_id = None + self.alerts_count = None + self.last_occurrence = None class IoTSecurityAggregatedRecommendation(Model): @@ -2128,6 +2425,11 @@ class IoTSecuritySolutionModel(Model): :param recommendations_configuration: :type recommendations_configuration: list[~azure.mgmt.security.models.RecommendationConfigurationProperties] + :param unmasked_ip_logging_status: Unmasked IP address logging status. + Possible values include: 'Disabled', 'Enabled'. Default value: "Disabled" + . + :type unmasked_ip_logging_status: str or + ~azure.mgmt.security.models.UnmaskedIpLoggingStatus """ _validation = { @@ -2155,6 +2457,7 @@ class IoTSecuritySolutionModel(Model): 'user_defined_resources': {'key': 'properties.userDefinedResources', 'type': 'UserDefinedResourcesProperties'}, 'auto_discovered_resources': {'key': 'properties.autoDiscoveredResources', 'type': '[str]'}, 'recommendations_configuration': {'key': 'properties.recommendationsConfiguration', 'type': '[RecommendationConfigurationProperties]'}, + 'unmasked_ip_logging_status': {'key': 'properties.unmaskedIpLoggingStatus', 'type': 'str'}, } def __init__(self, **kwargs): @@ -2173,6 +2476,7 @@ def __init__(self, **kwargs): self.user_defined_resources = kwargs.get('user_defined_resources', None) self.auto_discovered_resources = None self.recommendations_configuration = kwargs.get('recommendations_configuration', None) + self.unmasked_ip_logging_status = kwargs.get('unmasked_ip_logging_status', "Disabled") class IoTSeverityMetrics(Model): @@ -2302,6 +2606,8 @@ class JitNetworkAccessPolicyInitiateRequest(Model): open access for :type virtual_machines: list[~azure.mgmt.security.models.JitNetworkAccessPolicyInitiateVirtualMachine] + :param justification: The justification for making the initiate request + :type justification: str """ _validation = { @@ -2310,11 +2616,13 @@ class JitNetworkAccessPolicyInitiateRequest(Model): _attribute_map = { 'virtual_machines': {'key': 'virtualMachines', 'type': '[JitNetworkAccessPolicyInitiateVirtualMachine]'}, + 'justification': {'key': 'justification', 'type': 'str'}, } def __init__(self, **kwargs): super(JitNetworkAccessPolicyInitiateRequest, self).__init__(**kwargs) self.virtual_machines = kwargs.get('virtual_machines', None) + self.justification = kwargs.get('justification', None) class JitNetworkAccessPolicyInitiateVirtualMachine(Model): @@ -2437,6 +2745,8 @@ class JitNetworkAccessRequest(Model): :param requestor: Required. The identity of the person who made the request :type requestor: str + :param justification: The justification for making the initiate request + :type justification: str """ _validation = { @@ -2449,6 +2759,7 @@ class JitNetworkAccessRequest(Model): 'virtual_machines': {'key': 'virtualMachines', 'type': '[JitNetworkAccessRequestVirtualMachine]'}, 'start_time_utc': {'key': 'startTimeUtc', 'type': 'iso-8601'}, 'requestor': {'key': 'requestor', 'type': 'str'}, + 'justification': {'key': 'justification', 'type': 'str'}, } def __init__(self, **kwargs): @@ -2456,6 +2767,7 @@ def __init__(self, **kwargs): self.virtual_machines = kwargs.get('virtual_machines', None) self.start_time_utc = kwargs.get('start_time_utc', None) self.requestor = kwargs.get('requestor', None) + self.justification = kwargs.get('justification', None) class JitNetworkAccessRequestPort(Model): @@ -2776,6 +3088,35 @@ def __init__(self, **kwargs): self.value = kwargs.get('value', None) +class ProtectionMode(Model): + """The protection mode of the collection/file types. Exe/Msi/Script are used + for Windows, Executable is used for Linux. + + :param exe: Possible values include: 'Audit', 'Enforce', 'None' + :type exe: str or ~azure.mgmt.security.models.enum + :param msi: Possible values include: 'Audit', 'Enforce', 'None' + :type msi: str or ~azure.mgmt.security.models.enum + :param script: Possible values include: 'Audit', 'Enforce', 'None' + :type script: str or ~azure.mgmt.security.models.enum + :param executable: Possible values include: 'Audit', 'Enforce', 'None' + :type executable: str or ~azure.mgmt.security.models.enum + """ + + _attribute_map = { + 'exe': {'key': 'exe', 'type': 'str'}, + 'msi': {'key': 'msi', 'type': 'str'}, + 'script': {'key': 'script', 'type': 'str'}, + 'executable': {'key': 'executable', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(ProtectionMode, self).__init__(**kwargs) + self.exe = kwargs.get('exe', None) + self.msi = kwargs.get('msi', None) + self.script = kwargs.get('script', None) + self.executable = kwargs.get('executable', None) + + class PublisherInfo(Model): """Represents the publisher information of a process/rule. @@ -3107,6 +3448,83 @@ def __init__(self, **kwargs): self.alerts_to_admins = kwargs.get('alerts_to_admins', None) +class SecuritySubAssessment(Resource): + """Security sub-assessment on a resource. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :ivar security_sub_assessment_id: Vulnerability ID + :vartype security_sub_assessment_id: str + :ivar display_name: User friendly display name of the sub-assessment + :vartype display_name: str + :param status: + :type status: ~azure.mgmt.security.models.SubAssessmentStatus + :ivar remediation: Information on how to remediate this sub-assessment + :vartype remediation: str + :ivar impact: Description of the impact of this sub-assessment + :vartype impact: str + :ivar category: Category of the sub-assessment + :vartype category: str + :ivar description: Human readable description of the assessment status + :vartype description: str + :ivar time_generated: The date and time the sub-assessment was generated + :vartype time_generated: datetime + :param resource_details: + :type resource_details: ~azure.mgmt.security.models.ResourceDetails + :param additional_data: + :type additional_data: ~azure.mgmt.security.models.AdditionalData + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'security_sub_assessment_id': {'readonly': True}, + 'display_name': {'readonly': True}, + 