diff --git a/custom-words.txt b/custom-words.txt index 69908e02d77d..4dacc0ce562b 100644 --- a/custom-words.txt +++ b/custom-words.txt @@ -2769,3 +2769,5 @@ Overprovisioning Unprepares Unpreparing typespec +DSPM +Dspm \ No newline at end of file diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/examples/SecurityConnectors/DeleteSecurityConnector_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/examples/SecurityConnectors/DeleteSecurityConnector_example.json new file mode 100644 index 000000000000..6ebfc633aeea --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/examples/SecurityConnectors/DeleteSecurityConnector_example.json @@ -0,0 +1,12 @@ +{ + "parameters": { + "api-version": "2023-03-01-preview", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "myRg", + "securityConnectorName": "mySecurityConnectorName" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/examples/SecurityConnectors/GetSecurityConnectorSingleResource_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/examples/SecurityConnectors/GetSecurityConnectorSingleResource_example.json new file mode 100644 index 000000000000..7028f06f8a42 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/examples/SecurityConnectors/GetSecurityConnectorSingleResource_example.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2023-03-01-preview", + "subscriptionId": "a5caac9c-5c04-49af-b3d0-e204f40345d5", + "resourceGroupName": "exampleResourceGroup", + "securityConnectorName": "exampleSecurityConnectorName" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorName", + "name": "exampleSecurityConnectorName", + "type": "Microsoft.Security/securityConnectors", + "etag": "etag value", + "kind": "", + "location": "Central US", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-08-31T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-08-31T13:47:50.328Z" + }, + "properties": { + "environmentData": { + "environmentType": "AwsAccount" + }, + "hierarchyIdentifier": "exampleHierarchyId", + "environmentName": "AWS", + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/examples/SecurityConnectors/GetSecurityConnectorsResourceGroup_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/examples/SecurityConnectors/GetSecurityConnectorsResourceGroup_example.json new file mode 100644 index 000000000000..1e8a8bcc55ed --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/examples/SecurityConnectors/GetSecurityConnectorsResourceGroup_example.json @@ -0,0 +1,124 @@ +{ + "parameters": { + "api-version": "2023-03-01-preview", + "subscriptionId": "a5caac9c-5c04-49af-b3d0-e204f40345d5", + "resourceGroupName": "exampleResourceGroup" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorAws", + "name": "exampleSecurityConnectorAws", + "type": "Microsoft.Security/securityConnectors", + "etag": "etag value", + "kind": "", + "location": "Central US", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-08-31T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-08-31T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "AwsAccount" + }, + "environmentName": "AWS", + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + }, + { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorAwsOrganization", + "name": "exampleSecurityConnectorAwsOrganization", + "type": "Microsoft.Security/securityConnectors", + "etag": "etag value", + "kind": "", + "location": "Central US", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-12-15T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-12-15T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "AwsAccount", + "organizationalData": { + "organizationMembershipType": "Organization", + "stacksetName": "myStackSetName", + "excludedAccountIds": [ + "excludedAccountIdExample" + ] + } + }, + "environmentName": "AWS", + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + }, + { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorGcp", + "name": "exampleSecurityConnectorGcp", + "type": "Microsoft.Security/securityConnectors", + "etag": "etag value", + "kind": "", + "location": "Central US", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-12-15T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-12-15T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "GcpProject", + "projectDetails": { + "projectNumber": "exampleHierarchyId", + "projectId": "My-0GCP-Project", + "workloadIdentityPoolId": "My-workload-identity-federation-pool-id" + } + }, + "environmentName": "GCP", + "offerings": [ + { + "offeringType": "CspmMonitorGcp", + "nativeCloudConnection": { + "workloadIdentityProviderId": "My workload identity provider Id", + "serviceAccountEmailAddress": "capm@projectName.com" + } + } + ] + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/examples/SecurityConnectors/GetSecurityConnectorsSubscription_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/examples/SecurityConnectors/GetSecurityConnectorsSubscription_example.json new file mode 100644 index 000000000000..4c1435a74d6a --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/examples/SecurityConnectors/GetSecurityConnectorsSubscription_example.json @@ -0,0 +1,181 @@ +{ + "parameters": { + "api-version": "2023-03-01-preview", + "subscriptionId": "a5caac9c-5c04-49af-b3d0-e204f40345d5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup1/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorAws", + "name": "exampleSecurityConnectorAws", + "type": "Microsoft.Security/securityConnectors", + "etag": "etag value", + "kind": "", + "location": "Central US", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-08-31T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-08-31T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "AwsAccount" + }, + "environmentName": "AWS", + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + }, + { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup2/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorAwsOrganization", + "name": "exampleSecurityConnectorAwsOrganization", + "type": "Microsoft.Security/securityConnectors", + "etag": "etag value", + "kind": "", + "location": "Central US", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-12-15T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-12-15T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "AwsAccount", + "organizationalData": { + "organizationMembershipType": "Organization", + "stacksetName": "myStackSetName", + "excludedAccountIds": [ + "excludedAccountIdExample" + ] + } + }, + "environmentName": "AWS", + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + }, + { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup3/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorGithub", + "name": "githubTest", + "etag": "etag value", + "type": "Microsoft.Security/securityconnectors", + "location": "centralus", + "kind": "", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-12-15T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-12-15T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup3/providers/Microsoft.SecurityDevops/githubConnectors/exampleGithubConnector", + "environmentName": "Github", + "environmentData": { + "environmentType": "GithubScope" + }, + "offerings": [ + { + "offeringType": "CspmMonitorGithub" + } + ] + } + }, + { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup3/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorAzureDevOpsConnectors", + "name": "AzureDevOpsTest", + "etag": "etag value", + "type": "Microsoft.Security/securityconnectors", + "location": "centralus", + "kind": "", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-12-15T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-12-15T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup3/providers/Microsoft.SecurityDevops/azureDevOpsConnectors/exampleAzureDevOpsConnector", + "environmentName": "Github", + "environmentData": { + "environmentType": "GithubScope" + }, + "offerings": [ + { + "offeringType": "CspmMonitorGithub" + } + ] + } + }, + { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup3/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorGcp", + "name": "exampleSecurityConnectorGcp", + "type": "Microsoft.Security/securityConnectors", + "etag": "etag value", + "kind": "", + "location": "Central US", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-12-15T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-12-15T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "GcpProject", + "projectDetails": { + "projectNumber": "exampleHierarchyId", + "projectId": "My-0GCP-Project", + "workloadIdentityPoolId": "6c78da41157548d3b1d8b3c72effdf8c" + } + }, + "environmentName": "GCP", + "offerings": [ + { + "offeringType": "CspmMonitorGcp", + "nativeCloudConnection": { + "workloadIdentityProviderId": "My workload identity provider Id", + "serviceAccountEmailAddress": "capm@projectName.com" + } + } + ] + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/examples/SecurityConnectors/PatchSecurityConnector_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/examples/SecurityConnectors/PatchSecurityConnector_example.json new file mode 100644 index 000000000000..0fd2bd8dc98a --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/examples/SecurityConnectors/PatchSecurityConnector_example.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "api-version": "2023-03-01-preview", + "subscriptionId": "a5caac9c-5c04-49af-b3d0-e204f40345d5", + "securityConnectorName": "exampleSecurityConnectorName", + "resourceGroupName": "exampleResourceGroup", + "securityConnector": { + "location": "Central US", + "etag": "etag value (must be supplied for update)", + "tags": {}, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "AwsAccount" + }, + "environmentName": "AWS", + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorName", + "name": "exampleSecurityConnectorName", + "type": "Microsoft.Security/securityConnectors", + "location": "Central US", + "kind": "", + "etag": "etag value", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-08-31T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-08-31T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "AwsAccount" + }, + "environmentName": "AWS", + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/examples/SecurityConnectors/PutSecurityConnector_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/examples/SecurityConnectors/PutSecurityConnector_example.json new file mode 100644 index 000000000000..80d6a941ce58 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/examples/SecurityConnectors/PutSecurityConnector_example.json @@ -0,0 +1,98 @@ +{ + "parameters": { + "api-version": "2023-03-01-preview", + "subscriptionId": "a5caac9c-5c04-49af-b3d0-e204f40345d5", + "securityConnectorName": "exampleSecurityConnectorName", + "resourceGroupName": "exampleResourceGroup", + "securityConnector": { + "location": "Central US", + "etag": "etag value (must be supplied for update)", + "tags": {}, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentName": "AWS", + "environmentData": { + "environmentType": "AwsAccount" + }, + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorName", + "name": "exampleSecurityConnectorName", + "type": "Microsoft.Security/securityConnectors", + "location": "Central