diff --git a/schemas/2018-05-01/subscriptionDeploymentTemplate.json b/schemas/2018-05-01/subscriptionDeploymentTemplate.json index 7b4b770b39..f0e7d70041 100644 --- a/schemas/2018-05-01/subscriptionDeploymentTemplate.json +++ b/schemas/2018-05-01/subscriptionDeploymentTemplate.json @@ -1562,9 +1562,6 @@ { "$ref": "https://schema.management.azure.com/schemas/2020-01-01-preview/Microsoft.Security.json#/subscription_resourceDefinitions/securityContacts" }, - { - "$ref": "https://schema.management.azure.com/schemas/2021-01-15-preview/Microsoft.Security.json#/subscription_resourceDefinitions/ingestionSettings" - }, { "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.Security.json#/subscription_resourceDefinitions/assessmentMetadata" }, diff --git a/schemas/2019-01-01-preview/Microsoft.Security.json b/schemas/2019-01-01-preview/Microsoft.Security.json index cc84bce1cb..071b29de40 100644 --- a/schemas/2019-01-01-preview/Microsoft.Security.json +++ b/schemas/2019-01-01-preview/Microsoft.Security.json @@ -207,7 +207,7 @@ "expirationDateUtc": { "type": "string", "format": "date-time", - "description": "Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date." + "description": "Expiration date of the rule, if value is not provided or provided as null there will no expiration at all" }, "reason": { "type": "string", diff --git a/schemas/2021-01-15-preview/Microsoft.Security.json b/schemas/2021-01-15-preview/Microsoft.Security.json deleted file mode 100644 index f0dbcf159a..0000000000 --- a/schemas/2021-01-15-preview/Microsoft.Security.json +++ /dev/null @@ -1,43 +0,0 @@ -{ - "id": "https://schema.management.azure.com/schemas/2021-01-15-preview/Microsoft.Security.json#", - "$schema": "http://json-schema.org/draft-04/schema#", - "title": "Microsoft.Security", - "description": "Microsoft Security Resource Types", - "resourceDefinitions": {}, - "subscription_resourceDefinitions": { - "ingestionSettings": { - "type": "object", - "properties": { - "apiVersion": { - "type": "string", - "enum": [ - "2021-01-15-preview" - ] - }, - "name": { - "type": "string", - "description": "Name of the ingestion setting" - }, - "properties": { - "type": "object", - "properties": {}, - "description": "Ingestion setting data" - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.Security/ingestionSettings" - ] - } - }, - "required": [ - "apiVersion", - "name", - "properties", - "type" - ], - "description": "Microsoft.Security/ingestionSettings" - } - }, - "definitions": {} -} \ No newline at end of file diff --git a/schemas/2023-10-01-preview/Microsoft.Security.json b/schemas/2023-10-01-preview/Microsoft.Security.json new file mode 100644 index 0000000000..5020777872 --- /dev/null +++ b/schemas/2023-10-01-preview/Microsoft.Security.json @@ -0,0 +1,2447 @@ +{ + "id": "https://schema.management.azure.com/schemas/2023-10-01-preview/Microsoft.Security.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Security", + "description": "Microsoft Security Resource Types", + "resourceDefinitions": { + "securityConnectors": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2023-10-01-preview" + ] + }, + "etag": { + "type": "string", + "description": "Entity tag is used for comparing two or more entities from the same requested resource." + }, + "kind": { + "type": "string", + "description": "Kind of the resource" + }, + "location": { + "type": "string", + "description": "Location where the resource is stored" + }, + "name": { + "type": "string", + "description": "The security connector name." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityConnectorProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A set of properties that defines the security connector configuration." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A list of key value pairs that describe the resource." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Security/securityConnectors" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Security/securityConnectors" + } + }, + "definitions": { + "AwsEnvironmentData": { + "type": "object", + "properties": { + "environmentType": { + "type": "string", + "enum": [ + "AwsAccount" + ] + }, + "organizationalData": { + "oneOf": [ + { + "$ref": "#/definitions/AwsOrganizationalData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The AWS organization data" + }, + "regions": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "list of regions to scan" + }, + "scanInterval": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Scan interval in hours (value should be between 1-hour to 24-hours)" + } + }, + "required": [ + "environmentType" + ], + "description": "The AWS connector environment data" + }, + "AwsOrganizationalData": { + "type": "object", + "oneOf": [ + { + "$ref": "#/definitions/AwsOrganizationalDataMaster" + }, + { + "$ref": "#/definitions/AwsOrganizationalDataMember" + } + ], + "properties": {}, + "description": "The AWS organization data" + }, + "AwsOrganizationalDataMaster": { + "type": "object", + "properties": { + "excludedAccountIds": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "If the multi cloud account is of membership type organization, list of accounts excluded from offering" + }, + "organizationMembershipType": { + "type": "string", + "enum": [ + "Organization" + ] + }, + "stacksetName": { + "type": "string", + "description": "If the multi cloud account is of membership type organization, this will be the name of the onboarding stackset" + } + }, + "required": [ + "organizationMembershipType" + ], + "description": "The AWS organization data for the master account" + }, + "AwsOrganizationalDataMember": { + "type": "object", + "properties": { + "organizationMembershipType": { + "type": "string", + "enum": [ + "Member" + ] + }, + "parentHierarchyId": { + "type": "string", + "description": "If the multi cloud account is not of membership type organization, this will be the ID of the account's parent" + } + }, + "required": [ + "organizationMembershipType" + ], + "description": "The AWS organization data for the member account" + }, + "AzureDevOpsScopeEnvironmentData": { + "type": "object", + "properties": { + "environmentType": { + "type": "string", + "enum": [ + "AzureDevOpsScope" + ] + } + }, + "required": [ + "environmentType" + ], + "description": "The AzureDevOps scope connector's environment data" + }, + "CloudOffering": { + "type": "object", + "oneOf": [ + { + "$ref": "#/definitions/CspmMonitorAwsOffering" + }, + { + "$ref": "#/definitions/DefenderForContainersAwsOffering" + }, + { + "$ref": "#/definitions/DefenderForServersAwsOffering" + }, + { + "$ref": "#/definitions/DefenderFoDatabasesAwsOffering" + }, + { + "$ref": "#/definitions/InformationProtectionAwsOffering" + }, + { + "$ref": "#/definitions/CspmMonitorGcpOffering" + }, + { + "$ref": "#/definitions/DefenderForServersGcpOffering" + }, + { + "$ref": "#/definitions/DefenderForDatabasesGcpOffering" + }, + { + "$ref": "#/definitions/DefenderForContainersGcpOffering" + }, + { + "$ref": "#/definitions/CspmMonitorGithubOffering" + }, + { + "$ref": "#/definitions/CspmMonitorAzureDevOpsOffering" + }, + { + "$ref": "#/definitions/DefenderCspmAwsOffering" + }, + { + "$ref": "#/definitions/DefenderCspmGcpOffering" + }, + { + "$ref": "#/definitions/DefenderForDevOpsGithubOffering" + }, + { + "$ref": "#/definitions/DefenderForDevOpsAzureDevOpsOffering" + }, + { + "$ref": "#/definitions/CspmMonitorGitLabOffering" + }, + { + "$ref": "#/definitions/DefenderForDevOpsGitLabOffering" + } + ], + "properties": {}, + "description": "The security offering details" + }, + "CspmMonitorAwsOffering": { + "type": "object", + "properties": { + "nativeCloudConnection": { + "oneOf": [ + { + "$ref": "#/definitions/CspmMonitorAwsOfferingNativeCloudConnection" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The native cloud connection configuration" + }, + "offeringType": { + "type": "string", + "enum": [ + "CspmMonitorAws" + ] + } + }, + "required": [ + "offeringType" + ], + "description": "The CSPM monitoring for AWS offering" + }, + "CspmMonitorAwsOfferingNativeCloudConnection": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + }, + "description": "The native cloud connection configuration" + }, + "CspmMonitorAzureDevOpsOffering": { + "type": "object", + "properties": { + "offeringType": { + "type": "string", + "enum": [ + "CspmMonitorAzureDevOps" + ] + } + }, + "required": [ + "offeringType" + ], + "description": "The CSPM monitoring for AzureDevOps offering" + }, + "CspmMonitorGcpOffering": { + "type": "object", + "properties": { + "nativeCloudConnection": { + "oneOf": [ + { + "$ref": "#/definitions/CspmMonitorGcpOfferingNativeCloudConnection" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The native cloud connection configuration" + }, + "offeringType": { + "type": "string", + "enum": [ + "CspmMonitorGcp" + ] + } + }, + "required": [ + "offeringType" + ], + "description": "The CSPM monitoring for GCP offering" + }, + "CspmMonitorGcpOfferingNativeCloudConnection": { + "type": "object", + "properties": { + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this offering" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The GCP workload identity provider id for the offering" + } + }, + "description": "The native cloud connection configuration" + }, + "CspmMonitorGithubOffering": { + "type": "object", + "properties": { + "offeringType": { + "type": "string", + "enum": [ + "CspmMonitorGithub" + ] + } + }, + "required": [ + "offeringType" + ], + "description": "The CSPM monitoring for github offering" + }, + "CspmMonitorGitLabOffering": { + "type": "object", + "properties": { + "offeringType": { + "type": "string", + "enum": [ + "CspmMonitorGitLab" + ] + } + }, + "required": [ + "offeringType" + ], + "description": "The CSPM (Cloud security posture management) monitoring for gitlab offering" + }, + "DefenderCspmAwsOffering": { + "type": "object", + "properties": { + "ciem": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderCspmAwsOfferingCiem" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Defenders CSPM Cloud infrastructure entitlement management (CIEM) offering configurations" + }, + "databasesDspm": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderCspmAwsOfferingDatabasesDspm" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The databases DSPM configuration" + }, + "dataSensitivityDiscovery": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderCspmAwsOfferingDataSensitivityDiscovery" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Microsoft Defender Data Sensitivity discovery configuration" + }, + "mdcContainersAgentlessDiscoveryK8s": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderCspmAwsOfferingMdcContainersAgentlessDiscoveryK8s" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Microsoft Defender container agentless discovery K8s configuration" + }, + "mdcContainersImageAssessment": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderCspmAwsOfferingMdcContainersImageAssessment" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Microsoft Defender container image assessment configuration" + }, + "offeringType": { + "type": "string", + "enum": [ + "DefenderCspmAws" + ] + }, + "vmScanners": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderCspmAwsOfferingVmScanners" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Microsoft Defender for Server VM scanning configuration" + } + }, + "required": [ + "offeringType" + ], + "description": "The CSPM P1 for AWS offering" + }, + "DefenderCspmAwsOfferingCiem": { + "type": "object", + "properties": { + "ciemDiscovery": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderCspmAwsOfferingCiemCiemDiscovery" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Defender CSPM CIEM discovery configuration" + }, + "ciemOidc": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderCspmAwsOfferingCiemCiemOidc" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Defender CSPM CIEM AWS OIDC (open id connect) configuration" + } + }, + "description": "Defenders CSPM Cloud infrastructure entitlement management (CIEM) offering configurations" + }, + "DefenderCspmAwsOfferingCiemCiemDiscovery": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for CIEM discovery" + } + }, + "description": "Defender CSPM CIEM discovery