'remediation': {'readonly': True}, + 'impact': {'readonly': True}, + 'category': {'readonly': True}, + 'description': {'readonly': True}, + 'time_generated': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'security_sub_assessment_id': {'key': 'properties.id', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'status': {'key': 'properties.status', 'type': 'SubAssessmentStatus'}, + 'remediation': {'key': 'properties.remediation', 'type': 'str'}, + 'impact': {'key': 'properties.impact', 'type': 'str'}, + 'category': {'key': 'properties.category', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'time_generated': {'key': 'properties.timeGenerated', 'type': 'iso-8601'}, + 'resource_details': {'key': 'properties.resourceDetails', 'type': 'ResourceDetails'}, + 'additional_data': {'key': 'properties.additionalData', 'type': 'AdditionalData'}, + } + + def __init__(self, **kwargs): + super(SecuritySubAssessment, self).__init__(**kwargs) + self.security_sub_assessment_id = None + self.display_name = None + self.status = kwargs.get('status', None) + self.remediation = None + self.impact = None + self.category = None + self.description = None + self.time_generated = None + self.resource_details = kwargs.get('resource_details', None) + self.additional_data = kwargs.get('additional_data', None) + + class SecurityTask(Resource): """Security task that we recommend to do in order to strengthen security. @@ -3270,6 +3688,145 @@ def __init__(self, **kwargs): self.value = kwargs.get('value', None) +class ServerVulnerabilityProperties(AdditionalData): + """Additional context fields for server vulnerability assessment. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param assessed_resource_type: Required. Constant filled by server. + :type assessed_resource_type: str + :ivar type: Vulnerability Type. e.g: Vulnerability, Potential + Vulnerability, Information Gathered + :vartype type: str + :ivar cvss: Dictionary from cvss version to cvss details object + :vartype cvss: dict[str, ~azure.mgmt.security.models.CVSS] + :ivar patchable: Indicates whether a patch is available or not + :vartype patchable: bool + :ivar cve: List of CVEs + :vartype cve: list[~azure.mgmt.security.models.CVE] + :ivar threat: Threat name + :vartype threat: str + :ivar published_time: Published time + :vartype published_time: datetime + :ivar vendor_references: + :vartype vendor_references: + list[~azure.mgmt.security.models.VendorReference] + """ + + _validation = { + 'assessed_resource_type': {'required': True}, + 'type': {'readonly': True}, + 'cvss': {'readonly': True}, + 'patchable': {'readonly': True}, + 'cve': {'readonly': True}, + 'threat': {'readonly': True}, + 'published_time': {'readonly': True}, + 'vendor_references': {'readonly': True}, + } + + _attribute_map = { + 'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'cvss': {'key': 'cvss', 'type': '{CVSS}'}, + 'patchable': {'key': 'patchable', 'type': 'bool'}, + 'cve': {'key': 'cve', 'type': '[CVE]'}, + 'threat': {'key': 'threat', 'type': 'str'}, + 'published_time': {'key': 'publishedTime', 'type': 'iso-8601'}, + 'vendor_references': {'key': 'vendorReferences', 'type': '[VendorReference]'}, + } + + def __init__(self, **kwargs): + super(ServerVulnerabilityProperties, self).__init__(**kwargs) + self.type = None + self.cvss = None + self.patchable = None + self.cve = None + self.threat = None + self.published_time = None + self.vendor_references = None + self.assessed_resource_type = 'ServerVulnerabilityAssessment' + + +class SqlServerVulnerabilityProperties(AdditionalData): + """Details of the resource that was assessed. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param assessed_resource_type: Required. Constant filled by server. + :type assessed_resource_type: str + :ivar type: The resource type the sub assessment refers to in its resource + details + :vartype type: str + :ivar query: The T-SQL query that runs on your SQL database to perform the + particular check + :vartype query: str + """ + + _validation = { + 'assessed_resource_type': {'required': True}, + 'type': {'readonly': True}, + 'query': {'readonly': True}, + } + + _attribute_map = { + 'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'query': {'key': 'query', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SqlServerVulnerabilityProperties, self).__init__(**kwargs) + self.type = None + self.query = None + self.assessed_resource_type = 'SqlServerVulnerability' + + +class SubAssessmentStatus(Model): + """Status of the sub-assessment. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar code: Programmatic code for the status of the assessment. Possible + values include: 'Healthy', 'Unhealthy', 'NotApplicable' + :vartype code: str or ~azure.mgmt.security.models.SubAssessmentStatusCode + :ivar cause: Programmatic code for the cause of the assessment status + :vartype cause: str + :ivar description: Human readable description of the assessment status + :vartype description: str + :ivar severity: The sub-assessment severity level. Possible values + include: 'Low', 'Medium', 'High' + :vartype severity: str or ~azure.mgmt.security.models.Severity + """ + + _validation = { + 'code': {'readonly': True}, + 'cause': {'readonly': True}, + 'description': {'readonly': True}, + 'severity': {'readonly': True}, + } + + _attribute_map = { + 'code': {'key': 'code', 'type': 'str'}, + 'cause': {'key': 'cause', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'severity': {'key': 'severity', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SubAssessmentStatus, self).__init__(**kwargs) + self.code = None + self.cause = None + self.description = None + self.severity = None + + class TagsResource(Model): """A container holding only the Tags for a resource, allowing the user to update the tags. @@ -3624,6 +4181,34 @@ def __init__(self, **kwargs): self.recommendation_action = kwargs.get('recommendation_action', None) +class VendorReference(Model): + """Vendor reference. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar title: Link title + :vartype title: str + :ivar link: Link url + :vartype link: str + """ + + _validation = { + 'title': {'readonly': True}, + 'link': {'readonly': True}, + } + + _attribute_map = { + 'title': {'key': 'title', 'type': 'str'}, + 'link': {'key': 'link', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(VendorReference, self).__init__(**kwargs) + self.title = None + self.link = None + + class VmRecommendation(Model): """Represents a machine that is part of a VM/server group. diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models_py3.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models_py3.py index 0ec2a932124b..67e9f418a4cd 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models_py3.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models_py3.py @@ -164,6 +164,36 @@ def __init__(self, *, device_vendor: str=None, device_type: str=None, workspace= self.connectivity_state = connectivity_state +class AdditionalData(Model): + """Details of the sub-assessment. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: SqlServerVulnerabilityProperties, + ContainerRegistryVulnerabilityProperties, ServerVulnerabilityProperties + + All required parameters must be populated in order to send to Azure. + + :param assessed_resource_type: Required. Constant filled by server. + :type assessed_resource_type: str + """ + + _validation = { + 'assessed_resource_type': {'required': True}, + } + + _attribute_map = { + 'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'}, + } + + _subtype_map = { + 'assessed_resource_type': {'SqlServerVulnerability': 'SqlServerVulnerabilityProperties', 'ContainerRegistryVulnerability': 'ContainerRegistryVulnerabilityProperties', 'ServerVulnerabilityAssessment': 'ServerVulnerabilityProperties'} + } + + def __init__(self, **kwargs) -> None: + super(AdditionalData, self).__init__(**kwargs) + self.assessed_resource_type = None + + class Resource(Model): """Describes an Azure resource. @@ -636,8 +666,11 @@ class AppWhitelistingGroup(Model): :vartype type: str :ivar location: Location where the resource is stored :vartype location: str - :param enforcement_mode: Possible values include: 'Audit', 'Enforce' + :param enforcement_mode: Possible values include: 'Audit', 'Enforce', + 'None' :type enforcement_mode: str or ~azure.mgmt.security.models.enum + :param protection_mode: + :type protection_mode: ~azure.mgmt.security.models.ProtectionMode :param configuration_status: Possible values include: 'Configured', 'NotConfigured', 'InProgress', 'Failed', 'NoStatus' :type configuration_status: str or ~azure.mgmt.security.models.enum @@ -671,6 +704,7 @@ class AppWhitelistingGroup(Model): 'type': {'key': 'type', 'type': 'str'}, 'location': {'key': 'location', 'type': 'str'}, 'enforcement_mode': {'key': 'properties.enforcementMode', 'type': 'str'}, + 'protection_mode': {'key': 'properties.protectionMode', 'type': 'ProtectionMode'}, 'configuration_status': {'key': 'properties.configurationStatus', 'type': 'str'}, 'recommendation_status': {'key': 'properties.recommendationStatus', 'type': 'str'}, 'issues': {'key': 'properties.issues', 'type': '[AppWhitelistingIssueSummary]'}, @@ -679,13 +713,14 @@ class AppWhitelistingGroup(Model): 'path_recommendations': {'key': 'properties.pathRecommendations', 'type': '[PathRecommendation]'}, } - def __init__(self, *, enforcement_mode=None, configuration_status=None, recommendation_status=None, issues=None, source_system=None, vm_recommendations=None, path_recommendations=None, **kwargs) -> None: + def __init__(self, *, enforcement_mode=None, protection_mode=None, configuration_status=None, recommendation_status=None, issues=None, source_system=None, vm_recommendations=None, path_recommendations=None, **kwargs) -> None: super(AppWhitelistingGroup, self).__init__(**kwargs) self.id = None self.name = None self.type = None self.location = None self.enforcement_mode = enforcement_mode + self.protection_mode = protection_mode self.configuration_status = configuration_status self.recommendation_status = recommendation_status self.issues = issues @@ -738,8 +773,14 @@ def __init__(self, *, issue=None, number_of_vms: float=None, **kwargs) -> None: class AppWhitelistingPutGroupData(Model): """The altered data of the recommended VM/server group policy. - :param enforcement_mode: Possible values include: 'Audit', 'Enforce' + :param enforcement_mode: The enforcement mode of the group. Can also be + defined per collection type by using ProtectionMode. Possible values + include: 'Audit', 'Enforce', 'None' :type enforcement_mode: str or ~azure.mgmt.security.models.enum + :param protection_mode: The protection mode of the group per collection + type. Can also be defined for all collection types by using + EnforcementMode + :type protection_mode: ~azure.mgmt.security.models.ProtectionMode :param vm_recommendations: :type vm_recommendations: list[~azure.mgmt.security.models.VmRecommendation] @@ -750,13 +791,15 @@ class AppWhitelistingPutGroupData(Model): _attribute_map = { 'enforcement_mode': {'key': 'enforcementMode', 'type': 'str'}, + 'protection_mode': {'key': 'protectionMode', 'type': 'ProtectionMode'}, 'vm_recommendations': {'key': 'vmRecommendations', 'type': '[VmRecommendation]'}, 'path_recommendations': {'key': 'pathRecommendations', 'type': '[PathRecommendation]'}, } - def __init__(self, *, enforcement_mode=None, vm_recommendations=None, path_recommendations=None, **kwargs) -> None: + def __init__(self, *, enforcement_mode=None, protection_mode=None, vm_recommendations=None, path_recommendations=None, **kwargs) -> None: super(AppWhitelistingPutGroupData, self).__init__(**kwargs) self.enforcement_mode = enforcement_mode + self.protection_mode = protection_mode self.vm_recommendations = vm_recommendations self.path_recommendations = path_recommendations @@ -936,6 +979,100 @@ def __init__(self, *, auto_provision, **kwargs) -> None: self.auto_provision = auto_provision +class ResourceDetails(Model): + """Details of the resource that was assessed. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: AzureResourceDetails, AwsResourceDetails + + All required parameters must be populated in order to send to Azure. + + :param source: Required. Constant filled by server. + :type source: str + """ + + _validation = { + 'source': {'required': True}, + } + + _attribute_map = { + 'source': {'key': 'source', 'type': 'str'}, + } + + _subtype_map = { + 'source': {'Azure': 'AzureResourceDetails', 'Aws': 'AwsResourceDetails'} + } + + def __init__(self, **kwargs) -> None: + super(ResourceDetails, self).__init__(**kwargs) + self.source = None + + +class AwsResourceDetails(ResourceDetails): + """Details of the resource that was assessed. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param source: Required. Constant filled by server. + :type source: str + :ivar account_id: AWS account ID + :vartype account_id: str + :ivar aws_resource_id: AWS resource ID. can be ARN or other + :vartype aws_resource_id: str + """ + + _validation = { + 'source': {'required': True}, + 'account_id': {'readonly': True}, + 'aws_resource_id': {'readonly': True}, + } + + _attribute_map = { + 'source': {'key': 'source', 'type': 'str'}, + 'account_id': {'key': 'accountId', 'type': 'str'}, + 'aws_resource_id': {'key': 'awsResourceId', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(AwsResourceDetails, self).__init__(**kwargs) + self.account_id = None + self.aws_resource_id = None + self.source = 'Aws' + + +class AzureResourceDetails(ResourceDetails): + """Details of the resource that was assessed. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param source: Required. Constant filled by server. + :type source: str + :ivar id: Azure resource ID of the assessed resource + :vartype id: str + """ + + _validation = { + 'source': {'required': True}, + 'id': {'readonly': True}, + } + + _attribute_map = { + 'source': {'key': 'source', 'type': 'str'}, + 'id': {'key': 'id', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(AzureResourceDetails, self).__init__(**kwargs) + self.id = None + self.source = 'Azure' + + class CefExternalSecuritySolution(ExternalSecuritySolution): """Represents a security solution which sends CEF logs to an OMS workspace. @@ -1264,6 +1401,125 @@ def __init__(self, *, id: str=None, **kwargs) -> None: self.id = id +class ContainerRegistryVulnerabilityProperties(AdditionalData): + """Additional context fields for container registry Vulnerability assessment. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param assessed_resource_type: Required. Constant filled by server. + :type assessed_resource_type: str + :ivar type: Vulnerability Type. e.g: Vulnerability, Potential + Vulnerability, Information Gathered, Vulnerability + :vartype type: str + :ivar cvss: Dictionary from cvss version to cvss details object + :vartype cvss: dict[str, ~azure.mgmt.security.models.CVSS] + :ivar patchable: Indicates whether a patch is available or not + :vartype patchable: bool + :ivar cve: List of CVEs + :vartype cve: list[~azure.mgmt.security.models.CVE] + :ivar published_time: Published time + :vartype published_time: datetime + :ivar vendor_references: + :vartype vendor_references: + list[~azure.mgmt.security.models.VendorReference] + :ivar repository_name: Name of the repository which the vulnerable image + belongs to + :vartype repository_name: str + :ivar image_digest: Digest of the vulnerable image + :vartype image_digest: str + """ + + _validation = { + 'assessed_resource_type': {'required': True}, + 'type': {'readonly': True}, + 'cvss': {'readonly': True}, + 'patchable': {'readonly': True}, + 'cve': {'readonly': True}, + 'published_time': {'readonly': True}, + 'vendor_references': {'readonly': True}, + 'repository_name': {'readonly': True}, + 'image_digest': {'readonly': True}, + } + + _attribute_map = { + 'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'cvss': {'key': 'cvss', 'type': '{CVSS}'}, + 'patchable': {'key': 'patchable', 'type': 'bool'}, + 'cve': {'key': 'cve', 'type': '[CVE]'}, + 'published_time': {'key': 'publishedTime', 'type': 'iso-8601'}, + 'vendor_references': {'key': 'vendorReferences', 'type': '[VendorReference]'}, + 'repository_name': {'key': 'repositoryName', 'type': 'str'}, + 'image_digest': {'key': 'imageDigest', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(ContainerRegistryVulnerabilityProperties, self).__init__(**kwargs) + self.type = None + self.cvss = None + self.patchable = None + self.cve = None + self.published_time = None + self.vendor_references = None + self.repository_name = None + self.image_digest = None + self.assessed_resource_type = 'ContainerRegistryVulnerability' + + +class CVE(Model): + """CVE details. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar title: CVE title + :vartype title: str + :ivar link: Link url + :vartype link: str + """ + + _validation = { + 'title': {'readonly': True}, + 'link': {'readonly': True}, + } + + _attribute_map = { + 'title': {'key': 'title', 'type': 'str'}, + 'link': {'key': 'link', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(CVE, self).__init__(**kwargs) + self.title = None + self.link = None + + +class CVSS(Model): + """CVSS details. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar base: CVSS base + :vartype base: float + """ + + _validation = { + 'base': {'readonly': True}, + } + + _attribute_map = { + 'base': {'key': 'base', 'type': 'float'}, + } + + def __init__(self, **kwargs) -> None: + super(CVSS, self).