US", + "kind": "", + "etag": "", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-08-31T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-08-31T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "AwsAccount" + }, + "environmentName": "AWS", + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorName", + "name": "exampleSecurityConnectorName", + "type": "Microsoft.Security/securityConnectors", + "location": "Central US", + "kind": "", + "etag": "", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-08-31T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-08-31T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "AwsAccount" + }, + "environmentName": "AWS", + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/securityConnectors.json b/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/securityConnectors.json new file mode 100644 index 000000000000..b0d34d1f506b --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2023-03-01-preview/securityConnectors.json @@ -0,0 +1,1494 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "version": "2023-03-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/securityConnectors": { + "get": { + "x-ms-examples": { + "List all security connectors of a specified subscription": { + "$ref": "./examples/SecurityConnectors/GetSecurityConnectorsSubscription_example.json" + } + }, + "tags": [ + "SecurityConnectors" + ], + "description": "Lists all the security connectors in the specified subscription. Use the 'nextLink' property in the response to get the next page of security connectors for the specified subscription.", + "operationId": "SecurityConnectors_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityConnectorsList" + } + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors": { + "get": { + "x-ms-examples": { + "List all security connectors of a specified resource group": { + "$ref": "./examples/SecurityConnectors/GetSecurityConnectorsResourceGroup_example.json" + } + }, + "tags": [ + "SecurityConnectors" + ], + "description": "Lists all the security connectors in the specified resource group. Use the 'nextLink' property in the response to get the next page of security connectors for the specified resource group.", + "operationId": "SecurityConnectors_ListByResourceGroup", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityConnectorsList" + } + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName}": { + "get": { + "x-ms-examples": { + "Retrieve a security connector": { + "$ref": "./examples/SecurityConnectors/GetSecurityConnectorSingleResource_example.json" + } + }, + "tags": [ + "SecurityConnectors" + ], + "description": "Retrieves details of a specific security connector", + "operationId": "SecurityConnectors_Get", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/securityConnectorName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityConnector" + } + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create or update a security connector": { + "$ref": "./examples/SecurityConnectors/PutSecurityConnector_example.json" + } + }, + "tags": [ + "SecurityConnectors" + ], + "description": "Creates or updates a security connector. If a security connector is already created and a subsequent request is issued for the same security connector id, then it will be updated.", + "operationId": "SecurityConnectors_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/securityConnectorName" + }, + { + "$ref": "#/parameters/securityConnectorInBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityConnector" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/SecurityConnector" + } + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "patch": { + "x-ms-examples": { + "Update a security connector": { + "$ref": "./examples/SecurityConnectors/PatchSecurityConnector_example.json" + } + }, + "tags": [ + "SecurityConnectors" + ], + "description": "Updates a security connector", + "operationId": "SecurityConnectors_Update", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/securityConnectorName" + }, + { + "$ref": "#/parameters/securityConnectorInBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityConnector" + } + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a security connector": { + "$ref": "./examples/SecurityConnectors/DeleteSecurityConnector_example.json" + } + }, + "tags": [ + "SecurityConnectors" + ], + "operationId": "SecurityConnectors_Delete", + "description": "Deletes a security connector.", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/securityConnectorName" + } + ], + "responses": { + "200": { + "description": "The resource was deleted successfully" + }, + "204": { + "description": "NoContent" + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "SecurityConnectorsList": { + "type": "object", + "description": "List of security connectors response.", + "required": [ + "value" + ], + "properties": { + "value": { + "type": "array", + "description": "The list of security connectors under the given scope.", + "items": { + "$ref": "#/definitions/SecurityConnector" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "SecurityConnector": { + "type": "object", + "description": "The security connector resource.", + "properties": { + "systemData": { + "readOnly": true, + "type": "object", + "description": "Azure Resource Manager metadata containing createdBy and modifiedBy information.", + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/systemData" + }, + "properties": { + "x-ms-client-flatten": true, + "description": "Security connector data", + "$ref": "#/definitions/SecurityConnectorProperties" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/TrackedResource" + } + ] + }, + "SecurityConnectorProperties": { + "type": "object", + "description": "A