configuration" + }, + "DefenderCspmAwsOfferingCiemCiemOidc": { + "type": "object", + "properties": { + "azureActiveDirectoryAppName": { + "type": "string", + "description": "the azure active directory app name used of authenticating against AWS" + }, + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for CIEM oidc connection" + } + }, + "description": "Defender CSPM CIEM AWS OIDC (open id connect) configuration" + }, + "DefenderCspmAwsOfferingDatabasesDspm": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is databases DSPM protection enabled" + } + }, + "description": "The databases DSPM configuration" + }, + "DefenderCspmAwsOfferingDataSensitivityDiscovery": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender Data Sensitivity discovery enabled" + } + }, + "description": "The Microsoft Defender Data Sensitivity discovery configuration" + }, + "DefenderCspmAwsOfferingMdcContainersAgentlessDiscoveryK8s": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender container agentless discovery K8s enabled" + } + }, + "description": "The Microsoft Defender container agentless discovery K8s configuration" + }, + "DefenderCspmAwsOfferingMdcContainersImageAssessment": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender container image assessment enabled" + } + }, + "description": "The Microsoft Defender container image assessment configuration" + }, + "DefenderCspmAwsOfferingVmScanners": { + "type": "object", + "properties": { + "configuration": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderCspmAwsOfferingVmScannersConfiguration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "configuration for Microsoft Defender for Server VM scanning" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender for Server VM scanning enabled" + } + }, + "description": "The Microsoft Defender for Server VM scanning configuration" + }, + "DefenderCspmAwsOfferingVmScannersConfiguration": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + }, + "exclusionTags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "VM tags that indicates that VM should not be scanned" + }, + "scanningMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Default" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The scanning mode for the VM scan." + } + }, + "description": "configuration for Microsoft Defender for Server VM scanning" + }, + "DefenderCspmGcpOffering": { + "type": "object", + "properties": { + "ciemDiscovery": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderCspmGcpOfferingCiemDiscovery" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "GCP Defenders CSPM Cloud infrastructure entitlement management (CIEM) discovery offering configurations" + }, + "dataSensitivityDiscovery": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderCspmGcpOfferingDataSensitivityDiscovery" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Microsoft Defender Data Sensitivity discovery configuration" + }, + "mdcContainersAgentlessDiscoveryK8s": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderCspmGcpOfferingMdcContainersAgentlessDiscoveryK8s" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Microsoft Defender Container agentless discovery configuration" + }, + "mdcContainersImageAssessment": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderCspmGcpOfferingMdcContainersImageAssessment" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Microsoft Defender Container image assessment configuration" + }, + "offeringType": { + "type": "string", + "enum": [ + "DefenderCspmGcp" + ] + }, + "vmScanners": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderCspmGcpOfferingVmScanners" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Microsoft Defender for Server VM scanning configuration" + } + }, + "required": [ + "offeringType" + ], + "description": "The CSPM P1 for GCP offering" + }, + "DefenderCspmGcpOfferingCiemDiscovery": { + "type": "object", + "properties": { + "azureActiveDirectoryAppName": { + "type": "string", + "description": "the azure active directory app name used of authenticating against GCP workload identity federation" + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for CIEM discovery offering" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The GCP workload identity provider id for CIEM discovery offering" + } + }, + "description": "GCP Defenders CSPM Cloud infrastructure entitlement management (CIEM) discovery offering configurations" + }, + "DefenderCspmGcpOfferingDataSensitivityDiscovery": { + "type": "object", + "properties": { + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender Data Sensitivity discovery enabled" + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this feature" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The workload identity provider id in GCP for this feature" + } + }, + "description": "The Microsoft Defender Data Sensitivity discovery configuration" + }, + "DefenderCspmGcpOfferingMdcContainersAgentlessDiscoveryK8s": { + "type": "object", + "properties": { + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender container agentless discovery enabled" + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this feature" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The workload identity provider id in GCP for this feature" + } + }, + "description": "The Microsoft Defender Container agentless discovery configuration" + }, + "DefenderCspmGcpOfferingMdcContainersImageAssessment": { + "type": "object", + "properties": { + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender container image assessment enabled" + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this feature" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The workload identity provider id in GCP for this feature" + } + }, + "description": "The Microsoft Defender Container image assessment configuration" + }, + "DefenderCspmGcpOfferingVmScanners": { + "type": "object", + "properties": { + "configuration": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderCspmGcpOfferingVmScannersConfiguration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "configuration for Microsoft Defender for Server VM