__init__(**kwargs) + self.base = None + + class SettingResource(Resource): """The kind of the security setting. @@ -1716,6 +1972,10 @@ class IoTSecurityAggregatedAlert(Model): :ivar log_analytics_query: Log analytics query for getting the list of affected devices/alerts. :vartype log_analytics_query: str + :ivar top_devices_list: 10 devices with the highest number of occurrences + of this alert type, on this day. + :vartype top_devices_list: + list[~azure.mgmt.security.models.IoTSecurityAggregatedAlertPropertiesTopDevicesListItem] """ _validation = { @@ -1734,6 +1994,7 @@ class IoTSecurityAggregatedAlert(Model): 'system_source': {'readonly': True}, 'action_taken': {'readonly': True}, 'log_analytics_query': {'readonly': True}, + 'top_devices_list': {'readonly': True}, } _attribute_map = { @@ -1753,6 +2014,7 @@ class IoTSecurityAggregatedAlert(Model): 'system_source': {'key': 'properties.systemSource', 'type': 'str'}, 'action_taken': {'key': 'properties.actionTaken', 'type': 'str'}, 'log_analytics_query': {'key': 'properties.logAnalyticsQuery', 'type': 'str'}, + 'top_devices_list': {'key': 'properties.topDevicesList', 'type': '[IoTSecurityAggregatedAlertPropertiesTopDevicesListItem]'}, } def __init__(self, *, tags=None, **kwargs) -> None: @@ -1773,6 +2035,41 @@ def __init__(self, *, tags=None, **kwargs) -> None: self.system_source = None self.action_taken = None self.log_analytics_query = None + self.top_devices_list = None + + +class IoTSecurityAggregatedAlertPropertiesTopDevicesListItem(Model): + """IoTSecurityAggregatedAlertPropertiesTopDevicesListItem. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar device_id: Name of the device. + :vartype device_id: str + :ivar alerts_count: Number of alerts raised for this device. + :vartype alerts_count: int + :ivar last_occurrence: Most recent time this alert was raised for this + device, on this day. + :vartype last_occurrence: str + """ + + _validation = { + 'device_id': {'readonly': True}, + 'alerts_count': {'readonly': True}, + 'last_occurrence': {'readonly': True}, + } + + _attribute_map = { + 'device_id': {'key': 'deviceId', 'type': 'str'}, + 'alerts_count': {'key': 'alertsCount', 'type': 'int'}, + 'last_occurrence': {'key': 'lastOccurrence', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(IoTSecurityAggregatedAlertPropertiesTopDevicesListItem, self).__init__(**kwargs) + self.device_id = None + self.alerts_count = None + self.last_occurrence = None class IoTSecurityAggregatedRecommendation(Model): @@ -2128,6 +2425,11 @@ class IoTSecuritySolutionModel(Model): :param recommendations_configuration: :type recommendations_configuration: list[~azure.mgmt.security.models.RecommendationConfigurationProperties] + :param unmasked_ip_logging_status: Unmasked IP address logging status. + Possible values include: 'Disabled', 'Enabled'. Default value: "Disabled" + . + :type unmasked_ip_logging_status: str or + ~azure.mgmt.security.models.UnmaskedIpLoggingStatus """ _validation = { @@ -2155,9 +2457,10 @@ class IoTSecuritySolutionModel(Model): 'user_defined_resources': {'key': 'properties.userDefinedResources', 'type': 'UserDefinedResourcesProperties'}, 'auto_discovered_resources': {'key': 'properties.autoDiscoveredResources', 'type': '[str]'}, 'recommendations_configuration': {'key': 'properties.recommendationsConfiguration', 'type': '[RecommendationConfigurationProperties]'}, + 'unmasked_ip_logging_status': {'key': 'properties.unmaskedIpLoggingStatus', 'type': 'str'}, } - def __init__(self, *, workspace: str, display_name: str, iot_hubs, tags=None, location: str=None, status="Enabled", export=None, disabled_data_sources=None, user_defined_resources=None, recommendations_configuration=None, **kwargs) -> None: + def __init__(self, *, workspace: str, display_name: str, iot_hubs, tags=None, location: str=None, status="Enabled", export=None, disabled_data_sources=None, user_defined_resources=None, recommendations_configuration=None, unmasked_ip_logging_status="Disabled", **kwargs) -> None: super(IoTSecuritySolutionModel, self).__init__(**kwargs) self.id = None self.name = None @@ -2173,6 +2476,7 @@ def __init__(self, *, workspace: str, display_name: str, iot_hubs, tags=None, lo self.user_defined_resources = user_defined_resources self.auto_discovered_resources = None self.recommendations_configuration = recommendations_configuration + self.unmasked_ip_logging_status = unmasked_ip_logging_status class IoTSeverityMetrics(Model): @@ -2302,6 +2606,8 @@ class JitNetworkAccessPolicyInitiateRequest(Model): open access for :type virtual_machines: list[~azure.mgmt.security.models.JitNetworkAccessPolicyInitiateVirtualMachine] + :param justification: The justification for making the initiate request + :type justification: str """ _validation = { @@ -2310,11 +2616,13 @@ class JitNetworkAccessPolicyInitiateRequest(Model): _attribute_map = { 'virtual_machines': {'key': 'virtualMachines', 'type': '[JitNetworkAccessPolicyInitiateVirtualMachine]'}, + 'justification': {'key': 'justification', 'type': 'str'}, } - def __init__(self, *, virtual_machines, **kwargs) -> None: + def __init__(self, *, virtual_machines, justification: str=None, **kwargs) -> None: super(JitNetworkAccessPolicyInitiateRequest, self).__init__(**kwargs) self.virtual_machines = virtual_machines + self.justification = justification class JitNetworkAccessPolicyInitiateVirtualMachine(Model): @@ -2437,6 +2745,8 @@ class JitNetworkAccessRequest(Model): :param requestor: Required. The identity of the person who made the request :type requestor: str + :param justification: The justification for making the initiate request + :type justification: str """ _validation = { @@ -2449,13 +2759,15 @@ class JitNetworkAccessRequest(Model): 'virtual_machines': {'key': 'virtualMachines', 'type': '[JitNetworkAccessRequestVirtualMachine]'}, 'start_time_utc': {'key': 'startTimeUtc', 'type': 'iso-8601'}, 'requestor': {'key': 'requestor', 'type': 'str'}, + 'justification': {'key': 'justification', 'type': 'str'}, } - def __init__(self, *, virtual_machines, start_time_utc, requestor: str, **kwargs) -> None: + def __init__(self, *, virtual_machines, start_time_utc, requestor: str, justification: str=None, **kwargs) -> None: super(JitNetworkAccessRequest, self).