set of properties that defines the security connector configuration.", + "properties": { + "hierarchyIdentifier": { + "type": "string", + "description": "The multi cloud resource identifier (account id in case of AWS connector, project number in case of GCP connector)." + }, + "hierarchyIdentifierTrialEndDate": { + "type": "string", + "format": "date-time", + "readOnly": true, + "description": "The date on which the trial period will end, if applicable. Trial period exists for 30 days after upgrading to payed offerings." + }, + "environmentName": { + "type": "string", + "description": "The multi cloud resource's cloud name.", + "enum": [ + "Azure", + "AWS", + "GCP", + "Github", + "AzureDevOps", + "GitLab" + ], + "x-ms-enum": { + "name": "cloudName", + "modelAsString": true + } + }, + "offerings": { + "type": "array", + "description": "A collection of offerings for the security connector.", + "items": { + "$ref": "#/definitions/cloudOffering" + }, + "x-ms-identifiers": [] + }, + "environmentData": { + "type": "object", + "description": "The security connector environment data.", + "$ref": "#/definitions/EnvironmentData" + } + } + }, + "EnvironmentData": { + "type": "object", + "description": "The security connector environment data.", + "discriminator": "environmentType", + "required": [ + "environmentType" + ], + "properties": { + "environmentType": { + "type": "string", + "description": "The type of the environment data.", + "enum": [ + "AwsAccount", + "GcpProject", + "GithubScope", + "AzureDevOpsScope", + "GitlabScope" + ], + "x-ms-enum": { + "name": "environmentType", + "modelAsString": true + } + } + } + }, + "AwsEnvironmentData": { + "type": "object", + "description": "The AWS connector environment data", + "x-ms-discriminator-value": "AwsAccount", + "allOf": [ + { + "$ref": "#/definitions/EnvironmentData" + } + ], + "properties": { + "organizationalData": { + "type": "object", + "description": "The AWS account's organizational data", + "$ref": "#/definitions/AwsOrganizationalData" + }, + "regions": { + "type": "array", + "description": "list of regions to scan", + "items": { + "type": "string", + "description": "AWS regions names" + } + }, + "accountName": { + "type": "string", + "description": "The AWS account name", + "readOnly": true + } + } + }, + "AwsOrganizationalData": { + "type": "object", + "description": "The AWS organization data", + "discriminator": "organizationMembershipType", + "required": [ + "organizationMembershipType" + ], + "properties": { + "organizationMembershipType": { + "type": "string", + "description": "The multi cloud account's membership type in the organization", + "enum": [ + "Member", + "Organization" + ], + "x-ms-enum": { + "name": "organizationMembershipType", + "modelAsString": true + } + } + } + }, + "AwsOrganizationalDataMaster": { + "type": "object", + "description": "The AWS organization data for the master account", + "x-ms-discriminator-value": "Organization", + "allOf": [ + { + "$ref": "#/definitions/AwsOrganizationalData" + } + ], + "properties": { + "stacksetName": { + "type": "string", + "description": "If the multi cloud account is of membership type organization, this will be the name of the onboarding stackset" + }, + "excludedAccountIds": { + "type": "array", + "description": "If the multi cloud account is of membership type organization, list of accounts excluded from offering", + "items": { + "type": "string", + "description": "account IDs" + } + } + } + }, + "AwsOrganizationalDataMember": { + "type": "object", + "description": "The AWS organization data for the member account", + "x-ms-discriminator-value": "Member", + "allOf": [ + { + "$ref": "#/definitions/AwsOrganizationalData" + } + ], + "properties": { + "parentHierarchyId": { + "type": "string", + "description": "If the multi cloud account is not of membership type organization, this will be the ID of the account's parent" + } + } + }, + "GcpProjectEnvironmentData": { + "type": "object", + "description": "The GCP project connector environment data", + "x-ms-discriminator-value": "GcpProject", + "allOf": [ + { + "$ref": "#/definitions/EnvironmentData" + } + ], + "properties": { + "organizationalData": { + "type": "object", + "description": "The Gcp project's organizational data", + "$ref": "#/definitions/GcpOrganizationalData" + }, + "projectDetails": { + "type": "object", + "description": "The Gcp project's details", + "$ref": "#/definitions/GcpProjectDetails" + } + } + }, + "GcpProjectDetails": { + "type": "object", + "description": "The details about the project represented by the security connector", + "properties": { + "projectNumber": { + "type": "string", + "description": "The unique GCP Project number" + }, + "projectId": { + "type": "string", + "description": "The GCP Project id" + }, + "workloadIdentityPoolId": { + "readOnly": true, + "type": "string", + "description": "The GCP workload identity federation pool id" + }, + "projectName": { + "readOnly": true, + "type": "string", + "description": "GCP project name" + } + } + }, + "GcpOrganizationalData": { + "type": "object", + "description": "The gcpOrganization data", + "discriminator": "organizationMembershipType", + "required": [ + "organizationMembershipType" + ], + "properties": { + "organizationMembershipType": { + "type": "string", + "description": "The multi cloud account's membership type in the organization", + "enum": [ + "Member", + "Organization" + ], + "x-ms-enum": { + "name": "organizationMembershipType", + "modelAsString": true + } + } + } + }, + "GcpOrganizationalDataOrganization": { + "type": "object", + "description": "The gcpOrganization data for the parent account", + "x-ms-discriminator-value": "Organization", + "allOf": [ + { + "$ref": "#/definitions/GcpOrganizationalData" + } + ], + "properties": { + "excludedProjectNumbers": { + "type": "array", + "description": "If the multi cloud account is of membership type organization, list of accounts excluded from offering", + "items": { + "type": "string", + "description": "account IDs" + } + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address which represents the organization level permissions container." + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The GCP workload identity provider id which represents the permissions required to auto provision security connectors" + }, + "organizationName": { + "readOnly": true, + "type": "string", + "description": "GCP organization name" + } + } + }, + "GcpOrganizationalDataMember": { + "type": "object", + "description": "The gcpOrganization data for the member account", + "x-ms-discriminator-value": "Member", + "allOf": [ + { + "$ref": "#/definitions/GcpOrganizationalData" + } + ], + "properties": { + "parentHierarchyId": { + "type": "string", + "description": "If the multi cloud account is not of membership type organization, this will be the ID of the project's parent" + }, + "managementProjectNumber": { + "type": "string", + "description": "The GCP management project number from organizational onboarding" + } + } + }, + "GithubScopeEnvironmentData": { + "type": "object", + "description": "The github scope connector's environment data", + "x-ms-discriminator-value": "GithubScope", + "allOf": [ + { + "$ref": "#/definitions/EnvironmentData" + } + ], + "properties": {} + }, + "AzureDevOpsScopeEnvironmentData": { + "type": "object", + "description": "The AzureDevOps scope connector's environment data", + "x-ms-discriminator-value": "AzureDevOpsScope", + "allOf": [ + { + "$ref": "#/definitions/EnvironmentData" + } + ], + "properties": {} + }, + "GitlabScopeEnvironmentData": { + "type": "object", + "description": "The GitLab scope connector's environment data", + "x-ms-discriminator-value": "GitlabScope", + "allOf": [ + { + "$ref": "#/definitions/EnvironmentData" + } + ], + "properties": {} + }, + "cloudOffering": { + "type": "object", + "description": "The security offering details", + "discriminator": "offeringType", + "required": [ + "offeringType" + ], + "properties": { + "offeringType": { + "type": "string", + "description": "The type of the security offering.", + "enum": [ + "CspmMonitorAws", + "DefenderForContainersAws", + "DefenderForServersAws", + "DefenderForDatabasesAws", + "InformationProtectionAws", + "CspmMonitorGcp", + "CspmMonitorGithub", + "CspmMonitorAzureDevOps", + "DefenderForServersGcp", + "DefenderForContainersGcp", + "DefenderForDatabasesGcp", + "DefenderCspmAws", + "DefenderCspmGcp", + "DefenderForDevOpsGithub", + "DefenderForDevOpsAzureDevOps", + "CspmMonitorGitLab", + "DefenderForDevOpsGitLab" + ], + "x-ms-enum": { + "name": "offeringType", + "modelAsString": true + } + }, + "description": { + "type": "string", + "description": "The offering description.", + "readOnly": true + } + } + }, + "cspmMonitorAwsOffering": { + "type": "object", + "description": "The CSPM monitoring for AWS offering", + "x-ms-discriminator-value": "CspmMonitorAws", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "nativeCloudConnection": { + "type": "object", + "description": "The native cloud connection configuration", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + } + } + } + }, + "defenderForContainersAwsOffering": { + "type": "object", + "description": "The Defender for Containers AWS offering", + "x-ms-discriminator-value": "DefenderForContainersAws", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "kubernetesService": { + "type": "object", + "description": "The kubernetes service connection configuration", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature used for provisioning resources" + } + } + }, + "kubernetesScubaReader": { + "type": "object", + "description": "The kubernetes to scuba connection configuration", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature used for reading data" + } + } + }, + "cloudWatchToKinesis": { + "type": "object", + "description": "The cloudwatch to kinesis connection configuration", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS used by CloudWatch to transfer data into Kinesis" + } + } + }, + "kinesisToS3": { + "type": "object", + "description": "The kinesis to s3 connection configuration", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS used by Kinesis to transfer data into S3" + } + } + }, + "containerVulnerabilityAssessment": { + "type": "object", + "description": "The container vulnerability assessment configuration", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + } + }, + "containerVulnerabilityAssessmentTask": { + "type": "object", + "description": "The container vulnerability assessment task configuration", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + } + }, + "enableContainerVulnerabilityAssessment": { + "type": "boolean", + "description": "Enable container vulnerability assessment feature" + }, + "autoProvisioning": { + "type": "boolean", + "description": "Is audit logs pipeline auto provisioning enabled" + }, + "kubeAuditRetentionTime": { + "type": "integer", + "format": "int64", + "description": "The retention time in days of kube audit logs set on the CloudWatch log group" + }, + "scubaExternalId": { + "type": "string", + "description": "The externalId used