scanning" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender for Server VM scanning enabled" + } + }, + "description": "The Microsoft Defender for Server VM scanning configuration" + }, + "DefenderCspmGcpOfferingVmScannersConfiguration": { + "type": "object", + "properties": { + "exclusionTags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "VM tags that indicates that VM should not be scanned" + }, + "scanningMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Default" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The scanning mode for the VM scan." + } + }, + "description": "configuration for Microsoft Defender for Server VM scanning" + }, + "DefenderFoDatabasesAwsOffering": { + "type": "object", + "properties": { + "arcAutoProvisioning": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderFoDatabasesAwsOfferingArcAutoProvisioning" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The ARC autoprovisioning configuration" + }, + "databasesDspm": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderFoDatabasesAwsOfferingDatabasesDspm" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The databases data security posture management (DSPM) configuration" + }, + "offeringType": { + "type": "string", + "enum": [ + "DefenderForDatabasesAws" + ] + }, + "rds": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderFoDatabasesAwsOfferingRds" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The RDS configuration" + } + }, + "required": [ + "offeringType" + ], + "description": "The Defender for Databases AWS offering" + }, + "DefenderFoDatabasesAwsOfferingArcAutoProvisioning": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + }, + "configuration": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderFoDatabasesAwsOfferingArcAutoProvisioningConfiguration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Configuration for servers Arc auto provisioning" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is arc auto provisioning enabled" + } + }, + "description": "The ARC autoprovisioning configuration" + }, + "DefenderFoDatabasesAwsOfferingArcAutoProvisioningConfiguration": { + "type": "object", + "properties": { + "privateLinkScope": { + "type": "string", + "description": "Optional Arc private link scope resource id to link the Arc agent" + }, + "proxy": { + "type": "string", + "description": "Optional http proxy endpoint to use for the Arc agent" + } + }, + "description": "Configuration for servers Arc auto provisioning" + }, + "DefenderFoDatabasesAwsOfferingDatabasesDspm": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is databases data security posture management (DSPM) protection enabled" + } + }, + "description": "The databases data security posture management (DSPM) configuration" + }, + "DefenderFoDatabasesAwsOfferingRds": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is RDS protection enabled" + } + }, + "description": "The RDS configuration" + }, + "DefenderForContainersAwsOffering": { + "type": "object", + "properties": { + "autoProvisioning": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is audit logs pipeline auto provisioning enabled" + }, + "cloudWatchToKinesis": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForContainersAwsOfferingCloudWatchToKinesis" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The cloudwatch to kinesis connection configuration" + }, + "containerVulnerabilityAssessment": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForContainersAwsOfferingContainerVulnerabilityAssessment" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The container vulnerability assessment configuration" + }, + "containerVulnerabilityAssessmentTask": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForContainersAwsOfferingContainerVulnerabilityAssessmentTask" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The container vulnerability assessment task configuration" + }, + "enableContainerVulnerabilityAssessment": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Enable container vulnerability assessment feature" + }, + "kinesisToS3": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForContainersAwsOfferingKinesisToS3" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The kinesis to s3 connection configuration" + }, + "kubeAuditRetentionTime": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The retention time in days of kube audit logs set on the CloudWatch log group" + }, + "kubernetesScubaReader": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForContainersAwsOfferingKubernetesScubaReader" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The kubernetes to scuba connection configuration" + }, + "kubernetesService": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForContainersAwsOfferingKubernetesService" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The kubernetes service connection configuration" + }, + "mdcContainersAgentlessDiscoveryK8s": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForContainersAwsOfferingMdcContainersAgentlessDiscoveryK8s" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Microsoft Defender container agentless discovery K8s configuration" + }, + "mdcContainersImageAssessment": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForContainersAwsOfferingMdcContainersImageAssessment" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Microsoft Defender container image assessment configuration" + }, + "offeringType": { + "type": "string", + "enum": [ + "DefenderForContainersAws" + ] + }, + "scubaExternalId": { + "type": "string", + "description": "The externalId used by the data reader to prevent the confused deputy attack" + } + }, + "required": [ + "offeringType" + ], + "description": "The Defender for Containers AWS offering" + }, + "DefenderForContainersAwsOfferingCloudWatchToKinesis": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS used by CloudWatch to transfer data into Kinesis" + } + }, + "description": "The cloudwatch to kinesis connection configuration" + }, + "DefenderForContainersAwsOfferingContainerVulnerabilityAssessment": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + }, + "description": "The container vulnerability