__init__(**kwargs) self.virtual_machines = virtual_machines self.start_time_utc = start_time_utc self.requestor = requestor + self.justification = justification class JitNetworkAccessRequestPort(Model): @@ -2776,6 +3088,35 @@ def __init__(self, *, value, **kwargs) -> None: self.value = value +class ProtectionMode(Model): + """The protection mode of the collection/file types. Exe/Msi/Script are used + for Windows, Executable is used for Linux. + + :param exe: Possible values include: 'Audit', 'Enforce', 'None' + :type exe: str or ~azure.mgmt.security.models.enum + :param msi: Possible values include: 'Audit', 'Enforce', 'None' + :type msi: str or ~azure.mgmt.security.models.enum + :param script: Possible values include: 'Audit', 'Enforce', 'None' + :type script: str or ~azure.mgmt.security.models.enum + :param executable: Possible values include: 'Audit', 'Enforce', 'None' + :type executable: str or ~azure.mgmt.security.models.enum + """ + + _attribute_map = { + 'exe': {'key': 'exe', 'type': 'str'}, + 'msi': {'key': 'msi', 'type': 'str'}, + 'script': {'key': 'script', 'type': 'str'}, + 'executable': {'key': 'executable', 'type': 'str'}, + } + + def __init__(self, *, exe=None, msi=None, script=None, executable=None, **kwargs) -> None: + super(ProtectionMode, self).__init__(**kwargs) + self.exe = exe + self.msi = msi + self.script = script + self.executable = executable + + class PublisherInfo(Model): """Represents the publisher information of a process/rule. @@ -3107,6 +3448,83 @@ def __init__(self, *, email: str, alert_notifications, alerts_to_admins, phone: self.alerts_to_admins = alerts_to_admins +class SecuritySubAssessment(Resource): + """Security sub-assessment on a resource. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :ivar security_sub_assessment_id: Vulnerability ID + :vartype security_sub_assessment_id: str + :ivar display_name: User friendly display name of the sub-assessment + :vartype display_name: str + :param status: + :type status: ~azure.mgmt.security.models.SubAssessmentStatus + :ivar remediation: Information on how to remediate this sub-assessment + :vartype remediation: str + :ivar impact: Description of the impact of this sub-assessment + :vartype impact: str + :ivar category: Category of the sub-assessment + :vartype category: str + :ivar description: Human readable description of the assessment status + :vartype description: str + :ivar time_generated: The date and time the sub-assessment was generated + :vartype time_generated: datetime + :param resource_details: + :type resource_details: ~azure.mgmt.security.models.ResourceDetails + :param additional_data: + :type additional_data: ~azure.mgmt.security.models.AdditionalData + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'security_sub_assessment_id': {'readonly': True}, + 'display_name': {'readonly': True}, + 'remediation': {'readonly': True}, + 'impact': {'readonly': True}, + 'category': {'readonly': True}, + 'description': {'readonly': True}, + 'time_generated': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'security_sub_assessment_id': {'key': 'properties.id', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'status': {'key': 'properties.status', 'type': 'SubAssessmentStatus'}, + 'remediation': {'key': 'properties.remediation', 'type': 'str'}, + 'impact': {'key': 'properties.impact', 'type': 'str'}, + 'category': {'key': 'properties.category', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'time_generated': {'key': 'properties.timeGenerated', 'type': 'iso-8601'}, + 'resource_details': {'key': 'properties.resourceDetails', 'type': 'ResourceDetails'}, + 'additional_data': {'key': 'properties.additionalData', 'type': 'AdditionalData'}, + } + + def __init__(self, *, status=None, resource_details=None, additional_data=None, **kwargs) -> None: + super(SecuritySubAssessment, self).__init__(**kwargs) + self.security_sub_assessment_id = None + self.display_name = None + self.status = status + self.remediation = None + self.impact = None + self.category = None + self.description = None + self.time_generated = None + self.resource_details = resource_details + self.additional_data = additional_data + + class SecurityTask(Resource): """Security task that we recommend to do in order to strengthen security. @@ -3270,6 +3688,145 @@ def __init__(self, *, value=None, **kwargs) -> None: self.value = value +class ServerVulnerabilityProperties(AdditionalData): + """Additional context fields for server vulnerability assessment. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param assessed_resource_type: Required. Constant filled by server. + :type assessed_resource_type: str + :ivar type: Vulnerability Type. e.g: Vulnerability, Potential + Vulnerability, Information Gathered + :vartype type: str + :ivar cvss: Dictionary from cvss version to cvss details object + :vartype cvss: dict[str, ~azure.mgmt.security.models.CVSS] + :ivar patchable: Indicates whether a patch is available or not + :vartype patchable: bool + :ivar cve: List of CVEs + :vartype cve: list[~azure.mgmt.security.models.CVE] + :ivar threat: Threat name + :vartype threat: str + :ivar published_time: Published time + :vartype published_time: datetime + :ivar vendor_references: + :vartype vendor_references: + list[~azure.mgmt.security.models.VendorReference] + """ + + _validation = { + 'assessed_resource_type': {'required': True}, + 'type': {'readonly': True}, + 'cvss': {'readonly': True}, + 'patchable': {'readonly': True}, + 'cve': {'readonly': True}, + 'threat': {'readonly': True}, + 'published_time': {'readonly': True}, + 'vendor_references': {'readonly': True}, + } + + _attribute_map = { + 'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'cvss': {'key': 'cvss', 'type': '{CVSS}'}, + 'patchable': {'key': 'patchable', 'type': 'bool'}, + 'cve': {'key': 'cve', 'type': '[CVE]'}, + 'threat': {'key': 'threat', 'type': 'str'}, + 'published_time': {'key': 'publishedTime', 'type': 'iso-8601'}, + 'vendor_references': {'key': 'vendorReferences', 'type': '[VendorReference]'}, + } + + def __init__(self, **kwargs) -> None: + super(ServerVulnerabilityProperties, self).