by the data reader to prevent the confused deputy attack" + } + } + }, + "defenderForServersAwsOffering": { + "type": "object", + "description": "The Defender for Servers AWS offering", + "x-ms-discriminator-value": "DefenderForServersAws", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "defenderForServers": { + "type": "object", + "description": "The Defender for servers connection configuration", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + } + }, + "arcAutoProvisioning": { + "type": "object", + "description": "The ARC autoprovisioning configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is arc auto provisioning enabled" + }, + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + }, + "configuration": { + "type": "object", + "description": "Configuration for servers Arc auto provisioning", + "properties": { + "proxy": { + "type": "string", + "description": "Optional HTTP proxy endpoint to use for the Arc agent" + }, + "privateLinkScope": { + "type": "string", + "description": "Optional Arc private link scope resource id to link the Arc agent" + } + } + } + } + }, + "vaAutoProvisioning": { + "type": "object", + "description": "The Vulnerability Assessment autoprovisioning configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Vulnerability Assessment auto provisioning enabled" + }, + "configuration": { + "type": "object", + "description": "configuration for Vulnerability Assessment autoprovisioning", + "properties": { + "type": { + "type": "string", + "description": "The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'", + "enum": [ + "Qualys", + "TVM" + ], + "x-ms-enum": { + "name": "type", + "modelAsString": true + } + } + } + } + } + }, + "mdeAutoProvisioning": { + "type": "object", + "description": "The Microsoft Defender for Endpoint autoprovisioning configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Microsoft Defender for Endpoint auto provisioning enabled" + }, + "configuration": { + "type": "object", + "description": "configuration for Microsoft Defender for Endpoint autoprovisioning", + "properties": {} + } + } + }, + "subPlan": { + "type": "object", + "description": "configuration for the servers offering subPlan", + "properties": { + "type": { + "type": "string", + "description": "The available sub plans", + "enum": [ + "P1", + "P2" + ], + "x-ms-enum": { + "name": "subPlan", + "modelAsString": true + } + } + } + }, + "vmScanners": { + "type": "object", + "description": "The Microsoft Defender for Server VM scanning configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Microsoft Defender for Server VM scanning enabled" + }, + "configuration": { + "type": "object", + "description": "configuration for Microsoft Defender for Server VM scanning", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + }, + "scanningMode": { + "type": "string", + "description": "The scanning mode for the VM scan.", + "enum": [ + "Default" + ], + "x-ms-enum": { + "name": "scanningMode", + "modelAsString": true + } + }, + "exclusionTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "VM tags that indicates that VM should not be scanned" + } + } + } + } + } + } + }, + "defenderFoDatabasesAwsOffering": { + "type": "object", + "description": "The Defender for Databases AWS offering", + "x-ms-discriminator-value": "DefenderForDatabasesAws", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "arcAutoProvisioning": { + "type": "object", + "description": "The ARC autoprovisioning configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is arc auto provisioning enabled" + }, + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + }, + "configuration": { + "type": "object", + "description": "Configuration for servers Arc auto provisioning", + "properties": { + "proxy": { + "type": "string", + "description": "Optional http proxy endpoint to use for the Arc agent" + }, + "privateLinkScope": { + "type": "string", + "description": "Optional Arc private link scope resource id to link the Arc agent" + } + } + } + } + }, + "rds": { + "type": "object", + "description": "The RDS configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is RDS protection enabled" + }, + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + } + }, + "databasesDspm": { + "type": "object", + "description": "The databases data security posture management (DSPM) configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is databases data security posture management (DSPM) protection enabled" + }, + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + } + } + } + }, + "informationProtectionAwsOffering": { + "type": "object", + "description": "The information protection for AWS offering", + "x-ms-discriminator-value": "InformationProtectionAws", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "informationProtection": { + "type": "object", + "description": "The native cloud connection configuration", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + } + } + } + }, + "cspmMonitorGcpOffering": { + "type": "object", + "description": "The CSPM monitoring for GCP offering", + "x-ms-discriminator-value": "CspmMonitorGcp", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "nativeCloudConnection": { + "type": "object", + "description": "The native cloud connection configuration", + "properties": { + "workloadIdentityProviderId": { + "type": "string", + "description": "The GCP workload identity provider id for the offering" + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this offering" + } + } + } + } + }, + "defenderForServersGcpOffering": { + "type": "object", + "description": "The Defender for Servers GCP offering