assessment configuration" + }, + "DefenderForContainersAwsOfferingContainerVulnerabilityAssessmentTask": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + }, + "description": "The container vulnerability assessment task configuration" + }, + "DefenderForContainersAwsOfferingKinesisToS3": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS used by Kinesis to transfer data into S3" + } + }, + "description": "The kinesis to s3 connection configuration" + }, + "DefenderForContainersAwsOfferingKubernetesScubaReader": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature used for reading data" + } + }, + "description": "The kubernetes to scuba connection configuration" + }, + "DefenderForContainersAwsOfferingKubernetesService": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature used for provisioning resources" + } + }, + "description": "The kubernetes service connection configuration" + }, + "DefenderForContainersAwsOfferingMdcContainersAgentlessDiscoveryK8s": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender container agentless discovery K8s enabled" + } + }, + "description": "The Microsoft Defender container agentless discovery K8s configuration" + }, + "DefenderForContainersAwsOfferingMdcContainersImageAssessment": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender container image assessment enabled" + } + }, + "description": "The Microsoft Defender container image assessment configuration" + }, + "DefenderForContainersGcpOffering": { + "type": "object", + "properties": { + "auditLogsAutoProvisioningFlag": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is audit logs data collection enabled" + }, + "dataPipelineNativeCloudConnection": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForContainersGcpOfferingDataPipelineNativeCloudConnection" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The native cloud connection configuration" + }, + "defenderAgentAutoProvisioningFlag": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender for Cloud Kubernetes agent auto provisioning enabled" + }, + "mdcContainersAgentlessDiscoveryK8s": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForContainersGcpOfferingMdcContainersAgentlessDiscoveryK8s" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Microsoft Defender Container agentless discovery configuration" + }, + "mdcContainersImageAssessment": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForContainersGcpOfferingMdcContainersImageAssessment" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Microsoft Defender Container image assessment configuration" + }, + "nativeCloudConnection": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForContainersGcpOfferingNativeCloudConnection" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The native cloud connection configuration" + }, + "offeringType": { + "type": "string", + "enum": [ + "DefenderForContainersGcp" + ] + }, + "policyAgentAutoProvisioningFlag": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Policy Kubernetes agent auto provisioning enabled" + } + }, + "required": [ + "offeringType" + ], + "description": "The containers GCP offering" + }, + "DefenderForContainersGcpOfferingDataPipelineNativeCloudConnection": { + "type": "object", + "properties": { + "serviceAccountEmailAddress": { + "type": "string", + "description": "The data collection service account email address in GCP for this offering" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The data collection GCP workload identity provider id for this offering" + } + }, + "description": "The native cloud connection configuration" + }, + "DefenderForContainersGcpOfferingMdcContainersAgentlessDiscoveryK8s": { + "type": "object", + "properties": { + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender container agentless discovery enabled" + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this feature" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The workload identity provider id in GCP for this feature" + } + }, + "description": "The Microsoft Defender Container agentless discovery configuration" + }, + "DefenderForContainersGcpOfferingMdcContainersImageAssessment": { + "type": "object", + "properties": { + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender container image assessment enabled" + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this feature" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The workload identity provider id in GCP for this feature" + } + }, + "description": "The Microsoft Defender Container image assessment configuration" + }, + "DefenderForContainersGcpOfferingNativeCloudConnection": { + "type": "object", + "properties": { + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this offering" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The GCP workload identity provider id for this offering" + } + }, + "description": "The native cloud connection configuration" + }, + "DefenderForDatabasesGcpOffering": { + "type": "object", + "properties": { + "arcAutoProvisioning": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForDatabasesGcpOfferingArcAutoProvisioning" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The ARC autoprovisioning configuration" + }, + "defenderForDatabasesArcAutoProvisioning": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForDatabasesGcpOfferingDefenderForDatabasesArcAutoProvisioning" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The native cloud connection configuration" + }, + "offeringType": { + "type": "string", + "enum": [ + "DefenderForDatabasesGcp" + ] + } + }, + "required": [ + "offeringType" + ], + "description": "The Defender for Databases GCP offering configurations" + }, + "DefenderForDatabasesGcpOfferingArcAutoProvisioning": { + "type": "object", + "properties": { + "configuration": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForDatabasesGcpOfferingArcAutoProvisioningConfiguration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Configuration for servers Arc auto provisioning" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is arc auto provisioning enabled" + } + }, + "description": "The ARC autoprovisioning