__init__(**kwargs) + self.type = None + self.cvss = None + self.patchable = None + self.cve = None + self.threat = None + self.published_time = None + self.vendor_references = None + self.assessed_resource_type = 'ServerVulnerabilityAssessment' + + +class SqlServerVulnerabilityProperties(AdditionalData): + """Details of the resource that was assessed. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param assessed_resource_type: Required. Constant filled by server. + :type assessed_resource_type: str + :ivar type: The resource type the sub assessment refers to in its resource + details + :vartype type: str + :ivar query: The T-SQL query that runs on your SQL database to perform the + particular check + :vartype query: str + """ + + _validation = { + 'assessed_resource_type': {'required': True}, + 'type': {'readonly': True}, + 'query': {'readonly': True}, + } + + _attribute_map = { + 'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'query': {'key': 'query', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(SqlServerVulnerabilityProperties, self).__init__(**kwargs) + self.type = None + self.query = None + self.assessed_resource_type = 'SqlServerVulnerability' + + +class SubAssessmentStatus(Model): + """Status of the sub-assessment. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar code: Programmatic code for the status of the assessment. Possible + values include: 'Healthy', 'Unhealthy', 'NotApplicable' + :vartype code: str or ~azure.mgmt.security.models.SubAssessmentStatusCode + :ivar cause: Programmatic code for the cause of the assessment status + :vartype cause: str + :ivar description: Human readable description of the assessment status + :vartype description: str + :ivar severity: The sub-assessment severity level. Possible values + include: 'Low', 'Medium', 'High' + :vartype severity: str or ~azure.mgmt.security.models.Severity + """ + + _validation = { + 'code': {'readonly': True}, + 'cause': {'readonly': True}, + 'description': {'readonly': True}, + 'severity': {'readonly': True}, + } + + _attribute_map = { + 'code': {'key': 'code', 'type': 'str'}, + 'cause': {'key': 'cause', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'severity': {'key': 'severity', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(SubAssessmentStatus, self).__init__(**kwargs) + self.code = None + self.cause = None + self.description = None + self.severity = None + + class TagsResource(Model): """A container holding only the Tags for a resource, allowing the user to update the tags. @@ -3624,6 +4181,34 @@ def __init__(self, *, username: str=None, recommendation_action=None, **kwargs) self.recommendation_action = recommendation_action +class VendorReference(Model): + """Vendor reference. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar title: Link title + :vartype title: str + :ivar link: Link url + :vartype link: str + """ + + _validation = { + 'title': {'readonly': True}, + 'link': {'readonly': True}, + } + + _attribute_map = { + 'title': {'key': 'title', 'type': 'str'}, + 'link': {'key': 'link', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(VendorReference, self).__init__(**kwargs) + self.title = None + self.link = None + + class VmRecommendation(Model): """Represents a machine that is part of a VM/server group. diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_paged_models.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_paged_models.py index f0eb60a62a7a..670bbb1a5813 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_paged_models.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_paged_models.py @@ -311,3 +311,16 @@ class RegulatoryComplianceAssessmentPaged(Paged): def __init__(self, *args, **kwargs): super(RegulatoryComplianceAssessmentPaged, self).__init__(*args, **kwargs) +class SecuritySubAssessmentPaged(Paged): + """ + A paging container for iterating over a list of :class:`SecuritySubAssessment ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[SecuritySubAssessment]'} + } + + def __init__(self, *args, **kwargs): + + super(SecuritySubAssessmentPaged, self).__init__(*args, **kwargs) diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_security_center_enums.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_security_center_enums.py index 684dbfad43da..8679f192cc6c 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_security_center_enums.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_security_center_enums.py @@ -88,6 +88,12 @@ class RecommendationConfigStatus(str, Enum): enabled = "Enabled" +class UnmaskedIpLoggingStatus(str, Enum): + + disabled = "Disabled" #: Unmasked IP logging is disabled + enabled = "Enabled" #: Unmasked IP logging is enabled + + class SecurityFamily(str, Enum): waf = "Waf" @@ -156,6 +162,20 @@ class State(str, Enum): unsupported = "Unsupported" #: No supported regulatory compliance data for the given standard +class SubAssessmentStatusCode(str, Enum): + + healthy = "Healthy" #: The resource is healthy + unhealthy = "Unhealthy" #: The resource has a security issue that needs to be addressed + not_applicable = "NotApplicable" #: Assessment for this resource did not happen + + +class Severity(str, Enum): + + low = "Low" + medium = "Medium" + high = "High" + + class ConnectionType(str, Enum): internal = "Internal" diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/__init__.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/__init__.py index f4efc5f7a4c7..9fa27d57ef23 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/__init__.