configurations", + "x-ms-discriminator-value": "DefenderForServersGcp", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "defenderForServers": { + "type": "object", + "description": "The Defender for servers connection configuration", + "properties": { + "workloadIdentityProviderId": { + "type": "string", + "description": "The workload identity provider id in GCP for this feature" + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this feature" + } + } + }, + "arcAutoProvisioning": { + "type": "object", + "description": "The ARC autoprovisioning configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is arc auto provisioning enabled" + }, + "configuration": { + "type": "object", + "description": "Configuration for servers Arc auto provisioning", + "properties": { + "proxy": { + "type": "string", + "description": "Optional HTTP proxy endpoint to use for the Arc agent" + }, + "privateLinkScope": { + "type": "string", + "description": "Optional Arc private link scope resource id to link the Arc agent" + } + } + } + } + }, + "vaAutoProvisioning": { + "type": "object", + "description": "The Vulnerability Assessment autoprovisioning configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Vulnerability Assessment auto provisioning enabled" + }, + "configuration": { + "type": "object", + "description": "configuration for Vulnerability Assessment autoprovisioning", + "properties": { + "type": { + "type": "string", + "description": "The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'", + "enum": [ + "Qualys", + "TVM" + ], + "x-ms-enum": { + "name": "type", + "modelAsString": true + } + } + } + } + } + }, + "mdeAutoProvisioning": { + "type": "object", + "description": "The Microsoft Defender for Endpoint autoprovisioning configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Microsoft Defender for Endpoint auto provisioning enabled" + }, + "configuration": { + "type": "object", + "description": "configuration for Microsoft Defender for Endpoint autoprovisioning", + "properties": {} + } + } + }, + "subPlan": { + "type": "object", + "description": "configuration for the servers offering subPlan", + "properties": { + "type": { + "type": "string", + "description": "The available sub plans", + "enum": [ + "P1", + "P2" + ], + "x-ms-enum": { + "name": "subPlan", + "modelAsString": true + } + } + } + }, + "vmScanners": { + "type": "object", + "description": "The Microsoft Defender for Server VM scanning configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Microsoft Defender for Server VM scanning enabled" + }, + "configuration": { + "type": "object", + "description": "configuration for Microsoft Defender for Server VM scanning", + "properties": { + "scanningMode": { + "type": "string", + "description": "The scanning mode for the VM scan.", + "enum": [ + "Default" + ], + "x-ms-enum": { + "name": "scanningMode", + "modelAsString": true + } + }, + "exclusionTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "VM tags that indicate that VM should not be scanned" + } + } + } + } + } + } + }, + "defenderForDatabasesGcpOffering": { + "type": "object", + "description": "The Defender for Databases GCP offering configurations", + "x-ms-discriminator-value": "DefenderForDatabasesGcp", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "arcAutoProvisioning": { + "type": "object", + "description": "The ARC autoprovisioning configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is arc auto provisioning enabled" + }, + "configuration": { + "type": "object", + "description": "Configuration for servers Arc auto provisioning", + "properties": { + "proxy": { + "type": "string", + "description": "Optional http proxy endpoint to use for the Arc agent" + }, + "privateLinkScope": { + "type": "string", + "description": "Optional Arc private link scope resource id to link the Arc agent" + } + } + } + } + }, + "defenderForDatabasesArcAutoProvisioning": { + "type": "object", + "description": "The native cloud connection configuration", + "properties": { + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this offering" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The GCP workload identity provider id for this offering" + } + } + } + } + }, + "defenderForContainersGcpOffering": { + "type": "object", + "description": "The containers GCP offering", + "x-ms-discriminator-value": "DefenderForContainersGcp", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "nativeCloudConnection": { + "type": "object", + "description": "The native cloud connection configuration", + "properties": { + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this offering" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The GCP workload identity provider id for this offering" + } + } + }, + "dataPipelineNativeCloudConnection": { + "type": "object", + "description": "The native cloud connection configuration", + "properties": { + "serviceAccountEmailAddress": { + "type": "string", + "description": "The data collection service account email address in GCP for this offering" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The data collection GCP workload identity provider id for this offering" + } + } + }, + "auditLogsAutoProvisioningFlag": { + "type": "boolean", + "description": "Is audit logs data collection enabled" + }, + "defenderAgentAutoProvisioningFlag": { + "type": "boolean", + "description": "Is Microsoft Defender for Cloud Kubernetes agent auto provisioning enabled" + }, + "policyAgentAutoProvisioningFlag": { + "type": "boolean", + "description": "Is Policy Kubernetes agent auto provisioning