configuration" + }, + "DefenderForDatabasesGcpOfferingArcAutoProvisioningConfiguration": { + "type": "object", + "properties": { + "privateLinkScope": { + "type": "string", + "description": "Optional Arc private link scope resource id to link the Arc agent" + }, + "proxy": { + "type": "string", + "description": "Optional http proxy endpoint to use for the Arc agent" + } + }, + "description": "Configuration for servers Arc auto provisioning" + }, + "DefenderForDatabasesGcpOfferingDefenderForDatabasesArcAutoProvisioning": { + "type": "object", + "properties": { + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this offering" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The GCP workload identity provider id for this offering" + } + }, + "description": "The native cloud connection configuration" + }, + "DefenderForDevOpsAzureDevOpsOffering": { + "type": "object", + "properties": { + "offeringType": { + "type": "string", + "enum": [ + "DefenderForDevOpsAzureDevOps" + ] + } + }, + "required": [ + "offeringType" + ], + "description": "The Defender for DevOps for Azure DevOps offering" + }, + "DefenderForDevOpsGithubOffering": { + "type": "object", + "properties": { + "offeringType": { + "type": "string", + "enum": [ + "DefenderForDevOpsGithub" + ] + } + }, + "required": [ + "offeringType" + ], + "description": "The Defender for DevOps for Github offering" + }, + "DefenderForDevOpsGitLabOffering": { + "type": "object", + "properties": { + "offeringType": { + "type": "string", + "enum": [ + "DefenderForDevOpsGitLab" + ] + } + }, + "required": [ + "offeringType" + ], + "description": "The Defender for DevOps for Gitlab offering" + }, + "DefenderForServersAwsOffering": { + "type": "object", + "properties": { + "arcAutoProvisioning": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersAwsOfferingArcAutoProvisioning" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The ARC autoprovisioning configuration" + }, + "defenderForServers": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersAwsOfferingDefenderForServers" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Defender for servers connection configuration" + }, + "mdeAutoProvisioning": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersAwsOfferingMdeAutoProvisioning" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Microsoft Defender for Endpoint autoprovisioning configuration" + }, + "offeringType": { + "type": "string", + "enum": [ + "DefenderForServersAws" + ] + }, + "subPlan": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersAwsOfferingSubPlan" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "configuration for the servers offering subPlan" + }, + "vaAutoProvisioning": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersAwsOfferingVaAutoProvisioning" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Vulnerability Assessment autoprovisioning configuration" + }, + "vmScanners": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersAwsOfferingVmScanners" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Microsoft Defender for Server VM scanning configuration" + } + }, + "required": [ + "offeringType" + ], + "description": "The Defender for Servers AWS offering" + }, + "DefenderForServersAwsOfferingArcAutoProvisioning": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + }, + "configuration": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersAwsOfferingArcAutoProvisioningConfiguration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Configuration for servers Arc auto provisioning" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is arc auto provisioning enabled" + } + }, + "description": "The ARC autoprovisioning configuration" + }, + "DefenderForServersAwsOfferingArcAutoProvisioningConfiguration": { + "type": "object", + "properties": { + "privateLinkScope": { + "type": "string", + "description": "Optional Arc private link scope resource id to link the Arc agent" + }, + "proxy": { + "type": "string", + "description": "Optional HTTP proxy endpoint to use for the Arc agent" + } + }, + "description": "Configuration for servers Arc auto provisioning" + }, + "DefenderForServersAwsOfferingDefenderForServers": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + }, + "description": "The Defender for servers connection configuration" + }, + "DefenderForServersAwsOfferingMdeAutoProvisioning": { + "type": "object", + "properties": { + "configuration": { + "type": "object", + "properties": {}, + "description": "configuration for Microsoft Defender for Endpoint autoprovisioning" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender for Endpoint auto provisioning enabled" + } + }, + "description": "The Microsoft Defender for Endpoint autoprovisioning configuration" + }, + "DefenderForServersAwsOfferingSubPlan": { + "type": "object", + "properties": { + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "P1", + "P2" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The available sub plans." + } + }, + "description": "configuration for the servers offering subPlan" + }, + "DefenderForServersAwsOfferingVaAutoProvisioning": { + "type": "object", + "properties": { + "configuration": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersAwsOfferingVaAutoProvisioningConfiguration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "configuration for Vulnerability Assessment autoprovisioning" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Vulnerability Assessment auto provisioning enabled" + } + }, + "description": "The Vulnerability Assessment autoprovisioning configuration" + }, + "DefenderForServersAwsOfferingVaAutoProvisioningConfiguration": { + "type": "object", + "properties": { + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Qualys", + "TVM" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'." + } + }, + "description": "configuration for Vulnerability Assessment autoprovisioning" + }, + "DefenderForServersAwsOfferingVmScanners": { + "type": "object", + "properties": { + "configuration": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersAwsOfferingVmScannersConfiguration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "configuration