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/__init__.py @@ -37,6 +37,7 @@ from ._regulatory_compliance_controls_operations import RegulatoryComplianceControlsOperations from ._regulatory_compliance_assessments_operations import RegulatoryComplianceAssessmentsOperations from ._server_vulnerability_assessment_operations import ServerVulnerabilityAssessmentOperations +from ._sub_assessments_operations import SubAssessmentsOperations __all__ = [ 'ComplianceResultsOperations', @@ -67,4 +68,5 @@ 'RegulatoryComplianceControlsOperations', 'RegulatoryComplianceAssessmentsOperations', 'ServerVulnerabilityAssessmentOperations', + 'SubAssessmentsOperations', ] diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_jit_network_access_policies_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_jit_network_access_policies_operations.py index 48df52e84dba..16a6f67da9d1 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_jit_network_access_policies_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_jit_network_access_policies_operations.py @@ -511,7 +511,7 @@ def delete( delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies/{jitNetworkAccessPolicyName}'} def initiate( - self, resource_group_name, jit_network_access_policy_name, virtual_machines, custom_headers=None, raw=False, **operation_config): + self, resource_group_name, jit_network_access_policy_name, virtual_machines, justification=None, custom_headers=None, raw=False, **operation_config): """Initiate a JIT access from a specific Just-in-Time policy configuration. @@ -525,6 +525,9 @@ def initiate( access for :type virtual_machines: list[~azure.mgmt.security.models.JitNetworkAccessPolicyInitiateVirtualMachine] + :param justification: The justification for making the initiate + request + :type justification: str :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the deserialized response @@ -535,7 +538,7 @@ def initiate( ~msrest.pipeline.ClientRawResponse :raises: :class:`CloudError` """ - body = models.JitNetworkAccessPolicyInitiateRequest(virtual_machines=virtual_machines) + body = models.JitNetworkAccessPolicyInitiateRequest(virtual_machines=virtual_machines, justification=justification) # Construct URL url = self.initiate.metadata['url'] diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_sub_assessments_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_sub_assessments_operations.py new file mode 100644 index 000000000000..c73ee21df970 --- /dev/null +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_sub_assessments_operations.py @@ -0,0 +1,253 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class SubAssessmentsOperations(object): + """SubAssessmentsOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2019-01-01-preview". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2019-01-01-preview" + + self.config = config + + def list_all( + self, scope, custom_headers=None, raw=False, **operation_config): + """Get security sub-assessments on all your scanned resources inside a + subscription scope. + + :param scope: Scope of the query, can be subscription + (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or management + group (/providers/Microsoft.Management/managementGroups/mgName). + :type scope: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of SecuritySubAssessment + :rtype: + ~azure.mgmt.security.models.SecuritySubAssessmentPaged[~azure.mgmt.security.models.SecuritySubAssessment] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list_all.metadata['url'] + path_format_arguments = { + 'scope': self._serialize.url("scope", scope, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.SecuritySubAssessmentPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list_all.metadata = {'url': '/{scope}/providers/Microsoft.Security/subAssessments'} + + def list( + self, scope, assessment_name, custom_headers=None, raw=False, **operation_config): + """Get security sub-assessments on all your scanned resources inside a + scope. + + :param scope: Scope of the query, can be subscription + (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or management + group (/providers/Microsoft.Management/managementGroups/mgName). + :type scope: str + :param assessment_name: The Assessment Key - Unique key for the + assessment type + :type assessment_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of SecuritySubAssessment + :rtype: + ~azure.mgmt.security.models.SecuritySubAssessmentPaged[~azure.mgmt.security.models.SecuritySubAssessment] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'scope': self._serialize.url("scope", scope, 'str'), + 'assessmentName': self._serialize.url("assessment_name", assessment_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.SecuritySubAssessmentPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list.metadata = {'url': '/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments'} + + def get( + self, scope, assessment_name, sub_assessment_name, custom_headers=None, raw=False, **operation_config): + """Get a security sub-assessment on your scanned resource. + + :param scope: Scope of the query, can be subscription + (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or management + group (/providers/Microsoft.Management/managementGroups/mgName). + :type scope: str + :param assessment_name: The Assessment Key - Unique key for the + assessment type + :type assessment_name: str + :param sub_assessment_name: The Sub-Assessment Key - Unique key for + the sub-assessment type + :type sub_assessment_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: SecuritySubAssessment or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.SecuritySubAssessment or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'scope': self._serialize.url("scope", scope, 'str'), + 'assessmentName': self._serialize.url("assessment_name", assessment_name, 'str'), + 'subAssessmentName': self._serialize.url("sub_assessment_name", sub_assessment_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecuritySubAssessment', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments/{subAssessmentName}'}