enabled" + } + } + }, + "cspmMonitorGithubOffering": { + "type": "object", + "description": "The CSPM monitoring for github offering", + "x-ms-discriminator-value": "CspmMonitorGithub", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": {} + }, + "cspmMonitorAzureDevOpsOffering": { + "type": "object", + "description": "The CSPM monitoring for AzureDevOps offering", + "x-ms-discriminator-value": "CspmMonitorAzureDevOps", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": {} + }, + "defenderCspmAwsOffering": { + "type": "object", + "description": "The CSPM P1 for AWS offering", + "x-ms-discriminator-value": "DefenderCspmAws", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "vmScanners": { + "type": "object", + "description": "The Microsoft Defender for Server VM scanning configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Microsoft Defender for Server VM scanning enabled" + }, + "configuration": { + "type": "object", + "description": "configuration for Microsoft Defender for Server VM scanning", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + }, + "scanningMode": { + "type": "string", + "description": "The scanning mode for the VM scan.", + "enum": [ + "Default" + ], + "x-ms-enum": { + "name": "scanningMode", + "modelAsString": true + } + }, + "exclusionTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "VM tags that indicates that VM should not be scanned" + } + } + } + } + }, + "dataSensitivityDiscovery": { + "type": "object", + "description": "The Microsoft Defender Data Sensitivity discovery configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Microsoft Defender Data Sensitivity discovery enabled" + }, + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + } + }, + "databasesDspm": { + "type": "object", + "description": "The databases DSPM configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is databases DSPM protection enabled" + }, + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + } + } + } + }, + "defenderCspmGcpOffering": { + "type": "object", + "description": "The CSPM P1 for GCP offering", + "x-ms-discriminator-value": "DefenderCspmGcp", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": {} + }, + "defenderForDevOpsGithubOffering": { + "type": "object", + "description": "The Defender for DevOps for Github offering", + "x-ms-discriminator-value": "DefenderForDevOpsGithub", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": {} + }, + "defenderForDevOpsAzureDevOpsOffering": { + "type": "object", + "description": "The Defender for DevOps for Azure DevOps offering", + "x-ms-discriminator-value": "DefenderForDevOpsAzureDevOps", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": {} + }, + "cspmMonitorGitLabOffering": { + "type": "object", + "description": "The CSPM (Cloud security posture management) monitoring for gitlab offering", + "x-ms-discriminator-value": "CspmMonitorGitLab", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": {} + }, + "defenderForDevOpsGitLabOffering": { + "type": "object", + "description": "The Defender for DevOps for Gitlab offering", + "x-ms-discriminator-value": "DefenderForDevOpsGitLab", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": {} + } + }, + "parameters": { + "securityConnectorName": { + "name": "securityConnectorName", + "in": "path", + "required": true, + "type": "string", + "description": "The security connector name.", + "x-ms-parameter-location": "method" + }, + "securityConnectorInBody": { + "name": "securityConnector", + "in": "body", + "required": true, + "description": "The security connector resource", + "schema": { + "$ref": "#/definitions/SecurityConnector" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md index 958f99cb23fc..5cdac29e2e6d 100644 --- a/specification/security/resource-manager/readme.md +++ b/specification/security/resource-manager/readme.md @@ -86,6 +86,14 @@ tag: package-composite-v3 The following packages may be composed from multiple api-versions. +### Tag: package-preview-2023-03 + +These settings apply only when `--tag=package-preview-2023-03` is specified on the command line. + +```yaml $(tag) == 'package-preview-2023-03' +input-file: + - Microsoft.Security/preview/2023-03-01-preview/securityConnectors.json +``` ### Tag: package-preview-2023-02 These settings apply only when `--tag=package-preview-2023-02` is specified on the command line. @@ -97,6 +105,7 @@ input-file: - Microsoft.Security/preview/2023-02-01-preview/sqlVulnerabilityAssessmentsScanResultsOperations.json - Microsoft.Security/preview/2023-02-01-preview/healthReports.json ``` + ### Tag: package-preview-2022-11 These settings apply only when `--tag=package-preview-2022-11` is specified on the command line. @@ -324,7 +333,6 @@ input-file: - Microsoft.Security/stable/2022-05-01/settings.json - Microsoft.Security/preview/2021-01-15-preview/ingestionSettings.json - Microsoft.Security/preview/2021-05-01-preview/softwareInventories.json -- Microsoft.Security/preview/2022-08-01-preview/securityConnectors.json - Microsoft.Security/preview/2022-01-01-preview/governanceRules.json - Microsoft.Security/preview/2022-01-01-preview/governanceAssignments.json - Microsoft.Security/preview/2022-07-01-preview/applications.json @@ -333,6 +341,7 @@ input-file: - Microsoft.Security/preview/2023-02-01-preview/sqlVulnerabilityAssessmentsScanOperations.json - Microsoft.Security/preview/2023-02-01-preview/sqlVulnerabilityAssessmentsScanResultsOperations.json - Microsoft.Security/preview/2023-02-01-preview/sqlVulnerabilityAssessmentsBaselineRuleOperations.json +- Microsoft.Security/preview/2023-03-01-preview/securityConnectors.json # Needed when there is more than one input file