for Microsoft Defender for Server VM scanning" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender for Server VM scanning enabled" + } + }, + "description": "The Microsoft Defender for Server VM scanning configuration" + }, + "DefenderForServersAwsOfferingVmScannersConfiguration": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + }, + "exclusionTags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "VM tags that indicates that VM should not be scanned" + }, + "scanningMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Default" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The scanning mode for the VM scan." + } + }, + "description": "configuration for Microsoft Defender for Server VM scanning" + }, + "DefenderForServersGcpOffering": { + "type": "object", + "properties": { + "arcAutoProvisioning": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersGcpOfferingArcAutoProvisioning" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The ARC autoprovisioning configuration" + }, + "defenderForServers": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersGcpOfferingDefenderForServers" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Defender for servers connection configuration" + }, + "mdeAutoProvisioning": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersGcpOfferingMdeAutoProvisioning" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Microsoft Defender for Endpoint autoprovisioning configuration" + }, + "offeringType": { + "type": "string", + "enum": [ + "DefenderForServersGcp" + ] + }, + "subPlan": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersGcpOfferingSubPlan" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "configuration for the servers offering subPlan" + }, + "vaAutoProvisioning": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersGcpOfferingVaAutoProvisioning" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Vulnerability Assessment autoprovisioning configuration" + }, + "vmScanners": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersGcpOfferingVmScanners" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Microsoft Defender for Server VM scanning configuration" + } + }, + "required": [ + "offeringType" + ], + "description": "The Defender for Servers GCP offering configurations" + }, + "DefenderForServersGcpOfferingArcAutoProvisioning": { + "type": "object", + "properties": { + "configuration": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersGcpOfferingArcAutoProvisioningConfiguration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Configuration for servers Arc auto provisioning" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is arc auto provisioning enabled" + } + }, + "description": "The ARC autoprovisioning configuration" + }, + "DefenderForServersGcpOfferingArcAutoProvisioningConfiguration": { + "type": "object", + "properties": { + "privateLinkScope": { + "type": "string", + "description": "Optional Arc private link scope resource id to link the Arc agent" + }, + "proxy": { + "type": "string", + "description": "Optional HTTP proxy endpoint to use for the Arc agent" + } + }, + "description": "Configuration for servers Arc auto provisioning" + }, + "DefenderForServersGcpOfferingDefenderForServers": { + "type": "object", + "properties": { + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this feature" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The workload identity provider id in GCP for this feature" + } + }, + "description": "The Defender for servers connection configuration" + }, + "DefenderForServersGcpOfferingMdeAutoProvisioning": { + "type": "object", + "properties": { + "configuration": { + "type": "object", + "properties": {}, + "description": "configuration for Microsoft Defender for Endpoint autoprovisioning" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender for Endpoint auto provisioning enabled" + } + }, + "description": "The Microsoft Defender for Endpoint autoprovisioning configuration" + }, + "DefenderForServersGcpOfferingSubPlan": { + "type": "object", + "properties": { + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "P1", + "P2" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The available sub plans." + } + }, + "description": "configuration for the servers offering subPlan" + }, + "DefenderForServersGcpOfferingVaAutoProvisioning": { + "type": "object", + "properties": { + "configuration": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersGcpOfferingVaAutoProvisioningConfiguration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "configuration for Vulnerability Assessment autoprovisioning" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Vulnerability Assessment auto provisioning enabled" + } + }, + "description": "The Vulnerability Assessment autoprovisioning configuration" + }, + "DefenderForServersGcpOfferingVaAutoProvisioningConfiguration": { + "type": "object", + "properties": { + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Qualys", + "TVM" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'." + } + }, + "description": "configuration for Vulnerability Assessment autoprovisioning" + }, + "DefenderForServersGcpOfferingVmScanners": { + "type": "object", + "properties": { + "configuration": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersGcpOfferingVmScannersConfiguration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "configuration for Microsoft Defender for Server VM scanning" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender for Server VM scanning enabled" + } + }, + "description": "The Microsoft Defender for Server VM scanning configuration" + }, + "DefenderForServersGcpOfferingVmScannersConfiguration": { + "type": "object", + "properties": { + "exclusionTags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "VM tags that indicate that VM should not be scanned" + }, + "scanningMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Default" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The scanning mode for the VM scan." + } + }, + "description": "configuration for Microsoft Defender for Server VM scanning" + }, + "EnvironmentData": { + "type": "object", + "oneOf": [ + { + "$ref": "#/definitions/AwsEnvironmentData" + }, + { + "$ref": "#/definitions/GcpProjectEnvironmentData" + }, + { + "$ref": "#/definitions/GithubScopeEnvironmentData" + }, + { + "$ref": "#/definitions/AzureDevOpsScopeEnvironmentData" + }, + { + "$ref": "#/definitions/GitlabScopeEnvironmentData" + } + ], + "properties": {}, + "description": "The security connector environment data." + }, + "GcpOrganizationalData": { + "type": "object", + "oneOf": [ + { + "$ref": "#/definitions/GcpOrganizationalDataOrganization" + }, + { + "$ref": "#/definitions/GcpOrganizationalDataMember" + } + ], + "properties": {}, + "description": "The gcpOrganization data" + }, + "GcpOrganizationalDataMember": { + "type": "object", + "properties": { + "managementProjectNumber": { + "type": "string", + "description": "The GCP management project number from organizational onboarding" + }, + "organizationMembershipType": { + "type": "string", + "enum": [ + "Member" + ] + }, + "parentHierarchyId": { + "type": "string", + "description": "If the multi cloud account is not of membership type organization, this will be the ID of the project's parent" + } + }, + "required": [ + "organizationMembershipType" + ], + "description": "The gcpOrganization data for the member account" + }, + "GcpOrganizationalDataOrganization": { + "type": "object", + "properties": { + "excludedProjectNumbers": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "If the multi cloud account is of membership type organization, list of accounts excluded from offering" + }, + "organizationMembershipType": { + "type": "string", + "enum": [ + "Organization" + ] + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address which represents the organization level permissions container." + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The GCP workload identity provider id which represents the permissions required to auto provision security connectors" + } + }, + "required": [ + "organizationMembershipType" + ], + "description": "The gcpOrganization data for the parent account" + }, + "GcpProjectDetails": { + "type": "object", + "properties": { + "projectId": { + "type": "string", + "description": "The GCP Project id" + }, + "projectNumber": { + "type": "string", + "description": "The unique GCP Project number" + } + }, + "description": "The details about the project represented by the security connector" + }, + "GcpProjectEnvironmentData": { + "type": "object", + "properties": { + "environmentType": { + "type": "string", + "enum": [ + "GcpProject" + ] + }, + "organizationalData": { + "oneOf": [ + { + "$ref": "#/definitions/GcpOrganizationalData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The gcpOrganization data" + }, + "projectDetails": { + "oneOf": [ + { + "$ref": "#/definitions/GcpProjectDetails" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The details about the project represented by the security connector" + }, + "scanInterval": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Scan interval in hours (value should be between 1-hour to 24-hours)" + } + }, + "required": [ + "environmentType" + ], + "description": "The GCP project connector environment data" + }, + "GithubScopeEnvironmentData": { + "type": "object", + "properties": { + "environmentType": { + "type": "string", + "enum": [ + "GithubScope" + ] + } + }, + "required": [ + "environmentType" + ], + "description": "The github scope connector's environment data" + }, + "GitlabScopeEnvironmentData": { + "type": "object", + "properties": { + "environmentType": { + "type": "string", + "enum": [ + "GitlabScope" + ] + } + }, + "required": [ + "environmentType" + ], + "description": "The GitLab scope connector's environment data" + }, + "InformationProtectionAwsOffering": { + "type": "object", + "properties": { + "informationProtection": { + "oneOf": [ + { + "$ref": "#/definitions/InformationProtectionAwsOfferingInformationProtection" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The native cloud connection configuration" + }, + "offeringType": { + "type": "string", + "enum": [ + "InformationProtectionAws" + ] + } + }, + "required": [ + "offeringType" + ], + "description": "The information protection for AWS offering" + }, + "InformationProtectionAwsOfferingInformationProtection": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + }, + "description": "The native cloud connection configuration" + }, + "SecurityConnectorProperties": { + "type": "object", + "properties": { + "environmentData": { + "oneOf": [ + { + "$ref": "#/definitions/EnvironmentData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The security connector environment data." + }, + "environmentName": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Azure", + "AWS", + "GCP", + "Github", + "AzureDevOps", + "GitLab" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The multi cloud resource's cloud name." + }, + "hierarchyIdentifier": { + "type": "string", + "description": "The multi cloud resource identifier (account id in case of AWS connector, project number in case of GCP connector)." + }, + "offerings": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/CloudOffering" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A collection of offerings for the security connector." + } + }, + "description": "A set of properties that defines the security connector configuration." + } + } +} \ No newline at end of file diff --git a/schemas/common/autogeneratedResources.json b/schemas/common/autogeneratedResources.json index 8dffb56f1e..686868fab4 100644 --- a/schemas/common/autogeneratedResources.json +++ b/schemas/common/autogeneratedResources.json @@ -31780,6 +31780,9 @@ { "$ref": "https://schema.management.azure.com/schemas/2023-09-01-preview/Microsoft.Security.json#/resourceDefinitions/securityConnectors_devops_azureDevOpsOrgs_projects_repos" }, + { + "$ref": "https://schema.management.azure.com/schemas/2023-10-01-preview/Microsoft.Security.json#/resourceDefinitions/securityConnectors" + }, { "$ref": "https://schema.management.azure.com/schemas/2021-01-11/Microsoft.SecurityAndCompliance.json#/resourceDefinitions/privateLinkServicesForEDMUpload" },